Skip to content ↓ | Skip to navigation ↓

German automaker Citroen is the latest company to disclose they were the victim of a data breach after detecting unauthorized access on one of their website servers and the presence of a backdoor agent that may have led to the compromise of sensitive information, including customer data.

Brian Krebs of KrebsOnSecurity had last year connected the epic Adobe breach to the compromise of multiple consumer data brokers, including LexisNexis, Dun & Bradstreet, Kroll Background America, the National White Collar Crime Center and PR Newswire in 2013 – and now the investigation of the Citroen breach indicates the same attackers may be responsible.

During his investigation into the identity theft ring behind the breaches, Krebs discovered a bounty of stolen source code for Adobe’s ColdFusion Web application platform, and possibly also for its Acrobat products, and also found customer usernames and encrypted passwords for PR Newswire.

In October of last year, Adobe officials confirmed that the company was the victim of a long term network breach which exposed consumer data including passwords and credit card information, as well as exposing the source code for some of their leading products like ColdFusion, the web application platform. The attackers are thought to have conducted a methodical scan the internet for targets using ColdFusion.

“The exploitation was targeted across the entire internet looking specifically for ColdFusion exploits,” said Alex Holden, CIO for Hold Security. “To explain the backdoor simply, it provides full command line and SQL database access with the rights of the user running the web services, which usually means everything on the web server.”

Citroen’s website was managed by web design company anyMotion, who indicated they had removed the backdoor agent and are currently looking for other instances of malicious code on the affected servers, which may have contained customer financial information as well.

“We are examining the machines for known backdoors and unwanted software that someone may have installed on the machine,” said anyMotion’s Heinz Brasch.

Read More Here…