back to article MOVEit victim count latest: 2.6K+ orgs hit, 77M+ people's data stolen

Quick show of hands: whose data hasn't been stolen in the mass exploitation of Progress Software's vulnerable MOVEit file transfer application? Anyone? According to security shop Emsisoft, 2,620 organizations and more than 77 million individuals have been impacted to date, with millions in the past week alone have received …

  1. captain veg Silver badge

    What?

    "Quick show of hands: whose data hasn't been stolen in the mass exploitation of Progress Software's vulnerable MOVEit file transfer application?"

    Never heard of it.

    Next?

    -A.

    1. Gordon 10

      Re: What?

      Weird response dude. I can only assume you don't keep up with your professional obligations? You must have been hiding under a rock all year.

      1. captain veg Silver badge

        Re: What?

        Not in the slightest bit weird. I've never heard of it, and you have precisely zero knowledge of my professional obligations. But since you're interested, I'm not in any of the countries or industries mentioned in the report linked from the article. Neither am I professionally responsible for any kind of system administration or data security oversight.

        -A.

        1. Michael Wojcik Silver badge

          Re: What?

          It's great that you could leap into the comments section to celebrate your ignorance, though. We're all better for it.

    2. Missing Semicolon Silver badge

      Re: What?

      You don't have to have heard of it. If any organisation that you have given your PII to was using it, you have probably been compromised.

  2. sitta_europea Silver badge

    Got to hand it to Avast - "Our security sucks, so you should buy more of it."

    Shameless is right.

    1. Michael Wojcik Silver badge

      To be fair, it's more a case of "we bought a product from a company whose security sucks". Avast can't plausibly, and shouldn't try to, create all the software they use internally in-house; that's not their area of expertise, nor a good use of resources.

      Perhaps they should have been more diligent about testing the products they purchased. According to the original report from Progress the vulnerability is a SQL injection; maybe security-conscious customers should have done some penetration and fuzz testing before deploying MOVEit in production. (Some of our customers pen-test some of our products, and more power to 'em.)

      Maybe Avast had MOVEit exposed on the Internet with inadequate (in the sense of "not up to what would generally be considered a best practice") firewalling; that's not clear from the article. Maybe an attacker got in some other way and pivoted to an underprotected MOVEit, and Avast ought to be using ubiquitous authentication ("zero-trust").

      We don't have enough information to determine how much Avast were at fault here.

  3. Doctor Syntax Silver badge

    It might have been cheaper in the long run for organisations to hire a capable sysadmin to write their own scripts to shuffle data around their boxes.

  4. Mr Dogshit

    What is this MOVEit?

    Does it copy stuff from one place to another? If so, wouldn't a dozen lines of VBScript do the trick for the price of $0?

    1. Zippy´s Sausage Factory

      Re: What is this MOVEit?

      It might, but then who would senior management sue if it went wrong, hmm?

    2. captain veg Silver badge

      Re: What is this MOVEit?

      According to Wikipedia, yes. Using FTP. But first it encrypts the files, so that's all right then

      -A.

    3. John Brown (no body) Silver badge

      Re: What is this MOVEit?

      An excellent question. It's not a service I can get my head around. What is the business case for companies transferring data around, especially between parts of their own spread out organisation, that a middle-man can do it better or cheaper? A middle-man for the actual fibres and wires inbetween, but why would anyone need a middle-man to actually send the data for them?

      I'm sure there are people here who will have good reasons for why MoveIt exists and people use their services, so please, do share that info because I'm stumped!

      1. Doctor Syntax Silver badge

        Re: What is this MOVEit?

        "but why would anyone need a middle-man to actually send the data for them?"

        Because manglement have, in their wisdom complete lack of understanding how their businesses work and/or gullibility in the face of salesdroids, hollowed out their organisations to the point where they don't have anyone of their own capable of doing it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like