Security News > 2021 > March > Qualys Confirms Unauthorized Access to Data via Accellion Hack

Qualys Confirms Unauthorized Access to Data via Accellion Hack
2021-03-04 11:19

Initially, the website would list data exfiltrated during ransomware attacks, but as of late it has been flooded with data stolen from various organizations that were relying on the Accellion FTA file transfer software.

"The exploited vulnerabilities were of critical severity because they were subject to exploitation via unauthenticated remote code execution," Accellion noted in a report detailing Mandiant's investigation into the incident.

Following the publishing of its data on Clop's leaks website, Qualys confirmed impact from the Accellion FTA incident, saying that it resulted in "Unauthorized access to files hosted on the Accellion FTA server."

The company also notes that the unauthorized access was limited to the FTA server and that the incident had no "Impact on the Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform."

The Accellion FTA server, the company explains, was deployed in a segregated DMZ environment, separated from the production customer data environment.

"We immediately notified the limited number of customers impacted by this unauthorized access," Qualys says, without providing additional information on the compromised data or the number of affected customers.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/XzvwjVogRbM/qualys-confirms-unauthorized-access-data-accellion-hack

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Accellion 7 0 22 16 4 42
Qualys 5 0 7 3 0 10