I got an email supposedly from CCleaner that the MOVEit vulnerability had gained access to ccleaner and my info. They asked me to protect myself by clicking on a link and following instructions. A scam? Has ccleaner had such a problem?
Thx
I got an email supposedly from CCleaner that the MOVEit vulnerability had gained access to ccleaner and my info. They asked me to protect myself by clicking on a link and following instructions. A scam? Has ccleaner had such a problem?
Thx
*EDIT3 Friday 27 Oct 12:40 UCT-
It has now been confirmed that this "MOVEit" email is indeed genuine. and is from CCleaner.
See the post from Gyathri CCleaner below:
<a href="<___base_url___>/topic/65717-moveit-vulnerability/#comment-345112" ipsnoembed="true" rel="">https://community.ccleaner.com/topic/65717-moveit-vulnerability/#comment-345112</a>
I strongly suggest that you use haveIbeenpwned to check if/which of your email addresses have been harvested by the bad guys.
You should abandon (and then delete if you can) any email addresses that haveIbeenpwned says have been compromised in a data breach.
Yes it can be a pain to inform all your contacts of your changed address, but if the address has been compromised then it's better safe than sorry.
<a href="https://haveibeenpwned.com/" ipsnoembed="true" rel="external nofollow" target="_blank">https://haveibeenpwned.com/</a>
If you don't use a password manager then I advise checking your passwords for any breaches too.
Again if you find that any have been collected in a data breach change them and don't use them again.
<a href="https://haveibeenpwned.com/Passwords" ipsnoembed="true" rel="external nofollow" target="_blank">https://haveibeenpwned.com/Passwords</a>
I check all my emails and passwords at least once a month, just in case.
More about the MOVEIt malware that appears to have been involved here, for anyone who wants to know what it is:~
<a href="https://www.malwarebytes.com/blog/news/2023/06/update-now-moveit-transfer-vulnerability-actively-exploited" ipsnoembed="true" rel="external nofollow" target="_blank">https://www.malwarebytes.com/blog/news/2023/06/update-now-moveit-transfer-vulnerability-actively-exploited</a>
I have just checked for you the email address that you used to register with this forum.
haveIbeenpwned says that it has been harvested in 13 seperate data breaches, over the past 10 or so years, so you may want to stop using it.
Check there yourself for more details of the breaches that it has been harvested from.
The email seems to be probably genuine:
https://www.heise.de/news/MOVEit-Sicherheitsluecke-Auch-Kunden-von-CCleaner-betroffen-9345032.html
(Report from a trusted German website.)
Interesting, that is saying that it has been sent by CCleaner because a CCleaner server was compromised by the MOVEit vulnerability.
That is not something that I have heard about.
I still would not trust it until we get clear confimation, or denial, from the CCleaner staff.
We are waiting for a response from them.
Thanks for the info Nukecad. If it is genuine, then I find it disappointing to be let down by Piriform/CCleaner. I've been receiving a lot of unpleasant stuff to my phone via text that only just started in the past couple of months as well as an increase in spam phone calls. It now makes me wonder if this breach is the source.
From the 26-Oct-2023 Cybernews article CCleaner Confirms Data Breach via MOVEit Attack :
Quote<div class="ipsQuote_contents"> <p> We contacted CCleaner, and the company confirmed that it indeed sent out emails to affected individuals. The company told Cybernews that low-risk employee data, as well as some customer data, was impacted...“During continued due diligence, we found some of our customers’ personal information, such as name, email address and phone number, was also impacted,” the company said. CCleaner’s representative said it will offer affected individuals complimentary dark web monitoring services.... </p> </div>
------------
<span style="font-size:11px;">Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3570 * Firefox v119.0.0 * Microsoft Edge v118.0.2088.69 * Microsoft Defender v4.18.23090.2008-1.1.23090.2007 * Malwarebytes Premium v4.6.5.293-1.0.2181 * Macrium Reflect Free v8.0.7690 * CCleaner Free Portable v6.17.10746</span>
Despite us mods asking admins about this we got no feedback at all.
Doesn't inspire people to use CCleaner or the rest of the Piriform software does it.
Thanks @lmacri
I see that according to that Cybernews article I have supposedly had a promotion to Admin ?. I guess it reads better that way.
Even If I did initially give the wrong advice because of a lack of information.
Admin or not; as (unpaid) mods here on the forum we are on the front line of company support; and I for one am pretty irate that we were given no information at all about this breach, or simply a 'heads up' a warning that such emails were going to be sent out.
If we had had such a warning then we could have given the correct information from the start.
As Hazelnut says we have still had no feedback at all from the Piriform staff, and so we are currently relying on second hand information from web articles like the Cybernews one.
Hi Everyone, We’re reaching out to help address some of the questions here. First, we can confirm that the email you received was valid and not a phishing scam. As part of the MOVEit incident, some customer information, such as name, email address and phone number, was impacted. Our systems are secure and operational, and the cause of this was addressed immediately when the MOVEit incident was discovered. While this information is not considered high risk, we take the safety of our customers extremely seriously. The best way to protect yourself is being vigilant against any potential phishing threats using this. Should you have questions related to your personal account, you can always reach out to our support team. You can also find more information about the Progress Software MOVEit vulnerability here.
Perhaps it was leftover from the parent company (GenDigital) when they were caught out with MOVEit ransomware in June
Quote<div class="ipsQuote_contents ipsClearfix" data-gramm="false"> <p> Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock) is a multinational software company that provides cybersecurity software and services. </p> <p> The company owns multiple brands, including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner. Gen Digital said it </p> </div>
https://securityaffairs.com/147739/cyber-crime/gen-digital-moveit-ransomware-attack.html
I have mereged this from a seperate thread to here, so that the replies about these emails are all together and easily found. - Nukecad.
This may sound odd, BUT, I recently received a strange e-mail, supposedly from CCleaner, stating that my personal data had been compromised, and that I was now featured on the dark web.
In order to verify that this was indeed from CCleaner, and not some sort of attempt at a scam, or other fraud, I made enquires via the official CCleaner web site using the form provided.
I duly received a response saying that the message was genuine, and an offer was made of a 6 month free trial of a programme called BreachGuard.
I am still not entirely happy with this situation, nor am I convinced that any of this is genuine.
The responding message originated in Manila, in the Philippines, and as far as I know, CCleaner's offices are in London and the US ?
I have also checked all my current e-mail addresses, via "Have I been pwned". There was no indication that any of my addresses had been compromised.
Has anybody else experienced this situation ?
If so, what action should I take ?
I guess that I am just paranoid about on-line security !
Any advice would be appreciated.
Yes this is genuine.
But you are right to double check if not sure.
(PS. the CCleaner support is based in the Phillipines).
It is good that haveIbeenpwned shows you as clear, but you may want to check again in a week or so. (I check my emails and passwords there at least once a month).
Please see the post above from Gayathri CCleaner.
Thanks for that.
I wonder do you know when the relevant hack took place.
Looking though the various incidents detailed via Google, there seems to be a degree of confusion, as to which hack was responsible for this info being available on the dark web ?
Surely we are not referring to the hack that took place back in 2017 ?
I have only been using CCleaner since earlier this year, so hopefully anything from an earlier time would not be a problem for me ?
I have run all my important passwords through the password pwnd gizmo, and all seems to be OK.
I will take your advice and run checks further down the road.
No, this has nothing to do with the 2017 hack of CCleaner.
This is a new, 2023, 'data breach' (not a 'hack' although that word is often used in the media to cover lots of different things).
This is a new'ish data theft involving the 'MOVEit Transfer' software that is used by many large organisations and companies.
Many of those large organisations and companies were affected by it to a lesser or greater extent.
I've been looking at the timeline and from what I can find so far:
At that time it was thought that only <em>employee</em> data had been taken, and that no <em>customer</em> data had been accessed.
</li>
<li>
More checking has been done and CCleaner is now informing some users, by email, that their data may have been breached/stolen.
</li>
We haven't been told just how many CCleaner users have been sent these emails, or if any more will be sent out.
NOTE that this is not an infection, it is not something that is 'on your machine' at all.
But do run a scan with Windows Security/Windows Defender, or any other antivirus/antimalware app you have, if you want to reassure yourself of that.
What has happened is that some of your details, such as your email address, may have been stolen, and so may now be shared by spammers, scammers, con artists, and other bad guys.
This means that you should be extra careful/wary of any emails that may now be sent to that email address, and should check carefully any that you are not sure about.
TBH you should already always be being careful about all emails that you get anyway.
Using havibeenpwned is a good way to check if you email (or passwords) have been stolen and shared in that way - either from this breach of from one of the many, many, other data breaches that do happen.
It's free to check them at anytime that you want to check, here are the haveIbeenpwned links again:
<a href="https://haveibeenpwned.com/" ipsnoembed="true" rel="external nofollow">https://haveibeenpwned.com/</a>
<a href="https://haveibeenpwned.com/Passwords" ipsnoembed="true" rel="external nofollow">https://haveibeenpwned.com/Passwords</a>
Those who do get an email from CCleaner are being offered Avast BreachGuard for 6 months for free, once set up that will automatically keep checking the web to see if your email etc, turns up on any lists.
Note here also (Avast as you will know is part of the GenDigital company, which also includes CCleaner Norton, Avast, LifeLock, Avira, AVG, ReputationDefender )
I am now fully up to speed on this topic, thanks to blokes who are a tad more knowledgeable about such things than I am.
However, I am even more paranoid, about internet security, than ever.
Is nothing sacred, . . . . . . or secure ?
I may well take up the offer, of BreachGuard for a 6 month free trial.
Just to note that I believe that the free Avast BreachGuard will be on a automatic subscription basis.
If I am right about that then you can think of it as a special '6 month free trial' for those who have been affected - and you will need to cancel the automatic subscription at (or before) 6 months if you don't want to keep it and automatically pay for it.
I have been pwned - 3 different sources. so what do I need to do to get the "free Avast BreachGuard" ??
6 hours ago, CSGalloway said:<div class="ipsQuote_contents ipsClearfix" data-gramm="false"> <p> I have been pwned - 3 different sources. so what do I need to do to get the "free Avast BreachGuard" ?? </p> </div>
The free offer is for those who have had the MOVEit breach email from CCleaner - if that includes you then you will get a further email about getiing/installing the offer.
The free offer is not just for anyone who happens to have been pwned in some other, unrelated, breach.
Note that Avast BreachGuard will not prevent you being pwned in a data breach, nothing you can install on your devices could do that.
What it does is check the web to tell you if your details subsequently appear of a list <strong><em>after</em> </strong>you have been pwned.
In other words it can only tell you after it's already happened.
TBH I don't need something to tell me that,
Data Breaches are a fact of life these days and so I just assume that it has happened to some of my data at sometime, act accordingly, and check havibeenpwned regularly.
You have now checked and found that some of yours has been breached 3 different times now, and no doubt will be again at sometime.
When (not if) you find something of yours has been pwned then you change it or abandon it and move on.
If it's an email address and you can't abandon it, or don't want to, then you be careful about what you recieve there because you know that it has been involved in a breach so some spammer/scammer/con artist may now have got hold of it.