Site icon The Cybersecurity Daily News

Beware Of Internal Infrastructure Security Breaches, A Recent attack At Softaculous

Softaculous data breaches

About Softaculous

Softaculous is fluent in the end-users’ language. They have made it simple for non-English speaking users to search, install Web Applications, and get the most of Softaculous by making it available to perhaps thousands of people around the world. When it comes to online shopping, trust is a problem for many cultures, especially if they feel the transaction is being conducted in a language they do not completely understand. Our customers may feel safe knowing what they are purchasing, how it will be delivered, and from whom by providing them with a linguistic alternative.

What is a security breach?

Unauthorized access to physical or digital settings, including buildings, servers, computer networks, and more, is considered a security breach. A data breach occurs when personal, private, or confidential information is exposed without authorization. Such situations can result in the loss of priceless goods (data or otherwise). Not all breaches involve evil intent. It is also conceivable for an unauthorised actor to get through a security barrier without succeeding in achieving their objective.

What causes security and data breaches?

There are numerous sources of security and data breach worries, which frequently fall into three main categories:

Humans – All of the actions related to gaining access to and denying access to both physical and digital environments include humans in some capacity. Individuals are one of the key factors in security and data breach, whether through curiosity, individual interests, emotions, or goals.

Systems – A system is a collection of procedures, methods, and equipment used to accomplish a goal. Disparities may be produced throughout the development, implementation, operation, and maintenance of systems, either intentionally or unintentionally, which can result in security or data breaches.

Resources – Security and data breaches are made possible by the misalignment of access and availability of resources for the human and system domains.

Case Study: A recent Internal Infrastructure Security Breach at Softaculous

Recently the Softaculous has informed its users regarding a security breach in its infrastructure and mentioned that none of its customers have been impacted due to this and requested to change their passwords.

Softaculous mentioned the information as:

Salutations,

 We are writing this email to inform you about a security breach in our infrastructure.

 – We have detected an unauthorized access to some of our mirror servers.

 – We have taken immediate steps to move and secure our infrastructure, isolate and protect customer data and engage with third-party experts. While doing so customers experienced some downtime from our websites and servers.

 – None of our customers’ servers were impacted in this incident. Our server software products Softaculous, Virtualizor, and Webuzo v3 are audited regularly by 3rd party auditors and security experts with each new version launched. We have also initiated an additional audit of all our software.

 – These servers hosted the customer’s name, address, license information, and hashed passwords of customer accounts who license our software (with individual salts per user for encryption). No credit card information was stored on these servers.

 – We store the account’s password in an encrypted format with a unique salt per user which would be infeasible for anyone to derive your original password from. Hashed passwords are secure, but we recommend you change your account’s password and will be setting an expiry on existing passwords. When you reset your password, please use a strong and unique password.

 – As an added precautionary measure, we recommend customers take immediate action on their own infrastructure and reset any credentials or authentication details that have been shared with our support team while our security team and third-party experts continue to assess the nature of this issue.

 – API keys of NOC users (if any) that are used to purchase/renew/cancel licenses will be restricted to be accessed by 1 IP only and will expire on 15th August 2022 to avoid any possible license manipulation. You can log in to your NOC account and generate new API keys to continue using the NOC API using API Key based authentication.

 – We have taken several steps to improve the security of our infrastructure and our customer base at large.

 – We apologize and reassure you that the security of our software and infrastructure and our customers’ data is very important and will continue to be a priority for everyone at our company.

 If you have concerns, you are welcome to get in touch with us at support@softaculous.com

Sincerely, The Softaculous Team

Prevention

The best way to prevent Security Breach is through AuthSafe Integration.

AuthSafe is an identity protection platform that provides information about fraudulent login details in your applications. An easy-to-install, fully automated solution that helps to identify the potentially compromised accounts by predictive fraud research, cognitive engine modeling, and using suspicious account activity.

AuthSafe works with financial services, SaaS products, and online digital goods organizations to detect and prevent account takeovers without compromising customer experience. It helps track the location, time, accessed data, and IP address details of the user.  To get started, you need to integrate AuthSafe with your web application.

AuthSafe allows various integrations that include SDKs, API, and JavaScript. To choose the best option and integrate AuthSafe with your web application, refer to the Integration documentation.

How AuthSafe Works

AuthSafe collects data regarding user activities, devices, browsers, and many more. These data and events are evaluated, and signals are generated against it which helps AuthSafe in calculating the risk score for that device. There are various types of signals like Brute Force, Credential Stuffing, Robotic Activity, too many devices, etc.

You can stop security breaches by integrating AuthSafe with your websites. As a result, it will mitigate breaches and shield your company from any losses.

Reference

Exit mobile version