Popular optimization tool CCleaner has confirmed its services have been hit by a data breach, seemingly caused by the MOVEit data theft fiasco.
Its parent compan Gen Digital sent an email to its customers warning that threat actors exploited the MOVEit flaw to steal sensitive data from CCleaner, TechCrunch reported.
In the email, the company said the hackers took people’s names, contact information, and information about the products they had purchased. The company’s spokesperson, Jess Monney, added that phone numbers, email addresses, and billing addresses were stolen as well, which is plenty of data to run identity theft or phishing attacks.
Thousands of victims
When asked about the number of users affected, Monney allegedly avoided a direct answer, instead saying that less than two percent of users were affected. Even Gen Digital doesn’t say how many users pay for the CCleaner program, instead only saying it has 65 million paid customers across its cybersecurity portfolio.
Cl0p, the threat actor behind the attack, is apparently yet to list CCleaner on its data leak site.
The MOVEit managed file transfer fiasco was uncovered in May 2023, when the alleged Russia-tied group exploited a vulnerability to access data belonging to thousands of businesses using the program.
While at first it was thought that some 120 businesses were affected, newer estimates claim more than 2,000 victims, with more than 65 million people having their data stolen. Cl0p is now in the process of analyzing and indexing the data, and demanding payment in exchange for keeping the data private.
Some analysts believe Cl0p can make millions on this hack without too much work for the hackers.
The news means parent company Gen Digital now has two brands that were affected by MOVEit issues after Norton LifeLock, which disclosed falling victim to Cl0p in mid-August 2023.
CCleaner is a utility software used to clean unwanted and invalid files from a Windows computer. It’s considered one of the oldest utility software out there, as it launched almost two decades ago.