Anti-malware firm Emsisoft accidentally exposes internal DB

Pierluigi Paganini February 10, 2021

Antivirus firm Emsisoft discloses a data breach, a third-party had access to a publicly exposed database containing technical logs.

The anti-malware solutions provider Emsisoft disclosed last week a data breach. The company revealed that a third-party had accessed a publicly exposed database containing technical logs.

The root cause of the incident was a misconfiguration of a database, used in a test environment, that was exposed to the Internet. The company confirmed that the database was accidentally exposed online from January 18, 2021, to February 3, when it was discovered.

The misconfigured system was used to evaluate and benchmark possible solutions for the storage and the management of the log data generated by Emsisoft products and services.

The analysis of the exposed database revealed that the logs stored in the archive contained no personal information, except for 14 customer email addresses of 7 different organizations. The experts pointed out that these 14 customer email addresses were included in scan logs due to detections of malicious emails stored in the users’ email clients.

“Immediately after becoming aware of the breach, we took the affected system offline and started an investigation. We determined that the logged information contained no personal information whatsoever, except for 14 customer email addresses of 7 different organizations.” reads the data breach notification published by the company. “While this number is small, we still believe it is the right thing to inform all our customers about the incident, how exactly it happened, and what we are planning to do in order to prevent similar incidents in the future.”

Emsisoft experts believe that the attack was an automated attack and was not the result of a targeted campaign. 

The company added that one of the databases set up for testing and benchmarking purposes remained accessible to third parties, Emsisoft confirmed that at least one individual accessed this database.

“We have reason to believe that at least one individual accessed some or all of the data contained within that database.” continues the notification.

“The stolen data in question consists of technical logs produced by our endpoint protection software during normal usage, such as update protocols, and generally does not contain any personal information like passwords, password hashes, user account names, billing information, addresses, or anything similar.”

Emsisoft explained that only parts of the affected database were accessed and not the entire database, but it is impossible to determine the specific exposed records.

The company already notified the affected users and implemented additional security measures to prevent similar incidents in the future.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment