AnyDesk Hack: Thousands of Credentials Stolen, Sold on Dark Web
AnyDesk, a popular remote desktop software, has fallen victim to a cyber-attack. Thousands of customer credentials are now being sold on the dark web. The company has advised users to change their passwords and enable multi-factor authentication (MFA) as a precaution.
The breach occurred when adversaries gained access to AnyDesk's production systems following a cyber-attack. They managed to steal source code, private code signing keys, and security certificates. This allowed them to compromise the web portal and steal user credentials.
AnyDesk responded by revoking and changing all security-related certificates and web portal passwords. They also activated a remediation plan with cyber security experts CrowdStrike. The company's maintenance period from January 29 to February 1 made it impossible for users to log in to the portal, likely to prevent further unauthorized access.
The stolen credentials began appearing on the dark web two days after AnyDesk's public statement about the breach. The threat actor, known as 'luxus1', offered them on Exploit[.]in in February 2023. Resecurity has advised customers to monitor their account activity and use whitelisting to prevent further compromise.
AnyDesk's production systems were compromised, leading to the theft of thousands of customer credentials. While the hack was not related to ransomware and no end-user device affect was found, users are advised to take precautions to protect their accounts. AnyDesk continues to work with cyber security experts to mitigate the impact of the breach.
