BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Security software firm Omniquad reported for data breach

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 12 Oct 2010 23:56:42 -0400
http://www.techeye.net/security/security-software-firm-omniquad-reported-for-data-breach

Security software firm Omniquad has been criticised and reported for a
serious data breach that saw the publication of customer details
online.

The company, which makes anti-malware and firewall software and is the
"NetworkWorld ClearChoice Award winner" for its AntiSpy software, said
a glitch in its helpdesk software resulted in the details of its
customers broadcasted on the net.

Omniquad was keen to point out that the vulnerability was in a
third-party software which Omniquad uses to manage helpdesk calls. The
exploit published customer log-in details online, but Omniquad said
that the information was taken down and the system put offline as soon
as the situation was discovered.

“This is not a case of negligence on our part. We have acted quickly
to fix the situation and notify any customers who may have been put at
risk,” said Daniel Sobstel, managing director of Omniquad. “The
software has been in place for a few years and this is the first time
we have had any kind of problem like this with it.”

While Omniquad may not have been negligent, a security company facing
a problem like this doesn't instil much faith. If one piece of
software has a vulnerability like this, then what potential problems
are hidden within the other software? Security software should make
customers feel more safe, not risk having their details put online.
They're always on about being on the safe side and best practice.

Sobstel tried to reassure customers that the majority of them would be
unaffected. He said that it would take days to exploit the published
data, meaning it was only really a problem for a small number of
people. That will be little comfort to those affected.

Privacy International was strongly condemnatory of the affair. It
reported the company to the Information Commissioner over the
incident, while a spokesperson said: “Security and privacy should be
at the core of everything they do and that includes carrying out
security audits of all third-party software and services they offer.”
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Take CREDANT Technologies short survey on cloud usage and security.
Take the survey: http://www.surveymonkey.com/s/TXDR7WT
Respond by October 12, 2010.
Enter to win a $500(US) Amazon Gift Card.
Previous By Date Next
Previous By Thread Next

Current thread: