Sophos shutters partner portal after hack attack

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2012/04/05/sophos_partner_site_infected/

By Iain Thomson in San Francisco
The Register
5th April 2012

Sophos has shut down its portal for partners after finding two software 
packages on its servers designed to allow access to them – and possibly 
to user data stored there, as well.

The security software firm posted a statement on the portal explaining 
that it had spotted suspicious behavior on some of its servers this 
Tuesday. An investigation revealed two dodgy applications, which a 
preliminary examination suggests are designed to harvest login 
information. Sophos shut the portal down, just to be on the safe side.

"We don't believe anything was stolen, but are proceeding with an 
abundance of caution," Chet Wisniewski, senior security advisor at 
Sophos told The Register. "It will remain offline while we are 
completing our investigation. We will bring it back online once we are 
sure it is safe to do so."

Sophos says that the system stored partners' names and business 
addresses, email addresses, contact details, and hashed passwords, and 
that only its old portal, and not the latest SFDC, system was breached. 
When it's back up and running (which, given the Holy Week holiday, is 
unlikely to be before next week) users will be asked to reset passwords 
as a precaution.

[...]

_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org