Hackers steal 1.8 terabytes of data from PC peripheral vendor Logitech — firm says zero-day vulnerability to blame, no sensitive information stolen

Logitech is one of the biggest PC accessories manufacturers in the world, producing everything from keyboards and mice to audio products, alongside owning independent subsidiaries like Astro and Ultimate Ears. Unfortunately, gaps in cybersecurity can often scale linearly with size, allowing bad actors to exploit any small crevice of unattended IT space. That's what happened with Logitech recently, which has just filed a Form K-8 with the SEC, confirming it was hacked and 1.8 terabytes of data was taken, but that sensitive data wasn't affected.

"[Logitech] recently experienced a cybersecurity incident relating to the exfiltration of data. The cybersecurity incident has not impacted Logitech's products, business operations or manufacturing... Upon detecting the incident, Logitech promptly took steps to investigate and respond to the incident with the assistance of leading external cybersecurity firms... Logitech believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system," the firm said in a filing.

A zero-day vulnerability is an undetected flaw in a security system that devs have had zero days to address because it hadn't been discovered yet. This allows malicious activity to flourish because a fix for it doesn't readily exist. Logitech says a third-party platform was breached, through which the perpetrators gained access to Logitech's internal systems, stealing around 1.8 TB of data that "likely included limited information about employees and consumers and data relating to customers and suppliers."

That 1.8TB figure comes from the Clop extortion gang's website, which recently added Logitech to its growing list of victims, but keep in mind that the company hasn't explicitly named Clop in its SEC filing. Therefore, this is alleged information, but the dots are easy to connect. Even though the nature of the attack was dangerous, Logitech is insistent on the fact that no "sensitive personal information, such as national ID numbers or credit card information, was housed in the impacted IT system. Logitech has since patched the vulnerability as soon as it was discovered.

According to BleepingComputer, Logitech was likely affected by an Oracle zero-day vulnerability, with Clop sweeping the data during the July data-theft attacks that saw ransom emails sent to the infiltrated companies — an example of which is attached above. Clop has had a history of extortion attacks, which include airlines, colleges, and newspapers that all use Oracle's E-Business suite to manage internal operations, from where the bad actors get access to the private data. Logitech has since patched the vulnerability, closing the exploit.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.