Last week, AnyDesk confirmed it was breached in a cyber-attack that wasn’t a ransomware incident. The hackers compromised the remote desktop-sharing software provider’s production systems. They could also access the source code and private code signing keys, according to Bleeping Computer.

AnyDesk said it discovered the breach during a security audit, has revoked passwords for all users on my.anydesk.com, and is urging users to change similar reused passwords on other platforms.

The action indicates hackers successfully getting their hands on sensitive information. However, it is unclear how easily they can crack it open since AnyDesk said their “systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end-user devices.”

The necessity of the mitigation effort by revoking passwords is evident from cybersecurity company Resecurity discovering 18,317 AnyDesk customer credentials going up on sale on dark web forum exploit dot in. “This data is ideal for technical support scams and mailing (phishing),” the seller wrote to Resecurity and asked for $15,000 in cryptocurrency for the data.

The breach could also potentially expose AnyDesk customers’ license keys, number of active connections, duration of sessions, customer ID and contact information, email associated with the account, and the total number of hosts that have remote access management software activated.

“By targeting code signing certificates, it’s likely that attackers were attempting to perform a one-to-many attack – i.e. using AnyDesk as a conduit to infect their customers and partners. Code signing certificates are very powerful machine identities – if a piece of software is signed with a valid identity of this kind, then it tells other machines it can be trusted, so an attacker can send out malware which automatically runs as safe. It essentially gives the bad guys a key to walk through the front door,” Kevin Bocek, VP of Ecosystem and Community at Venafi, told Spiceworks.  Read On: