April 6, IDG News Service – (International) Sophos takes down partner portal after signs of hacking. Security firm Sophos has taken its partner portal offline and will reset every user’s password after it found signs of a potential security breach on the server hosting it during a routine security check April 3. “Two unauthorized programs were found on the server, and our preliminary investigations indicate that these were designed to allow unauthorized remote access to information,” Sophos said in a security alert posted on its Web site. Sophos could not establish if the data stored in the Web site’s database — which includes partners’ names and business addresses, e-mail addresses, contact details, and hashed passwords — had been stolen. However, it decided to proceed under the assumption that it had. The Web site will be restored after the security audit is completed and the problem is remediated. The company advised its partners to also change their passwords on other Web sites where they might have used them, and to be on alert for potential phishing e-mails that claim to originate from Sophos. - 15 -
