- Christmas Eve attack affects Cyberhaven Chrome extension
- Some data could have been extracted, Cyberhaven systems are safe
- Users are prompted to change their passwords
Cyberhaven has confirmed that its Google Chrome extension was subject to a cyberattack on Christmas Eve, which exposed sensitive customer data such as passwords and session tokens.
In a statement, the data loss prevention company said the attack showed signs of being part of a “broader campaign” also targeting other companies.
The attack started like many others: an employee fell for a phishing email and shared their credentials, giving the threat actor access to Cyberhaven systems.
Cyberhaven shares details of Christmas Eve attack
More specifically, the attacker obtained the worker’s Google Chrome Web Store credentials, allowing him to publish a malicious version of his Chrome extension to the marketplace. Only version 24.10.4 was affected on Chrome-based browsers that updated automatically; The code was active between 1:32 am UTC on December 25 and 2:50 am UTC on December 26.
CEO Howard Ting said the company’s security team detected the compromise at 11:54 pm UTC on Christmas Day; it was deleted within an hour, noting, “I’m proud of how quickly our team, with virtually everyone in the company, reacted.” interrupt their vacation plans to serve our customers and act with the transparency that is fundamental to our company values.”
No other Cyberhaven systems, such as CI/CD processes and code signing keys, were compromised; however, user cookies and authenticated sessions for certain specific websites may have been leaked.
Users are now advised to maintain basic internet hygiene principles, such as ensuring their extensions are up-to-date (in this case, version 24.10.5 or later), reviewing logs for suspicious activity, and revoking or rotating all extensions. passwords that are not available. t FIDOv2.
The company has already implemented additional security measures to prevent future similar attacks and is actively cooperating with authorities.
