The British information security company Sophos has notified its clients of a breach of the security of information storage on its servers. The problem was caused by incorrect database access settings and has already been exhausted.
In a letter sent to the customer base, the recipients were told that when saving the data, the mechanism used by the tech support service incorrectly assigned access permissions. As a result, the level of protection of such information as the client’s name and surname, email address, phone number turned out to be lower than it should be.
A configuration error was identified by a third-party researcher and was immediately fixed. The number of records that have been disclosed, according to Sophos, is small. Currently, the company’s specialists are working to improve the security of the current permitting system.
It should be noted that this is the second cybersecurity incident that Sophos has encountered this year. In the spring, the cyber security developer had to urgently release a patch for a zero-day vulnerability in the XG firewalls. By the time the patch was released, the attackers had already discovered a new loophole and were trying to use it to inject malware into corporate networks.