ownCloud suffered a breach in which login details were stolen.
ownCloud advises users to enable MFA after cybercriminals obtained user login details via malware
No leak in the platform itself
According to ownCloud, there is no vulnerability or hack of the platform. The warning follows a report by the Israeli cybersecurity company Hudson Rock, which demonstrated how attackers gained access to ownCloud Community Edition instances via compromised accounts.
“The platform has not been compromised and no zero-day exploits have been used,” the company emphasizes. “The attacks took place via a different chain.”
Concrete recommendations
Therefore, the company advises its users to take several measures immediately:
- Enable multi-factor authentication for all accounts
- Reset all user passwords
- Invalidate active sessions to force re-authentication
- Check access logs for suspicious login attempts
According to ownCloud, MFA remains the most effective protection against misuse of leaked login details.
Data for sale on cybercrime forums
The warning comes after a cybercriminal put company data up for sale that allegedly came from dozens of companies. Not only ownCloud environments were affected, but also systems based on ShareFile and Nextcloud.
Cybersecurity company Hudson Rock states in its report that the attackers likely gained access via infected workstations within companies.