Security

Sophos breach: Customer data exposed due to permission access flaw

Sophos has acknowledged the breach by sending email notifications to targeted customers.

With data breaches happening every day, in the latest, we have news that Sophos, a cybersecurity giant based in the UK has suffered a security breach resulting in the data of some of its customers being exposed. This data includes full names, email addresses, and contact numbers.

How Sophos came to know of the incident was on November 24th, 2020 when the company received a report from a researcher informing them that the tool being used to store the information of those who contacted Sophos’ support may have a problem with its access permission settings.

See: Sensitive data of cyber security firm & other businesses leaked online

Upon investigating, Sophos fixed the issue and gave out a statement that a small portion of their users had their data leaked with the rest being secure. 



Here’s what the company said:

The data leaked isn’t of much use to attackers since it is non-sensitive info except that it could be potentially used as an aid in social engineering attacks. Furthermore, potential harassers could use the phone numbers revealed to stalk people – a remote but true possibility.



To conclude, this is a great example of a company taking the security of its users seriously by immediately patching the flaw at hand. However, it is worth mentioning that in the past Sophos has been breached various times as well.

As an example, in May earlier this year, a flaw in one of its owned companies resulted in more than 100,000 user devices being exposed. This understandably calls for them to start stepping up the resources they dedicate to penetration testing.

You Might Also Like