Cyberhaven, a data loss prevention company, faced a cyberattack on Christmas Eve targeting their Google Chrome extension. This attack, believed to be part of a larger campaign, compromised sensitive customer data like passwords. The breach occurred when an employee unwittingly shared their credentials after falling for a phishing email, granting the attacker access to Cyberhaven’s systems. The malicious version of the Chrome extension affected only version 24.10.4 and was active for a specific timeframe.
CEO Howard Ting highlighted the swift response of Cyberhaven’s security team in detecting and removing the compromise promptly. While certain user data like cookies and authenticated sessions for specific websites might have been exposed, other systems remained secure. Users are advised to update their extensions to version 24.10.5 or later, review logs for any suspicious activity, and rotate passwords as a precaution.
Cyberhaven has taken steps to enhance security measures and is collaborating with law enforcement to prevent similar attacks in the future. Stay tuned for further updates on cybersecurity measures and keep your online credentials secure with reliable tools like password managers.