Priya PatelAnyDesk, a remote desktop software provider, recently acknowledged that it was the victim of a cyberattack that compromised its production systems. The breach resulted in the compromise of source code and private code signing keys. AnyDesk has taken steps to address the breach, including launching a security audit and hiring cybersecurity firm CrowdStrike to assist with the response. The company has revoked security-related certificates, replaced or remedied impacted systems, and assured users that there is still no proof that the breach compromises end-user devices.
However, as a precaution, AnyDesk is recommending that users change their passwords, particularly if they are used on other platforms. The company is also revoking all web portal passwords. AnyDesk has already started to replace compromised code signing certificates in order to increase security. It is encouraging all users to switch to the latest version of the program.
In response to the breach, AnyDesk has emphasized that session authentication tokens cannot be stolen, as they only exist on the end user’s device and are associated with the device fingerprint. The company has implemented additional security measures, such as replacing compromised code signing certificates, to further protect user information.
To protect against the potential consequences of compromised personal data, such as identity theft and financial fraud, users are advised to have reliable cybersecurity protection. AnyDesk has also recommended that users update their passwords on other platforms as a precaution. Additionally, users are encouraged to check if their data has been exposed in a leak or is available on the dark web, and to secure their social media accounts.
