On Tuesday October 15, we released a new version of CCleaner v5.63 and took the step to automatically update users on builds from 5.57 to the new version. The security of our users is our priority and we are now in a position where we are able to share some more information about why we took this action.
Global software companies are increasingly being targeted for disruptive attacks, cyber-espionage and even nation-state level sabotage, as evidenced by the many reports of data breaches and supply chain attacks over the last few years. CCleaner has previously been a target and therefore we rigorously monitor and test our systems, and cooperate with local, regional, and international agencies to actively track and verify malicious behavior. Through this monitoring, it came to our attention recently that cybercriminals may have been planning to target CCleaner again.
At CCleaner, we have zero-tolerance policy against cybercrime. Although we have found no indications that any users were affected, our users’ security is of utmost importance to us. We took immediate action therefore to develop the latest version of CCleaner as a precautionary measure. We also proactively revoked the prior product certificate and issued a new one. The signing keys, which let users verify valid software, were also revoked and re-issued.
We took these steps preventatively as our investigation is continuing, but we wanted to eliminate the risk of fraudulent software being delivered to our users. Since we have indications that the attempts to infiltrate our systems began in May this year, we automatically updated users on builds released after this time to ensure their safety.
Here at CCleaner we are committed to providing a secure product so that your PC always stays clean, safe and fast. We want to reassure you that CCleaner remains secure. Our actions were simply taken as a precaution and you can continue to use CCleaner as normal. For security purposes, we always recommend users to update to the latest version.
Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected. More information on the investigation and our findings is available on the Avast blog.