news 
Cyberhaven Confirms Hack, Warns of Password Theft and Session Token Exposure
In a stunning revelation, data-loss prevention startup Cyberhaven has confirmed that its Chrome extension was compromised by hackers who published a malicious update that put users’ passwords and session tokens at risk.
The company’s statement comes after an investigation revealed that the attackers took advantage of a security vulnerability to push out the tainted update. This move allowed them to gain unauthorized access to sensitive user information, which could have been used for nefarious purposes such as identity theft or data breaches.
As part of its response, Cyberhaven has initiated a comprehensive review of its internal security practices and is working with external experts to implement additional safeguards. The company also stated that it is actively cooperating with federal law enforcement agencies to uncover the culprits behind this incident.
The affected extension reportedly had tens of thousands of users, which significantly amplifies the potential damage caused by this breach. It’s essential for these users to take immediate action to secure their accounts and change passwords as soon as possible.
Security experts have begun analyzing the situation, suggesting that this attack is part of a larger campaign targeting Chrome extensions across various companies. This could be catastrophic news for the entire extension ecosystem, considering the sheer scale of the potential impact.
Cyberhaven’s CTO, Jaime Blasco, shared his insights on the matter, stating that several other Chrome extensions were compromised as well, including some with significant user bases. The motive behind these attacks is still unclear at this point.
“We are working to identify and mitigate any further risks associated with this incident,” Cyberhaven emphasized in its statement.
It’s crucial for users of affected extensions to take proactive steps in securing their accounts and ensuring the integrity of their personal data.
Source: techcrunch.com
