On Monday, September 18, Piriform from Avast revealed that two versions of its CCleaner free software had been “compromised” by outside sources. The problem was reportedly “quickly” resolved, and the developer believes that no customers were affected.
However, Piriform still encouraged its users to update from these older builds and to newer ones. The affected software were revealed to be CCleaner’s v5.33.6162 and also its Cloud v1.07.3191 for Windows 32-bit.
The Two CCleaner Versions, the Only Two Affected, and Quite Unused As Well?
In its notification of the problem, Piriform informs that, at least to the company’s knowledge, no other of its products had been affected. Also, none of the users still working with the respective versions are believed to have been affected.
According to the statement, the v5.33.6162 and v1.07.3191 for 32-bits Windows users was spotted by Avast on September 12. Avast, a security company, is Piriform’s new parent company. The security company explains that this particular CCleaner software was compromised in a “sophisticated manner”.
“The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server,” explains the release.
This continued by explaining that, by working with US law enforcement, Piriform managed to shut down the respective server, before any known harm was done.
The compromise is also believed to have been unlikely to affect that many users, as the versions themselves are approximated to be used by some 3 percent of the company customers. Nonetheless, an updated version for both these builds has been released and is available.
Also, Piriform encouraged 32-bit CCleaner v5.33.6162 users to download and update their software to v5.34. CCleaner’s Cloud v1.07.3191 users were reportedly automatically updated to v1.07.3214 sometime in between September 12 to September 15.
Avast Antivirus users also received an automatic update in the same period. The company issued an apology and is reportedly taking extra measure to help ensure that “this does not happen again”.
Image Source: Wikimedia