Layered Technologies Database Breach May Affect 6,000
Technorati Tag: Security Breach
Date Reported:
9/19/07
Organization:
Layered Technologies
Contractor/Consultant:
None
Victims:
Layered Technologies customers
Number Affected:
6,000
Types of Data:
Name, address, phone number, email address, and server login details.
Breach Description:
On the evening of September 17th, malicious activity was discovered that may have resulted in unauthorized access to the Layered Technologies support database, exposing confidential information pertaining to clients dating back two years.
Reference URL:
http://ltstatus.com/index.php/2007/09/18/important-information-from-layered-technologies/
http://www.theregister.co.uk/2007/09/19/layered_technologies_breach_disclosure/
Report Credit:
Miguel Richards, Layered Technologies
Response:
From the official Layered Technologies response and another online resource outlined above:
"Layered Technologies is from time to time subject to attempts to illegally extract information from its databases"
[Comfyllama] With more than 25,000 different customer configurations* I would think it would be more often than "from time to time"
*According to the Layered Technologies "About Us" page
"The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, email addresses and server login details for 5 to 6,000 of our clients."
"The Monday evening breach was executed by attacking an off-the-shelf application integrated into the company's support desk that manages help tickets submitted by customers, according to Layered Technologies President Todd Abrams."
"Layered Technologies responded immediately to this specific incident by conducting a comprehensive security audit of internal processes and procedures"
""Based on the log entries I'd say it's very unlikely they took a copy of the database," Abrams said. "It's not like a two-second download." He said the company wanted to err on the side of caution by asking all customers to change all passwords."
"Due to the significant amount of uncertainty in determining which accounts may have been impacted, Layered Technologies felt that it was in your best interest to take the precautionary steps of reaching out to you and all clients regarding this issue."
"In addition, we are asking all of our clients to change the login credentials for all host details they have submitted in the past 2 years."
[Comfyllama] Two years!? Is this because it is customary to ask customers for user names and passwords during support calls? If so, this is a support "no no".
"Payment details are stored in a separate system, so credit card credentials were not exposed unless a customer had opened a help ticket and included them in it, according to Abrams.
[Comfyllama] Segmentation of data is a very good standard practice. Good job by Layered Technologies.
"Any LT customers needing assistance with resetting passwords should contact our technical support team via our ticketing system"
[Comfyllama] The same ticketing system that was just breached?
Commentary:
Nowhere in the letter to customers was there an apology or acknowledgement that Layered Technologies did anything wrong, i.e. not patching software (there are rumors that this breach was a result of an unpatched Cerberus installation). Overall, customer reactions on the "Layered Tech Status" site are positive. Layered Technologies has some very loyal customers. One customer mentions:
"Thank you for the swift and clear notification.
Will you please consider changing your support procedure so that your support employees do not ask for my root password in response to every ticket filed?
If the rumors are true and this breach was a result of a vulnerability in an unpatched Cerberus installation, then this breach should stress the importance of regular auditing and patching."
Past Breaches:
Unknown
Date Reported:
9/19/07Organization:
Layered Technologies
Contractor/Consultant:
None
Victims:
Layered Technologies customers
Number Affected:
6,000
Types of Data:
Name, address, phone number, email address, and server login details.
Breach Description:
On the evening of September 17th, malicious activity was discovered that may have resulted in unauthorized access to the Layered Technologies support database, exposing confidential information pertaining to clients dating back two years.
Reference URL:
http://ltstatus.com/index.php/2007/09/18/important-information-from-layered-technologies/
http://www.theregister.co.uk/2007/09/19/layered_technologies_breach_disclosure/
Report Credit:
Miguel Richards, Layered Technologies
Response:
From the official Layered Technologies response and another online resource outlined above:
"Layered Technologies is from time to time subject to attempts to illegally extract information from its databases"
[Comfyllama] With more than 25,000 different customer configurations* I would think it would be more often than "from time to time"
*According to the Layered Technologies "About Us" page
"The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, email addresses and server login details for 5 to 6,000 of our clients."
"The Monday evening breach was executed by attacking an off-the-shelf application integrated into the company's support desk that manages help tickets submitted by customers, according to Layered Technologies President Todd Abrams."
"Layered Technologies responded immediately to this specific incident by conducting a comprehensive security audit of internal processes and procedures"
""Based on the log entries I'd say it's very unlikely they took a copy of the database," Abrams said. "It's not like a two-second download." He said the company wanted to err on the side of caution by asking all customers to change all passwords."
"Due to the significant amount of uncertainty in determining which accounts may have been impacted, Layered Technologies felt that it was in your best interest to take the precautionary steps of reaching out to you and all clients regarding this issue."
"In addition, we are asking all of our clients to change the login credentials for all host details they have submitted in the past 2 years."
[Comfyllama] Two years!? Is this because it is customary to ask customers for user names and passwords during support calls? If so, this is a support "no no".
"Payment details are stored in a separate system, so credit card credentials were not exposed unless a customer had opened a help ticket and included them in it, according to Abrams.
[Comfyllama] Segmentation of data is a very good standard practice. Good job by Layered Technologies.
"Any LT customers needing assistance with resetting passwords should contact our technical support team via our ticketing system"
[Comfyllama] The same ticketing system that was just breached?
Commentary:
Nowhere in the letter to customers was there an apology or acknowledgement that Layered Technologies did anything wrong, i.e. not patching software (there are rumors that this breach was a result of an unpatched Cerberus installation). Overall, customer reactions on the "Layered Tech Status" site are positive. Layered Technologies has some very loyal customers. One customer mentions:
"Thank you for the swift and clear notification.
Will you please consider changing your support procedure so that your support employees do not ask for my root password in response to every ticket filed?
If the rumors are true and this breach was a result of a vulnerability in an unpatched Cerberus installation, then this breach should stress the importance of regular auditing and patching."
Past Breaches:
Unknown
Posts Atom 1.0
Comments