Cyberhaven confirmed to TechCrunch the cyberattack, indicating hackers compromised a company account to deploy a malicious update to its Chrome extension, impacting customer security.
The email detailed the nature of the breach, revealing that sensitive information like authenticated sessions and cookies could be exfiltrated to the attacker's domain.
Cyberhaven removed the compromised extension version (24.10.4) from the Chrome Web Store after detecting the incident, releasing a legitimate version (24.10.5) shortly thereafter.
Despite having around 400,000 corporate users, Cyberhaven did not disclose how many customers were affected by the breach, highlighting the challenge of communicating with clients post-incident.
Collection
[
|
...
]