Serious data breach on AnyDesk: what happened and what to do

Serious data breach on AnyDesk: what happened and what to do

On Friday February 3, 2024the developers of AnyDesk they announced a serious data breach of the software.

The flaw, identified during a security audit, was resolved thanks to the intervention of the security company CrowdStrikepromptly intervened to resolve the situation.

As part of the procedures, the security certificates linked to the app were revoked and the system that regulates the correct functioning of the software was restored. As reported by Bleeping Computerin any case, apparently, already there version 8.0.8 of AnyDesk (released on January 29) would be protected against potential cyber attacks.

The official announcement reads as “Certificates are typically not revoked unless they have been compromised, such as if they are stolen in an attack or made publicly available“.

AnyDesk data breach: valuable advice from developers

The developers then focused on how the platform used to manage the app is designed not to store password, security token or other sensitive content relating to AnyDesk users.

In any case, to protect users, the official note states “As a precautionary measure, we have revoked all passwords for our web portal,“. As a necessary form of prevention, they still recommend manually changing the passwords relating to the app and users’ digital services.

Despite being a solid software and with developers who take care of its operation in detail, AnyDesk is by its very nature the object of attention from cybercriminals. Through this type of app, in fact, it is possible to send data to a command and control server from a computer previously infected by a malware. In this sense, the app has often been abused for attacks ransomware and other operations related to cybercrime.

AnyDesk is an app launched in 2015, capable of providing platform-independent remote access to PCs and other devices, offering remote control, file transfer and typical features VPN.

Leave a Reply

Your email address will not be published. Required fields are marked *