FireEye Confirms Details of Two Customers were Exposed

Written by

FireEye has confirmed that business documents related to two separate customers in Israel have been ‘exposed’.

Following the company refuting claims about a compromise of its systems, FireEye said it had addressed the situation with those customers directly and the incident was part of an ongoing investigation.

On Monday, a Pastebin document, which has since been taken down, claimed that access to Mandiant had been achieved and an attacker had been able to extract “top secret document, complete business and personal emails dump, FireEye licenses, private contracts” while Mandiant internal network and client’s data had been compromised and “might be leaked separately”.

A FireEye statement sent to Infosecurity read: “We are aware of reports that a Mandiant employee’s social media accounts and personal laptop have been compromised. We are investigating this situation, and have taken steps to limit further exposure. While our investigation is ongoing, there is currently no evidence that FireEye or Mandiant corporate systems have been compromised.

“Our top priority is ensuring that our customer data is secure.  To date, we have confirmed the exposure of business documents related to two separate customers in Israel, and have addressed this situation with those customers directly.  This in an ongoing investigation, and new or additional information may emerge as we continue looking into this matter.”

In a separate statement sent to Infosecurity, a FireEye spokesperson confirmed that based on information posted online by an ‘anonymous person’ shortly after midnight on Monday morning, the company began an immediate investigation into the matter. In its ongoing investigation “it is too soon to discuss all the findings”, but to date its investigation:

1 - Has found no evidence that our corporate network has been compromised. 

2 - Has found no evidence that our employee’s personal systems were compromised.

3 - Rather - the evidence we have found shows that our employee’s online accounts including Linkedin, Hotmail, and other services were compromised. 

“Thus far, it appears at least two customers were impacted, and we have addressed this situation with each customer directly,” the spokesperson said. “The documents exposed were labeled with these customer names, but did not contain any customer confidential information.

“Our top priority is to make certain that customer data is secure. To that end, and because we were able to investigate and arrive at our preliminary conclusions very quickly, we are confirming our findings through a second level review.”

What’s hot on Infosecurity Magazine?