The world renowned security firm Sophos has revealed that its Partner Portal has been temporarily taken offline after a couple of “unauthorized programs” were found on the server. It’s believed that the malicious elements were designed to allow hackers to gain remote access to information.
The security breach was discovered on April 3 and as soon as the hack tools were identified, the partner logins were suspended, but only for those who haven’t moved to the new SFDC portal.
An investigation is ongoing, but initial analysis of the incident reveals that the server’s database includes partner names, email addresses, business addresses, contact information and hashed passwords.
It’s uncertain if the data was accessed by the individuals who breached the server, but the company considers that it must assume the worst.
“When the Partner Portal comes back online, you will find that your password has been reset as a precautionary step, just in case it fell into the wrong hands,” reads the statement issued by the company.
“You should, of course, ensure that you never use the same password on different websites - and if you did use your old Partner Portal password on other sites, we would advise that you change the login credentials on those sites to something unique.”
If the email addresses were stolen, they may be used by the cybercriminals to launch phishing expeditions that are cleverly designed to appear as originating from Sophos. This is why it’s crucial that the organization’s partners keep an eye out for any suspicious notifications that carry links or, even worse, attachments.
Hopefully, it will turn out that no data was accessed by the hackers who placed the remote access tools, but until things are clarified, it’s best for Sophos partners to act with caution and apply the security practices recommended by the firm.