Data breach occurs in remote desktop software 'AnyDesk', manufacturer recommends changing password

On February 2, 2024, AnyDesk announced that its production system had been compromised. At the time of the announcement, the issue had already been addressed, and there were no confirmed cases of end-user devices being affected.

AnyDesk Incident Response 2-2-2024

AnyDesk says hackers breached its production servers, reset passwords

According to AnyDesk, when they conducted a security audit after receiving indications that an incident had occurred on some of their systems, they discovered evidence that their production systems had been compromised. As a result, AnyDesk immediately initiated and successfully completed a remediation and response plan provided by cybersecurity firm CrowdStrike. AnyDesk said it had 'notified the relevant authorities and is working closely with them,' adding that ransomware was not involved in this incident.

According to the announcement, all security-related certificates have been revoked by AnyDesk, the system has been repaired or modified as necessary, and the binary's previous code-signing certificate will also be revoked soon, with the new certificate already in place. It is said that they are starting to replace the .

AnyDesk has not shared detailed information about the compromised data, but technology media Bleeping Computer reports that 'AnyDesk version 8.0.8, released on January 29, 2024, before the official announcement, has a new certificate. 'Certificates are typically not revoked unless they are compromised, such as by being stolen in an attack or made publicly available.' It mentions that related data may have been compromised.

At the time of publication, AnyDesk was told that no evidence had been found that end-user devices were affected, and AnyDesk confirmed that it was using a new code signing certificate and that it was using the latest version. We asked users to check ``.

AnyDesk prefaces this by saying that its systems are designed not to store private keys, security tokens, or passwords, and says, ``As a precautionary measure, we have revoked all passwords for our web portal,'' 'I made it happen,' he announced. We encourage users to change their passwords if they use them elsewhere.

in Software,   Security, Posted by log1p_kr