ownCloud Issues Urgent Warning: Enable MFA Now to Protect Against Credential Theft

ownCloud Urges Users to Enable Multi-Factor Authentication Following Credential Theft Attacks

ownCloud, a popular file-sharing platform with over 200 million users globally, has issued a warning to its users to enable multi-factor authentication (MFA) in order to protect their data from attackers using compromised credentials. The company’s client base includes prominent organizations such as the European Organization for Nuclear Research, the European Commission, ZF Group, Swiss Life, and the European Investment Bank.

A recent security advisory from ownCloud emphasized the importance of MFA after reports from Israeli cybersecurity firm Hudson Rock revealed that several organizations had their self-hosted file sharing platforms, including some instances of ownCloud Community Edition, breached in credential theft attacks.

ownCloud clarified that their platform was not hacked or breached in these incidents. The unauthorized access was facilitated by threat actors obtaining user credentials through infostealer malware like RedLine, Lumma, or Vidar installed on employee devices. These stolen credentials were then used to log in to ownCloud accounts without MFA enabled.

In response, ownCloud advised users to activate MFA on their instances immediately to enhance data security and prevent future unauthorized access even if credentials are compromised. Additionally, the company recommended resetting all user passwords, invalidating active sessions to prompt re-authentication, and monitoring access logs for any suspicious login activity.

The warning from ownCloud comes in the wake of a threat actor known as Zestix offering to sell corporate data stolen from numerous companies, potentially after breaching their ShareFile, Nextcloud, and ownCloud instances. Hudson Rock’s report highlighted that attackers likely gained initial access to file-sharing servers by using credentials stolen through infostealer malware on employee devices.

Hudson Rock’s investigation identified thousands of infected computers, including those on networks of prominent organizations like Deloitte, KPMG, Samsung, Honeywell, Walmart, and the U.S. CDC (Centers for Disease Control and Prevention).