Sophos takes down partner portal after signs of hacking

Sophos believes that hackers might have stolen sensitive user information from its partner portal

Lucian Constantin (IDG News Service)
06 April, 2012 22:27
Comments 1

Security firm Sophos has taken its partner portal offline and will reset every user's password after it found signs of a potential security breach on the server hosting it.

"Two unauthorized programs were found on the server, and our preliminary investigations indicate that these were designed to allow unauthorized remote access to information," Sophos said in a security alert posted on its website.

The company's staff found the unauthorized applications during a routine security check on April 3, and the potentially compromised server was immediately taken offline for further investigation, the company said.

Sophos could not establish if the data stored in the website's database, which includes partners' names and business addresses, email addresses, contact details, and hashed passwords, had been stolen. However, it decided to proceed under the assumption that it had.

The website will be restored after the security audit is completed and the problem is remediated. However, all user passwords will be forcibly reset as an additional precaution.

The company advised its partners to also change their passwords on other websites where they might have used them, and to be on alert for potential phishing emails that claim to originate from Sophos.

It's relatively common for attackers responsible for breaches that result in stolen email addresses to exploit the known business relationship between the affected users and the victim organization through phishing, in an attempt to extract more information.

In situations where the affected organizations are security firms like Sophos, such phishing attacks can have a high rate of success, because of the inherent trust that exists between users and their security vendors.

"We realize that the site's downtime and the forced password resets may be an overreaction and are sorry for the disruption this will cause, but we would rather cause some inconvenience at this stage than delay as we wait for further information," the company said.

Only the older partner portal, located at https://gpp.partners.sophos.com, has been affected by this security incident, Sophos said. Partners that have already moved to its new Salesforce.com-based portal don't have to worry about the password resets or downtime.

Comments

visit them now

Sun 03/06/2012 - 18:26

You made some really good points there. I
checked on the web for additional information about the issue and found most people will go
along with your views on this website.

Comments are now closed.

Share
Share this article1
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Latest Stories

Community Comments

"Suggesting that people's "purpose is to get information to flow through the ..."

Why change management doesn’t work
"Darn those pesky laws that get in the way of commercial exploitation ..."

Larry Page wants to see your medical records
"Instead of partitioning the device between corporate and personal data, another approach ..."

Dual-Persona Smartphones Not a BYOD Panacea
"Well that's a nice back-handed compliment isn't it? So now, finally, my ..."

After two-year hiatus, EFF accepts bitcoin donations again
"Actually, both Mobile App developers and CIOs should be blamed for it. ..."

CIOs struggle to deliver timely mobile business apps: survey

Latest Blog Posts

Whitepapers

Getting Real About Security Management and Big Data – A Roadmap for Big Data in Security Analytics
It’s an exciting yet daunting time to be a security professional. Security threats are becoming more aggressive and voracious. This whitepaper examines the escalating complexity for the security management environment; how to get more meaning from data already collected and the combination of infrastructure, analytic tools and threat intelligence need to drive business value from Big Data. Download now.

Learn more »
The Power of Cloud
Although cloud is widely recognized as a technology game changer, its potential for driving business innovation remains virtually untapped. To take advantage of cloud’s potential to transform internal operations, customer relationships and industry value chains, organisations need to determine how best to employ cloud-enabled business models that promote sustainable competitive advantage. Learn more about driving business model innovation.

Learn more »
How Web Security Improves Productivity and Compliance
In this white paper, we will look at how secure web gateways, one type of information security technology, can provide benefits to many departments within any business or government agency. Download now.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
FTQuality ManagerSA
FTTechnical Business AnalystNSW
FTFlash / ActionScript Developer - ContractNSW
FTOS Web Applications DeveloperNSW
FTR&D EngineerSA
FTSenior Python DeveloperNSW
FT.NET - Sitecore Developer - Melbourne - PermNSW
FTLead Software EngineerSA

Zones

Featured Whitepapers

In Control at Layer 2: A Tectonic Shift in Network Security

Network hacking and corporate espionage are on the rise and set to intensify. Information security risks remain commonplace, and most organisations need to increase vigilance. This paper has analyses the ...

Recent comments

"Suggesting that people's "purpose is to get information to flow through the ..."
Why change management doesn’t work
"Darn those pesky laws that get in the way of commercial exploitation ..."
Larry Page wants to see your medical records
"Instead of partitioning the device between corporate and personal data, another approach ..."
Dual-Persona Smartphones Not a BYOD Panacea
"Well that's a nice back-handed compliment isn't it? So now, finally, my ..."
After two-year hiatus, EFF accepts bitcoin donations again
"Actually, both Mobile App developers and CIOs should be blamed for it. ..."
CIOs struggle to deliver timely mobile business apps: survey

Follow CIO

Market Place

Now out of the office never means out of the loop. Office 365 – your complete office in the cloud.

Switch on The Symantec Business Critical Virtualisation Content Zone

Deploying mobility worthwhile challenge hear what CIOs have to say.. Read more

Australian Breakfast Road Show: Enabling Proactive Security for Tomorrow's Business Trends

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

Sophos takes down partner portal after signs of hacking

Recommended

Saving Google Maps destinations for easy navigation

Think Tank: Managing the talent pool

Think Tank: Better IT governance

Comments

visit them now

Homeless multinationals and taxing decisions

IT sourcing: in or out?

Avoiding your cloud vendor’s success trap

10 Tips for Dealing with a Bully Boss

5 open source help desk apps to watch

How to define the scope of a project

PMBOK vs PRINCE2 vs Agile project management

Think Tank: Tips for IT strategic planning success

Opinion: Why national e-health is not for everyone

Dual-Persona Smartphones Not a BYOD Panacea

Larry Page wants to see your medical records

eBay bids on big data challenge

Big Data Gold Isn't Always Where You Would Expect It

Symantec Business Critical Virtualisation Content Zone

BlackBerry Enterprise Service 10 Zone

HP Tech Connect Resource Centre

In Control at Layer 2: A Tectonic Shift in Network Security

Enable Flexible Working

NetApp FAS6240 Clustered SAN Champion of Champions

Best Practices for ERP Implementation

Legal Compliance in Electronic Record Keeping