This attack occurred in 2015.
I saw it first at The Hacker News. Mohit Kumar, Founder and Editor-in-Chief had the scoop and his analysis hit the nail on the head: "The Data breach in BitDefender is incredibly embarrassing for the security firm, not because the company failed to prevent its customers data from hackers, but because the Security company failed to encrypt its customers’ most sensitive data."
You would really expect Infosec people like BitDefender to apply common security principles to their own website and not get caught with their pants down in a SQL injection hack which then exposes unencrypted customer passwords. OUCH.
Thing is, in the AV industry, BitDefender is known as one of the best AV engines out there, if not the best. They always score very high on the quarterly industry tests at Virus bulletin. The Romanian security company admitted its system was breached and said that the attack on its system didn’t penetrate the server, but a security hole "potentially enabled exposure of a few user accounts and passwords". "The issue was immediately resolved, and additional security measures have been put in place to prevent its reoccurrence," the company’s spokesperson said in a statement. "Our investigation revealed no other server or services were impacted."
Bitdefenders' Marius Buterchi confirmed the hacked accounts, and said the company was “Aware of the issue and have reset the passwords for the customers who’s credentials have been made public.” He added “They are actively investigating how these passwords were made public.”
Hacker Demands Ransom Money....