CCleaner Reports That Hackers Took Users’ Personal Data in the MOVEit Mass Hack

The company behind the popular optimization app CCleaner has stated that hackers stole a significant amount of personal information from its paying customers after a data breach in May.

CCleaner Reports That Hackers Took Users' Personal Data in the MOVEit Mass Hack
CCleaner Reports That Hackers Took Users’ Personal Data in the MOVEit Mass Hack

In an email sent to customers, Gen Digital, the multinational software company that owns CCleaner, Avast, NortonLifeLock, and Avira brands, revealed that the hackers exploited a vulnerability in the widely used MOVEit file transfer tool. This tool is employed by numerous organizations, including CCleaner, to transfer large sets of sensitive data online.

CCleaner Reports That Hackers Took Users’ Personal Data in the MOVEit Mass Hack

The email informed customers that the hackers obtained names, contact details, and information regarding the purchased products.

Gen Digital spokesperson Jess Monney confirmed that customer phone numbers, email addresses, and billing addresses were impacted by the breach. Monney mentioned that less than 2% of users were affected but refrained from specifying the exact number of affected users.

Millions of people worldwide use CCleaner. Gen Digital hasn’t disclosed the exact number of paid CCleaner users but claims to have approximately 65 million paid customers across its cybersecurity portfolio, including CCleaner.

It’s unclear why CCleaner took several months to inform affected customers about the incident.

Unprecedented MOVEit File Transfer Tool Hacking: A Clop Ransomware Epidemic

The mass hacking of MOVEit file transfer tools started in May and quickly became the year’s largest hack in terms of the number of victims. An unprecedented vulnerability allowed the notorious Clop ransomware to steal sensitive data from thousands of organizations using these internet-connected systems. Researchers monitoring the mass hacks report that over 2,500 organizations have confirmed MOVEit-related data breaches since May, affecting at least 66 million individuals, although the actual number of affected people is likely much higher.

Clop has not yet added CCleaner to its dark web leak site, which ransomware gangs use to force companies into paying a ransom by publishing stolen files if the hackers’ demands aren’t met.

An earlier listing for Norton LifeLock, another Gen Digital brand, appeared on August 14. A Gen Digital spokesperson stated that the incident only affected the personal information of its employees and contractors, assuring that no customer or partner data got exposed.

In 2017, hackers compromised CCleaner by implanting malware in the software to spy on over two million users. The toolmaker revealed that the hackers specifically targeted prominent tech companies and telecom giants.

Check These Out


Please enter your comment!
Please enter your name here