Solved Piriform CCleaner email about MoveIT data leak

Ghot · Oct 26, 2023

Pretty much ALL "corporations" (companies with money), are targets for hackers. Money is the root of all evil... etc.

My suspicion is that these identity protection companies, have seen a possible market.
They give out free samples (like a drug dealer), then use some sort of scare tactics, that will hopefully generate new customers.
With all the companies being hacked these days... it's a ripe market.

Personally... I just try to keep the data I put on the internet... down to a minimum.
And I put nothing of a financial nature on the phone. Phones are a hacker's wet dream.

Unless you're a high roller, financially, or even a mid-roller... you probably don't have much to worry about.
That being said, try not to leave tracks on the internet.

Remember: It's not paranoia, if they ARE out to get you.

Wisewiz · Oct 26, 2023

Ghot said:
And I put nothing of a financial nature on the phone. Phones are a hacker's wet dream.

Hear, hear! And I love the metaphor!

Senecio · Oct 26, 2023

Ghot said:
Personally... I just try to keep the data I put on the internet... down to a minimum.

I very much agree with that, and you would expect the regulars on this site to be extremely careful. Yet, on this very web site, one poster, ahem... , has invited people to post a picture of themselves, beginning with a self portrait; another has invited people to give details of their careers to date. Not mentioning any names, you understand.

Anyway, with regard to the current issue at hand, I have decided to cancel my subscription to CCleaner (two data breaches for one company is a red flag, I think). That turned out to be more difficult than it should, because they have cancelled the original cancellation link (to protect the end user). However, the company which handles their subscription sent a new link which worked. Now I just have to work out how to simply manage my cookies using MS tools. Managing cookies was the main reason I stuck with CCleaner.

Ghot · Oct 26, 2023

Senecio said:
I very much agree with that, and you would expect the regulars on this site to be extremely careful. Yet, on this very web site, one poster, ahem... , has invited people to post a picture of themselves, beginning with a self portrait; another has invited people to give details of their careers to date. Not mentioning any names, you understand.

Anyway, with regard to the current issue at hand, I have decided to cancel my subscription to CCleaner (two data breaches for one company is a red flag, I think). That turned out to be more difficult than it should, because they have cancelled the original cancellation link (to protect the end user). However, the company which handles their subscription sent a new link which worked. Now I just have to work out how to simply manage my cookies using MS tools. Managing cookies was the main reason I stuck with CCleaner.

I use an older free version (5.78), and I got no emails about this...

Download CCleaner 5.78.8558 - Download - Filepuma.com

CCleaner, CCleaner A powerful PC cleaning tool for optimizing system performance.

www.filepuma.com

It scans clean locally, and has one false positive at Virustotal.

I also added these lines to the "HOSTS" file...

0.0.0.0 ncc.avast.com
0.0.0.0 ncc.avast.com.edgesuite.net
0.0.0.0 license.piriform.com
0.0.0.0 ipm-provider.ff.avast.com
0.0.0.0 shepherd.ff.avast.com
0.0.0.0 ip-info.ff.avast.com
0.0.0.0 analytics.ff.avast.com

In the CCleaner settings, I turned OFF all the call home thingies, AND blocked these entries in the Bitdefender firewall...

Arnold17 · Oct 26, 2023

Senecio said:
I just received this email:

Information about the MOVEit vulnerability

We’re reaching out as some of your personal information such as name and contact information has been exposed on the dark web. We take the safety of our customers extremely seriously, and we want to be sure you are aware of the potential impact and how to best protect yourself.

Earlier this year many companies were impacted by the MOVEit vulnerability. As a user of the software, we acted immediately to protect our systems and investigate the potential impact. We recently discovered that as a customer of CCleaner, some limited personal information of yours was exposed on the dark web. The information is primarily limited to name and/or contact information, as well as information on the product you purchased from us. No banking details, credit card numbers or high-risk data such as log-in information or account details were taken.

Naturally, we take any data exposure very seriously. As a valued customer, we would like to offer you BreachGuard for additional dark web monitoring, free of charge, for 6 months. BreachGuard helps monitor for data breaches, personal information on the dark web, and can give you access to privacy resources as applicable in your region. We will send details of how to install BreachGuard in the coming days, so please keep an eye out for those instructions, which we will send to this email address.

Please stay vigilant against potential phishing threats, as more commonly available personal information, like your name and contact information combined with purchase information, can be engineered to phish for high-risk data. You can learn more about how to best protect yourself here:

<Link “What is phishing and how you can remain safe” removed>

Thank you for your continued support. Stay safe and keep an eye out for your instructions to install BreachGuard.

Your CCleaner Team

I find CCleaner very useful and would prefer not to stop using it, but I'm really doubtful about installing BreachGuard. I'd be interested in your thoughts on this matter, and what steps I should take to protect myself against identity theft.

John

I've been using CCleaner Pro for several years and have found it quite useful and reliable. I received the same message. Since it was from an address I hadn't seen before, I sent a query to support@ccleaner.com, an address I know is valid. Here's the reply:

Hello Arnold,

My name is Melvin, and I’m on the CCleaner Customer Care Team.

Thank you for reaching out to us regarding MOVEit breach, I’d be happy to [answer your question, and help you].

I see you’re having trouble with the email you receive and wanted to verify if that is legitimate from and let me answer your question.

First and foremost, thank you for being cautious and checking with us directly. We did send you a legitimate notification on 24 Oct 2023 to inform you that some of your personal information was involved in a recent cyber event. While the information is not considered high risk, we take this seriously and want to ensure you are prepared to be vigilant against any potential phishing threats using this information. As a valued customer, we are here to help. If you do not already have Dark Web Monitoring in place, we can help get you set up with complimentary Dark Web Monitoring services for 6 months. You will be receiving an email from us with instructions on how to redeem your product offering.

I hope that was helpful. Again, I’m sorry for the inconvenience. If you need anything else at all, feel free to message me at any time. I’d be happy to help.

Thank you.

Best regards,
Melvin | CCleaner Support - Manila, Philippines

Senecio · Oct 27, 2023

Thanks @Arnold17 - that does rather draw a line under the whole thing. I'm a little surprised that they haven't put out such a statement on their web site (not that I can see, anyway - even the post from the moderator denying it has disappeared). It seems they are attempting damage limitation. It may be, of course, that the leak only impacts a small sub-set of their users.

Anyway, I will mark this thread as solved. Thanks to everyone who commented.