Popular optimization tool CCleaner has confirmed that its services have been affected by a data breach, apparently caused by the data theft fiasco MOVEit.
Parent company Gen Digital sent an email to its customers warning that threat actors were exploiting the MOVEit flaw to steal sensitive data from CCleaner. TechCrunch reported.
In the email, the company said the hackers stole people’s names, contact details and information about the products they had purchased. Company spokesperson Jess Monney added that phone numbers, email addresses and billing addresses were also stolen, which is enough data to carry out identity theft or phishing attacks.
Thousands of victims
When asked about the number of users affected, Monney reportedly avoided a direct answer, instead saying that less than two percent of users were affected. Even Gen Digital doesn’t say how many users pay for the CCleaner program, saying only that it has 65 million paying customers in its cybersecurity portfolio.
Cl0p, the threat actor behind the attack, has apparently yet to mention CCleaner on its data breach site.
The MOVEit-operated file transfer fiasco was discovered in May 2023, when the alleged Russia-linked group exploited a vulnerability to access data from thousands of companies using the program.
While it was initially thought that around 120 companies were affected, newer estimates report more than 2,000 victims, with the data of more than 65 million people stolen. Cl0p is now analyzing and indexing the data and demanding payment in exchange for keeping the data private.
Some analysts believe that Cl0p can make millions from this hack without too much work for the hackers.
The news means that parent company Gen Digital now has two brands affected by MOVEit issues after Norton LifeLock, which announced in mid-August 2023 that it had fallen victim to Cl0p.
CCleaner is a utility used to remove unwanted and invalid files from Windows computer. It is considered one of the oldest tools out there as it was launched almost twenty years ago.