Anydesk, a popular remote desktop software provider based in Germany, has confirmed it was the target of a cyberattack during a four-day outage in late January.
The company published a public statement regarding indications of an incident on some of AnyDesk’s systems, and afterwards conducted a security audit and found evidence of compromised production systems. The attack is believed to have happened in late January, and some users are still using compromised credentials.
As a precautionary measure, the company recommended that all customers change their passwords if the same credentials were used elsewhere.
Meanwhile, the latest official updates from the company report that all versions of its tool obtained from “official sources” are safe to use following the incident. The cyberattack affected servers in Spain and Portugal but nowhere else, AnyDesk said.
Customer credentials from 18,000 users were leaked and published for sale on the Dark Web. “This data is ideal for technical support scams and mailing (phishing),” the seller wrote to Resecurity and asked for $15,000 in cryptocurrency for the data.
AnyDesk said it discovered the breach during a security audit, has revoked passwords for all users on my.anydesk.com, and is urging users to change similar reused passwords on other platforms.
According to recent media reports, AnyDesk was targeted by attackers believed to have stolen source code and code signing certificates.The leaked information contains the usernames, passwords, number of active connections, session duration, and associated email addresses.
This data could be used for targeted phishing attacks, account takeovers, and even malware distribution. And this could give attackers valuable insights into their online activity and make them a prime target.
Cybersecurity News advises customers to take the following actions:
- Immediately update the AnyDesk password, and avoid using the same password across multiple accounts.
- Enhance security by enabling Multi-Factor Authentication (MFA) for AnyDesk account, requiring an additional code from another device for login.
- Explore the use of AnyDesk’s whitelist feature to limit access to trusted individuals or devices.
AnyDesk’s software is used by millions of IT professionals to remotely connect to their clients’ devices to perform tasks such as troubleshooting technical issues. Among its 170,000 customers are NVIDIA, Samsung, LG Electronics, Thales, and Comcast. Founded in 2014, AnyDesk is one of the leading remote desktop software providers worldwide and one of the fastest-growing companies in Germany, with more than 200 employees and 9 offices in different countries.
