What we don't know
We don't know SINCE WHEN Anydesk was compromised. We don't know if the criminals have been able to set up a MITM attack to slurp data that has been transmitted during Anydesk remote session, but as stated in an email that I have received from Anydesk, they say that "yes, MITM has been attempted. [...] While attacks like this have been attempted before, this was the first time that an attacker was partially successful."
So, we basically don't know since when (days, months?) our Anydesk sessions could have been sniffed and sensitive data gathered from them.
This is very very bad, and I suggest that you revoke credentials that may have been exposed through Anydesk remote sessions. Also, of course, stop using Anydesk until it will be made clear what happened.
Anydesk is currently being very silent, too silent, about what happened and WHEN. I really hope, as a paying customer, that they will provide more information and not more smoke and lies.
Meanwhile I have installed a personal copy of Rustdesk (open source, not the closed one) on my own server. But I'm not so confident in them, too. It seems their attitude about security is sloppy.
The stolen code signing key from Philandro software GMBH (the "old" anydesk key) has been used to sign malware already, and the sign date seems to be November 9, 2023. So not exactly yesterday. Since when was Anydesk breached, so?
PS: public statement has been updated : https://anydesk.com/en/public-statement and there is also a FAQ now: https://anydesk.com/en/faq-incident
PPS: looking at their compliance and security page, I believe that something did not work as expected: https://anydesk.com/en/compliance