Dear CCleaner customers, users and supporters,
Following the CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 Security Notification released on September 18th, we would like to update you on progress so far.
As soon as we were made aware of the compromise, we worked to neutralize any threat to the 3% of our users who were affected, by:
- Shutting down the server the non-sensitive data was being transmitted to
- Taking multiple steps to update users who had the affected versions
- Working immediately with law enforcement to identify the source of the attack
We don’t believe in hiding, so soon as we established the facts and it was safe to do so, we openly communicated with our users in a blog post announcing the security incident and we will continue to share progress. You can also read our FAQs.
As the security of our users is paramount to us, we built a new version of CCleaner in a new infrastructure, which has been released with a new digital signature. We encourage all users to download the latest version of CCleaner. We also recommend users run a quality antivirus product, such as Avast Antivirus. For corporate users, the decision may be different and will likely depend on corporate IT policies.
Today, Avast has shared new information which suggests this was a very sophisticated attack which targeted a select number of large technology and telecommunication companies. Avast has been reaching out individually to the companies known to have been impacted to provide them with technical information and assist them. If you are a business known to have been affected, you will have been contacted.
We continue to work with law enforcement who are carrying out a full investigation and will share more information as soon as we can.
Thank you for your continued support.
VP Products, Piriform