- Cyberhaven Chrome extension compromised due to Christmas Eve attack
- Some information may have been leaked, Cyberhaven system is safe
- Users are informed to change their password
Cyberhaven has confirmed its Google Chrome extension was the subject of a Christmas Eve cyberattack that exposed sensitive customer data such as passwords and session tokens.
in a statementThe data loss prevention company said there were signs the attack was part of a “wider campaign” targeting other companies.
This attack started like many others – an employee fell into a phishing email and shared their credentials, giving the threat actor access to Cyberhaven’s systems.
Cyberhaven shares details of Christmas Eve attack
More specifically, the attacker obtained the worker’s Google Chrome Web Store credentials, allowing them to release malicious versions of their Chrome extensions to the market. Chrome-based versions only 24.10.4 are affected Browser Automatically updated; this code is valid from December 25th at 1:32am UTC to December 26th at 2:50am UTC.
CEO Howard Ting said the company’s security team discovered the flaw at 11:54 p.m. on Christmas Day and removed it within an hour, noting: “I’m proud of the speed of our team’s response, and almost everyone in the company Everyone has responded by interrupting their vacation plans to serve our customers and acting with the transparency that is core to our company values.
No other Cyberhaven systems (such as CI/CD processes and code signing keys) were compromised, but user cookies and authenticated sessions for some targeted sites may have been compromised.
Users are now advised to practice basic cyber hygiene, such as making sure their extensions are up to date (in this case, version 24.10.5 or higher), checking logs for suspicious activity, and revoking or rotating any unupdated extensions password.
The company has implemented additional security measures to prevent similar attacks in the future and is actively cooperating with law enforcement.