The incredibly popular maintenance and optimization tool for Windows, CCleaner, recently confirmed a data breach that exposed loads of user data on its paid customers. The breach was reportedly caused by the MOVEit hack back in May.
CCleaner parent company Gen Digital, is busy sending out emails to customers warning that bad actors who took advantage of the massive MOVEit flaw earlier this year retrieved tons of information on its users. Unfortunately, we’re not sure how many are affected, but it sounds like a pretty big mess.
While this isn’t the first time CCleaner has been hacked, it’s not good news as the company confirmed paid customer names, contact phone numbers, billing addresses, and more were attained. According to TechCrunch, Gen Digital wouldn’t disclose how many users are part of the breach, but a spokesperson clarified that “less than 2%” of its nearly 65 million cybersecurity customers were affected.
Still, CCleaner is by far one of the most popular tools around, with millions of users, which doesn’t bode well for the average PC owner. The MOVEit file transfer tool hack is one of the biggest of 2023, which happened back in May, so we’re not sure why CCleaner is only just now getting around to notifying its user base.
The group behind the attacks, Clop (Cl0p), hasn’t said much regarding CCleaner, nor listed it on its dark web leak page. So, while the hacking group hasn’t confirmed this information, Gen Digital did. For now, the company is offering affected users six months free of the BreachGuard dark web monitoring software. Then, CCleaner will reach out with additional details and steps in the coming days.
If you’re wondering what you should do when involved in a data breach, there’s not much, as the data is already out there. Still, we recommend following web best practices, reset passwords, and be vigilant.