Cyberhaven, a cybersecurity company, revealed that its Chrome extension, with over 400,000 users, was targeted in a cyberattack on Christmas Eve 2024. The attack was part of a larger campaign affecting multiple Chrome extension developers.
CEO Howard Ting shared details of the incident in a transparency report, explaining the breach and the company’s response.
The attack happened when attackers used phishing to steal an employee’s Google Chrome Web Store credentials.
The attackers used the stolen credentials to deploy a malicious version (24.10.4) of Cyberhaven’s Chrome extension.
The company’s security team identified the breach at 11:54 PM UTC on December 25 and removed the malicious package within 60 minutes.
The impact was limited to users who had auto-updates between 1:32 AM UTC on December 25 and 2:50 AM UTC on December 26.
The malicious code exposed cookies and sessions for some targeted sites, mainly social media and AI platforms.
Cyberhaven confirmed that no other systems, including CI/CD processes or code signing keys, were affected.
Cyberhaven took quick action:
- Notified affected customers by 10:09 AM UTC on December 26
- Removed the compromised extension from the Chrome Web Store
- Released and deployed a secure version (24.10.5)
- Hired an external firm for forensic analysis
- Notified federal law enforcement
Cyberhaven advised customers who used version 24.10.4 during the affected period to update to version 24.10.5 or newer, rotate all non-FIDOv2 passwords, and monitor logs for suspicious activity.
CEO Howard Ting emphasized Cyberhaven’s commitment to transparency and maintaining customer trust. This incident highlights the growing complexity of cyber threats and the need for quick responses, even during holidays.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment