A hacker stole approximately $100,000 from the service provider that sells and distributes tfw encryption software, according to data published by The Register and others.
The hackers managed to obtain the money by exploiting a flaw in tfw software that allows a malicious user to remotely log into the tfc.net website and execute a malicious attack.
The Register’s security researchers uncovered the flaw in October, and the vulnerability was patched in November.
The tfc software allows users to encrypt and decrypt data using a series of simple cryptographic techniques.
However, when tfc was deployed on an Amazon EC2 cloud server, the service providers were not notified of the flaw until October.
The tfc website did not tell customers until October 11, according, according the Register.
Tfc.NET said the attack was “not a security breach,” and the hackers “are not responsible for the actions of third parties or for the damage they may cause.”
The tfw security service provider does not have a password to access the servers.
Users who have not configured tfc for a secure server environment are encouraged to visit the tfft.net page to create a new server account.
They can then connect to the service and verify their security settings and to create backups of the server and its contents.