Hackers compromised an employee of the data-protection company Cyberhaven and used the worker’s access to potentially steal sensitive information from the firm’s users, the company said in a statement distributed to customers and reviewed by Reuters. The hackers pushed a compromised version of Cyberhaven’s Chrome browser extension to the company’s users early on Wednesday, the statement said. The company urged affected customers to reset passwords and review their logs for malicious activity. It was not immediately clear when Cyberhaven distributed the statement. The California-based company, which lists major law firms and tech companies among its customers, did not immediately respond to a request seeking comment.
Cyberhaven was not the only organization hit by the hackers, according to Jaime Blasco, cofounder of Austin, Texas-based Nudge Security.
Blasco said by examining details of the hack shared by Cyberhaven, he discovered several other Chrome extensions that had been subverted using similar code.
Browser extensions are typically used by internet users to customize their web-browsing experiences, for example by automatically applying coupons to shopping websites. In Cyberhaven’s case, the Chrome extension was used to help the company monitor and secure client data flowing across web-based applications.
Blasco said the other affected extensions included ones related to artificial intelligence and virtual private networks. He said that suggested an opportunistic effort to vacuum up sensitive data using as many compromised extensions as possible.
“I’m almost certain this is not targeted to Cyberhaven,” Blasco said. “If I had to guess, this was just random.”
Source: CNA
