Just days after AnyDesk announced a breach of its systems, cybersecurity researchers say multiple threat actors are selling stolen AnyDesk credentials on the dark web and surface web. In a separate and somewhat similar incident, a threat actor is offering sensitive data belonging to Binance users on the dark web after the crypto company left its passwords and other data exposed on GitHub for months.
According to cybersecurity firm Resecurity, one listing advertised a trove of 18,00 credentials belonging to AnyDesk customers. The threat actor who posted the listing told Resecurity researchers that the “data is ideal for technical support scams and mailing (phishing).”
“By gaining access to the AnyDesk portal, bad threat actors could learn meaningful details about the customers – including but not limited to the used license key, number of active connections, duration of sessions, customer ID and contact information, email associated with the account, and the total number of hosts with remote access management software activated, along with their online or offline status and IDs,” Resecurity said in its report.
AnyDesk Credentials Were Harvested Using Malware
On Friday, AnyDesk Software GmbH., known for its remote desktop software, announced that a security audit shows its production systems have been compromised. While the company insists that the hacker didn’t steal any data and that users’ devices are unaffected, it recommends that users change their passwords.
It’s unlikely that the hoard of stolen AnyDesk credentials on sale on the dark web came from this breach. Resecurity said the data is “believed to have been obtained via infostealer infections.”
In its report, Resecurity warned that the stolen credentials could “serve as a gateway” to a historic attack like the SolarWinds incident in 2019.
Binance Denies Data Leak
A screenshot circulating on X (formerly Twitter) shows a threat actor advertising Binance users’ data, including names, phone numbers, and countries, on a dark web forum. However, Binance said its security team has found no evidence that its systems have been breached, putting the authenticity of the data on sale in question.
“Our security team has assessed this – as they do all potential threats – and have confirmed there is no such leak from Binance systems. User accounts remains safe,” Binance’s Customer Support wrote on X. “Accounts are secured through many defenses, including MFA, biometrics, authenticators, etc.”
Just days prior, on Jan. 31, 404 Media reported that Binance’s sensitive code, internal passwords, and technical information were left exposed on a public GitHub repository for several months. However, a Binance spokesperson said the data is unrelated to its current production.
How to Protect Your Accounts
AnyDesk urged all customers to change their passwords, especially if the same credentials were used elsewhere. This is important because “Dark Web actors have expressed a strong and growing interest in AnyDesk customer credentials,” Resecurity noted.
Resecurity’s interactions with the threat actor revealed that “the majority of exposed AnyDesk accounts listed on the Dark Web didn’t have 2FA [two-factor authentication] enabled.”
Resecurity advised AnyDesk customers to contact the company for further details on the potential impact and emphasized the importance of using multi-factor authentication (MFA) and other security measures like unexpected password and MFA change monitoring, suspicious session monitoring, and vigilance against emails falsely referencing AnyDesk account information.
Resecurity also highlighted the effectiveness of AnyDesk’s whitelist feature, which allows users to specify trusted AnyDesk IDs, enhancing security by limiting connections to whitelisted IDs only.
For more news, follow us on X (Twitter), Threads, and Mastodon!
