On February 2, 2024, AnyDesk confirmed that it was the victim of a cyberattack that gave unauthorized users access to its production systems. According to BleepingComputer, the breach was discovered following signs of an issue on its servers and resulted in the compromise of source code and private code signing keys.

Although AnyDesk did not reveal any specifics about data theft, BleepingComputer reported that source code and code signing certificates were among the items taken during the attack.

About the Breach & AnyDesk’s Response

AnyDesk has 170,000 customers, including organizations such as 7-Eleven, Comcast, Samsung, MIT, NVIDIA, SIEMENS, and the UN. The company quickly launched a security audit after learning about the compromise and hired cybersecurity firm CrowdStrike to carry out a thorough response plan.

AnyDesk has revoked security-related certificates and replaced or remedied impacted systems as part of its reaction procedures. It has also assured users that there is still no proof that the breach compromises end-user devices.

In a public statement, AnyDesk said, “We can confirm that the situation is under control and it is safe to use AnyDesk. Please ensure that you are using the latest version, with the new code signing certificate.”

Despite AnyDesk’s claim that no authentication tokens were taken, the company is recommending users change their passwords, especially if they are used on other platforms, and is revoking all web portal passwords out of caution.

Responding to questions about the attack, AnyDesk explained, “AnyDesk is designed in a way which session authentication tokens cannot be stolen. They only exist on the end user’s device and are associated with the device fingerprint. These tokens never touch our systems.”

AnyDesk has already started to replace the compromised code signing certificates in order to increase security even more. This update is reflected in AnyDesk 8.0.8, which was released on January 29.

It is highly advised that all AnyDesk users switch to the latest version of the program due to the possible risk. Users are urged to update their passwords on other platforms as a precaution, too.

Protecting Your Identity and Personal Info

Compromised personal data can have serious consequences, including identity theft, financial fraud, and job losses. The best thing you can do is a) have reliable cybersecurity protection, and b) ensure you will find out ASAP in the event of being affected. We would encourage readers to head over to ID Protection, which has been designed to meet these challenges.

With ID Protection, you can:

1. Check to see if your data (email, number, password, credit card) has been exposed in a leak, or is up for grabs on the dark web;
2. Secure your social media accounts with our Social Media Account Monitoring tool, with which you’ll receive a personalized report;
3. Create the strongest, tough-to-hack passwords (they’ll be safely stored in your vault);
4. Enjoy a safer browsing experience, as Trend Micro checks websites and prevents trackers.
5. Receive comprehensive remediation and insurance services, with 24/7 support.

Offering both free and paid services, ID Protection will ensure you have the best safeguards in place, with 24/7 support available to you through one of the world’s leading cybersecurity companies. Trend Micro is trusted by 8 of the top 10 Fortune 500 companies — and we’ll have your back, too.

Why not give it a go today? As always, we hope this article has been an interesting and/or useful read. If so, please SHARE it with family and friends to help keep the online community secure and informed — and consider leaving a like or comment below.