The anti-theft/phone location app Cerberus has recently suffered a malicious attack on their servers. In a statement issued by the developers on Google+ they acknowledge the breach and state that just shy of 97,000 account usernames and encrypted passwords have been compromised.
They also detail how the penetration occurred, and then go on to advise that they have addressed the flaw in security (accessing log files) which led to the hack, and that they’re working towards a new encryption method for usernames and passwords. This may come as a surprise to some Cerberus users who were blissfully unaware of the problem but this is in fact a good thing as only the users whose details were accessed were contacted directly by the developers.
As you would expect with an attack like this on a security type application, the developers have offered a sincere note of apology to users affected :
We sincerely apologize for the inconvenience of having to change your password, we take security of our users very seriously and are constantly working to improve it.
I take my hat off to them for being so up front about the breach and their thorough explanation of how the issue occurred.
Regardless of whether you received this notification or not, you should probably (as a precaution) reset your password via the Cerberus Forgot Password link.
Are you a Cerberus user? Will you continue to use the app after this issue?
I am a Cerberus user and will continue to use them, I realise attack’s and breach’s are going to happen on all cloud based services, it’s a question of what happens next, and Cerberus appears to have reacted quickly to notify users (I did get the email from them) and disable my password forcing a password reset! What more could you ask for from a developer?