Remote desktop software maker AnyDesk revealed Friday that it suffered a cyber attack that led to the compromise of its production systems.
The German company said the incident, discovered following a security audit, was not a ransomware attack and that it had informed the relevant authorities.
“We have revoked all safety-related certificates and systems have been fixed or replaced where necessary,” the company said in a statement. “We will soon revoke the previous code signing certificate for our binaries and have already started replacing it with a new one.”
Out of an abundance of caution, AnyDesk has also revoked all passwords to its web portal, my.anydesk[.]com and encourages users to change their passwords if the same passwords have been reused on other online services.
Users are also advised to download the latest version of the software, which comes with a new code signing certificate.
AnyDesk did not disclose when and how its production systems were breached. It is currently unknown whether any information was stolen as a result of the hack. However, he stressed that there is no evidence that end-user systems have been affected.
Earlier this week, Günter Born of BornCity revealed that AnyDesk had been under maintenance since January 29th. The issue was resolved on February 1st. Previously, on January 24, the company also warned users of “intermittent timeouts” and “service degradation” with its Customer Portal.
AnyDesk boasts over 170,000 customers, including Amedes, AutoForm Engineering, LG Electronics, Samsung Electronics, Spidercam and Thales.
The disclosure comes a day after Cloudflare said it was hacked by a suspected domestic attacker who used stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documents and a limited amount of code source.