A Closer Look at Cyberhaven’s Recent Chrome Extension Breach
In a surprising turn of events, data-loss prevention startup Cyberhaven found itself grappling with a security breach. Hackers managed to sneak a malicious update into the company’s Chrome extension, raising concerns about customer data security. Let’s delve into what happened and how it affects Cyberhaven’s users.
According to an email sent to customers, the breach was part of a suspected supply-chain attack. Hackers compromised a company account, allowing them to publish an update capable of pilfering passwords and session tokens. This incident was confirmed to TechCrunch by Cyberhaven, though specifics remain under wraps.
- The breach occurred on December 25, when hackers published a malicious update to the Chrome extension.
- Impacted users were warned that sensitive information could be exfiltrated to the attacker’s domain.
- The malicious extension (version 24.10.4) was swiftly removed and replaced with a secure version (24.10.5).
“We detected the compromise in the afternoon and responded promptly,” said Cameron Coles, Cyberhaven’s spokesperson.
{Cyberhaven Spokesperson}
Cyberhaven’s user base includes about 400,000 corporate customers, with notable clients like Motorola, Reddit, and Snowflake. The company advised affected users to revoke and rotate all credentials, including API tokens, and review logs for any signs of malicious activity.
The breach underscores the risk of stolen session tokens and cookies, which can allow hackers to bypass security measures without needing passwords or two-factor authentication codes.
“It seems this campaign targeted extension developers opportunistically,” shared Jaime Blasco, CTO of Nudge Security.
{Jaime Blasco}
Cyberhaven is taking significant steps to bolster its security framework by launching a comprehensive review of its practices and hiring Mandiant for incident response. The company is also cooperating with federal law enforcement to address the breach.
As these developments unfold, it’s clear that this incident may be part of a larger campaign targeting Chrome extension developers across various industries. While it remains unclear who orchestrated these attacks, this serves as a stark reminder of the importance of robust security measures in today’s digital landscape.
In conclusion, Cyberhaven’s swift response and ongoing efforts to enhance security signal their commitment to safeguarding customer data. For now, affected users should adhere to the company’s recommendations and remain vigilant against potential threats. Stay tuned as more details emerge in this unfolding story.
