Cyber Incident Victim: Cerberus

Cerberus, an Android anti-theft application provider, initiated a password reset for 96,564 user accounts following a confirmed data breach discovered by its Security Team. Suspicious activity targeting Cerberus servers was detected and blocked during the company's investigation, which determined unauthorized parties accessed a legacy log file containing authentication credentials. This file stored usernames and SHA-1 hashed passwords from login attempts occurring between March 1 and March 21, 2014, with each password protected by multiple unique salts prior to hashing. Forensic analysis confirmed the attackers exfiltrated these credential sets but found no evidence of access to emails, device information, or other personal data stored within user accounts. Only three compromised accounts showed confirmed unauthorized access by threat actors. Cerberus notified all affected users via email, clarifying that while their accounts showed no signs of direct compromise, the exposure necessitated precautionary measures due to the credential theft.

In response, Cerberus immediately disabled the legacy logging mechanism responsible for the exposed credentials and permanently deleted the compromised log file. The company mandated password resets for all 96,564 impacted accounts and advised users employing identical credentials across multiple services to change those passwords as well. Cerberus announced plans to transition from SHA-1 hashing to the bcrypt encryption algorithm for enhanced password security. Internal reviews found no indication that stolen data had been disseminated publicly following the breach. The organization collaborated with law enforcement agencies throughout the investigation and maintained transparency regarding the incident's scope through direct customer communications.