Optimization app CCleaner confirmed hackers stole heaps of personal user data in a breach back in May, affecting 2% of its paid customers. Hackers compromised names, phone numbers and email addresses, billing addresses, and purchase histories.
CCleaner’s parent company, Gen Digital, which also owns Avast, Avira, and Norton LifeLock, sent an email to customers
explaining that hackers took advantage of a vulnerability in the MOVEit tool. CCleaner uses this file transfer software to move files containing sensitive info. The company didn’t explain why it took months to disclose the breach and notify the affected users.
While Gen Digital didn’t disclose the exact number of affected CCleaner users, the company claims that a combined 65 million paid customers rely on its services
, which includes millions of CCleaner users. Judging by these numbers, the 2% of CCleaner users affected translates into a pretty significant number.
As a reference, the MOVEit breach affected over 2,500 organizations and 66 million individuals. The exact number is reportedly far higher. Analysis has shown that US-based organizations are most affected
, accounting for 77.8% of known victims, followed by Canada with 14.2%, Germany with 1.4%, and the UK with 0.8%.
The notorious ransomware gang Cl0p took responsibility for the mass-hacking incident and published the stolen data to a dark “data leak site” known as “CL0P^_- LEAKS.” This type of ransomware has been around since 2019, possibly linked to FIN11, a cybercrime group connected to Russia and Ukraine, believed to be part of a massive cybercrime network known as TA505.
This is not the first time that Gen Digital’s data has fallen into the wrong hands. On August 14, the company admitted that the MOVEit incident affected its subsidiary Norton LifeLock. More precisely, hackers stole its employees’ personal information. In 2017, CCleaner suffered a data breach by malware planted in its software, affecting two million of its users. Hackers focused on tech and telecom giants during this attack.
Research has shown that 2023 is a record year for data breaches
, with the MOVEit incident topping the chart by number of victims affected. While it’s hard to calculate the exact cost, researchers found that the approximate financial damage of the MOVEit data breach is $11,083,859,985. CCleaner hasn’t disclosed the financial impact of the breach on its budget.