5 February 2024

AnyDesk revokes passwords and certs after security breach


AnyDesk revokes passwords and certs after security breach

German remote desktop software maker AnyDesk disclosed a security breach that impacted its production systems.

AnyDesk said in a press release that the incident is not related to ransomware.

Following the incident, the company revoked all security-related certificates and systems have been remediated or replaced where necessary. It is also working to replace the previous code-signing certificate for its binaries.

“Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices. As a precaution, we are revoking all passwords to our web portal, my.anydesk.com, and we recommend that users change their passwords if the same credentials are used elsewhere,” the company said, adding that it has no evidence that any end-user devices have been affected.

While the company didn’t mention whether data was stolen in the incident, BleepingComputer reported that the intruders made off with source code and code-signing certificates.

When asked about the hack, AnyDesk said its software is designed in a way that session authentication tokens cannot be stolen. They only exist on the end user's device and are associated with the device’s fingerprint.

“These tokens never touch our systems,” AnyDesk said. “We have no indication of session hijacking as to our knowledge this is not possible.”

Back to the list

Latest Posts

Cyber Security Week in Review: July 19, 2024

Cyber Security Week in Review: July 19, 2024

In brief: Global IT outage hits multiple companies, Chinese APT41 continues hacking spree, two LockBit affiliates plead guilty, and more.
19 July 2024
WazirX crypto exchange confirms security breach following $230M theft

WazirX crypto exchange confirms security breach following $230M theft

The breach involved one of WazirX’s multisig wallets.
18 July 2024
Global crackdown on West African cybercrime leads to hundreds of arrests

Global crackdown on West African cybercrime leads to hundreds of arrests

The operation has resulted in the arrest of nearly 300 individuals and the identification of over 400 additional suspects.
18 July 2024