Cyber Incident Victim: LSDroid

In March 2014, Cerberus, an Android anti-theft application provider, detected and blocked suspicious activity on its servers during a security investigation. The company identified unauthorized access to a legacy log file containing usernames and SHA-1 hashed passwords from user login activity recorded between March 1 and March 21, 2014. Attackers extracted this data but did not compromise other personal information such as email addresses or device details. Cerberus confirmed the breach impacted 96,564 user accounts, with forensic analysis revealing only three accounts were actively accessed by the threat actors. The company notified affected users via email, stating there was no evidence of broader account compromise beyond the stolen credentials. Password security measures at the time involved multiple unique salting iterations of SHA-1 encryption, though the exposure still posed risks for users employing identical credentials across multiple services.

Cerberus initiated immediate containment by disabling the legacy logging mechanism responsible for the data exposure and permanently deleting the compromised log file. The company reset passwords for all affected accounts as a precautionary measure and advised users to update credentials on any platforms where they reused Cerberus passwords. As a long-term security enhancement, Cerberus announced plans to transition from SHA-1 to bcrypt encryption for password storage. Internal investigations found no indication that stolen data had been publicly disseminated, but the company collaborated with law enforcement agencies to monitor potential misuse. No system outages or operational disruptions occurred beyond the credential reset process, and the breach was confined to authentication data without compromise of anti-theft functionality or device-linked information stored within user accounts.