Cyberhaven Confirms Cyberattack via Compromised Chrome Extension
/ 1 min read
🦠 Cyberhaven suffers supply-chain attack via compromised Chrome extension. Data-loss prevention startup Cyberhaven confirmed a cyberattack that involved hackers publishing a malicious update to its Chrome extension, potentially exposing customer passwords and session tokens. The breach occurred on December 25, when a compromised company account allowed the malicious update to be released. Cyberhaven has since removed the harmful version and issued a legitimate update. The company advises affected users to revoke and rotate all passwords and review logs for suspicious activity. This incident is part of a broader campaign targeting multiple Chrome extension developers, with Cyberhaven cooperating with federal law enforcement and engaging an incident response firm for further investigation.
