Rubrik says hackers stole data via GoAnywhere zero-day flaw

Rubrik says hackers stole data via GoAnywhere zero-day flaw

US-based cloud data management and data security company Rubrik has confirmed that its data was stolen using a zero-day vulnerability in the Fortra GoAnywhere secure file transfer protocol.

GoAnywhere MFT is a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files securely.

Tracked as CVE-2023-0669, the vulnerability resides in the administrative web interface and could be exploited by a remote attacker to achieve remote code execution via a malicious request. Fortra released an emergency patch to address the flaw back in February 2023, warning that the bug was being actively exploited by threat actors.

Rubrik said in a statement that the company was one of the victims of a large-scale campaign against GoAnywhere MFT devices across the globe using CVE-2023-0669.

“We detected unauthorized access to a limited amount of information in one of our non-production IT testing environments as a result of the GoAnywhere vulnerability. Importantly, based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorized access did NOT include any data we secure on behalf of our customers via any Rubrik products,” Rubrik CISO Michael Mestrovichon said.

The affected data includes Rubrik internal sales information such as certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors. Sensitive personal data such as social security numbers, financial account numbers, or payment card numbers is said to have not been impacted in the breach.

The data breach disclosure comes after the Clop ransomware gang added Rubrik to its list of victims, sharing samples of stolen files that contain what appears to be internal Rubrik data, such as names, email addresses, and locations of employees. On its data leak site the gang stated that the data would soon be publicly released.

Earlier this month, fintech banking platform Hatch Bank disclosed a data breach after hackers stole the personal information of almost 140,000 customers using the GoAnywhere bug.

Back to the list

Latest Posts

Cyber Security Week in Review: May 23, 2025

Cyber Security Week in Review: May 23, 2025

In brief: Several major malware operations disrupted,  hackers exploit Ivanti and Cityworks zero-days, and more.
23 May 2025
Russian GRU hackers accused of massive espionage campaign across NATO and allied nations

Russian GRU hackers accused of massive espionage campaign across NATO and allied nations

The cyber offensive reportedly struck dozens of entities, spanning both government and private sectors.
22 May 2025
Chinese-speaking threat actors exploit Cityworks zero-day to hack into US govt agencies

Chinese-speaking threat actors exploit Cityworks zero-day to hack into US govt agencies

The attacks have been ongoing since at least January 2025.
22 May 2025