AnyDesk acknowledges the breach, implements security measures

AnyDesk acknowledges the breach, implements security measures

On February 2, 2024, AnyDesk confirmed that it was the victim of a cyber attack that gave unauthorized users access to its production systems. According to BleepingComputer, the breach was discovered after signs of a problem on its servers and resulted in the compromise of source code and private code signing keys.

Although AnyDesk did not disclose any specifics about the data theft, BleepingComputer reported that source code and code signing certificates were among the items taken during the attack.

About the breach and AnyDesk’s response

AnyDesk has 170,000 customers, including organizations such as 7-Eleven, Comcast, Samsung, MIT, NVIDIA, SIEMENS and the UN. The company quickly launched a security audit after learning of the compromise and hired cybersecurity firm CrowdStrike to conduct a comprehensive response plan.

AnyDesk has revoked security-related certificates and replaced or patched affected systems as part of its response procedures. It has also assured users that there is no evidence yet that the breach compromises end-user devices.

In a public statement, AnyDesk said, “We can confirm that the situation is under control and it is safe to use AnyDesk. Make sure you’re using the latest version, with the new code signing certificate.”

Despite AnyDesk’s claim that no authentication tokens were received, the company is recommending users to change their passwords, especially if they are used on other platforms, and is revoking all web portal passwords without caution.

Responding to questions about the attack, AnyDesk explained, “AnyDesk is designed in a way that session authentication tokens cannot be stolen. They exist only on the end user’s device and are associated with the device’s fingerprint. These tokens do not never touch our systems.”

AnyDesk has already started replacing compromised code signing certificates to increase security even more. This update is reflected in AnyDesk 8.0.8, which was released on January 29.

It is highly recommended that all AnyDesk users upgrade to the latest version of the program due to the potential risk. Users are also asked to update their passwords on other platforms as a precaution.

Protection of your identity and personal information

Compromised personal data can have serious consequences, including identity theft, financial fraud and lost jobs. The best thing you can do is a) have reliable cyber security protections, and b) make sure you find out as soon as you touch it. We would encourage readers to turn to ID Protection, which is designed to meet these challenges.

ID protection
ID Protection Home Page

with ID protectionYou can:

  1. check out to see if your data (email, number, password, credit card) has been leaked or is available on the dark web;
  2. secure your social media accounts with our social media account monitoring tool, with which you will receive a personalized report;
  3. Create stronger, hard-to-hack passwords (they will be stored safely in your vault);
  4. Enjoy a safer browsing experience, as Trend Micro checks websites and prevents trackers.
  5. Get comprehensive rehabilitation and insurance services, with 24/7 support.
ID protection features

Offering both free and paid services, ID Protection will ensure you have the best safeguards in place, with 24/7 support available to you through one of the world’s leading cyber security companies. Trend Micro is trusted by 8 of the top 10 Fortune 500 companies — and we’ll have your support, too.

Why not release it today? As always, we hope this article has been an interesting and/or useful read. If yes, please Share it with family and friends to help keep the online community safe and informed — and consider leaving a like or comment below.

Leave a Comment

Your email address will not be published. Required fields are marked *