Is Bitdefender sharing our info?

AnotherDave
AnotherDave ✭✭✭
edited March 20 in General Topics

In the 10+ years that I've been a paying Bitdefender customer (multiple products / licenses such as Total Security and Digital Identity Protection), I've never purchased from any resellers / affiliates - I've always purchased directly from Bitdefender.com - yet this is the second time within a year I've received an unsolicited email directly from a BD reseller/affiliate.

Is Bitdefender sharing my info with organizations in their affiliate programs?

Case in point - today I received an unsolicited commercial email from sales@antivirus-solutions.store "Antivirus Solutions" in which they display what appears to be their own logo right next to BD's logo, offering to sell me BD products at discount prices, and as if I don't already own BDTS and other BD products.

After checking to make sure their website antivirus-solutions.store isn't infected or blacklisted (via sources such as VirusTotal and even Bitdefender themselves), I also did a Whois Lookup of their domain and can see that the domain name was just registered only 46 days ago.

Screenshots attached from both the email and the website.

This has all the earmarks of affiliate spam, and from all appearances it seems that Bitdefender has approved this "company" into their partner programs and isn't paying attention to the fact that their UCE breaks the law and goes against BD partner policies.

So I'd like to know - is Bitdefender leaking our information to these affiliates? And is BD knowingly allowing them to send UCE promotions? It's a bit disconcerting that all signs seem to point in that direction.

PS - As you can see in the screenshot of their website, they're claiming "there is no automatic renewal" and that the "product will be delivered to you within 24 hours via email". This just wreaks of shady sh*t.


Using Bitdefender Total Security. Paying BD customer since 2012

Comments

  • Scott
    Scott ✭✭✭✭✭
    edited August 2023

    Has Bitdefender been sharing your information, no, I highly doubt it. Maybe somehow your email has been hacked, to see you're using BD.

    I tried doing a search for Antivirus Solutions, AntiVirus Solutions Paris France even with the complete address from one of the images, and came up with nothing. It looks like total spam to me.

    Especially enticing is the No Automatic renewal, to try entice people to the link. Hit the drop-down arrow on their email address, and see if you can find anything else. Spam.


    Kind regards...and by the way, thank you for your push, your thread the get the Widget back :) :)

    Scott

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • Fun fact - now suddenly https://antivirus-solutions.store gets a "suspicious" popup from BDTS when you visit it, when 30 minutes ago it was perfectly safe according to BDTS.

    Using Bitdefender Total Security. Paying BD customer since 2012

  • Scott
    Scott ✭✭✭✭✭
    edited August 2023

    I think we have our answer now. Nice follow-up investigating, AnotherDave.

    I received the same pop-up as you, from your link.


    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • @Scott - you wouldn't find them in the search engines yet, since the domain was only registered in June and the site has only just recently gone online. Email is definitely not hacked - I used a strong password generator, and aside from that, nobody can get into my Gmail without me knowing, since I have 2FA enabled (they would need to tap "Yes it's me" on my phone in order to get in) and also I would see any other devices logged-in to my Gmail during my daily click on the little "Details" link at the bottom of Gmail in browser, which shows you what devices / ip addresses have logged-in to your Gmail account. And you're welcome RE: the Widget push - that was a long journey!

    Using Bitdefender Total Security. Paying BD customer since 2012

  • Scott
    Scott ✭✭✭✭✭
    edited August 2023

    As far as being a member here since 2012 and keeping up with BD, I should have probably known that you were on top of your personal security :) Well done :)

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • Since it seems pretty obvious that someone at Bitdefender saw my post and have tagged the site, here's proof that an hour ago Bitdefender had it marked as clean / safe.

    Attaching current screenshot since the results at https://www.virustotal.com/gui/home/url will probably change soon.

    Busted!

    Using Bitdefender Total Security. Paying BD customer since 2012

  • Scott
    Scott ✭✭✭✭✭
    edited August 2023

    The link has been submitted to the Bitdefender malware research team, to hopefully be updated on Virus Total.

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • Flexx
    Flexx mod
    edited August 2023

    The email you received is a phishing email because if you will closely look at the sender email it is not from @bitdefender.com & instead from sales@antivirus-solutions.store which is not related to bitdefender.

    Phishing emails related to antimaware products are very common and you should always check the sender from which you are receiving the email.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Scott
    Scott ✭✭✭✭✭

    @Flexx, yes, correctly stated, phishing attempt, beyond it being merely spam.

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • @Flexx - Phishing email, who'd have thunk? ;-) Yes indeed - I do know the difference between domain names. But I also know that this would not be the first time that BD had a partner/affiliate in their program that was rogue, and that I reported. Just like sometimes this forum gets hit with spam (used to and went neglected for days, even months), sometimes BD doesn't discover a bad apple in the bunch in their partner program.

    And indeed, I would not have known that the domain in question is only 46 days old if I didn't know enough to do a Whois Lookup and see that they registered on Google Domains back in June. Which brings up another issue - the sender not only has their domain registered with Google, but their spam is also passing Gmail's filters with flying colors, and Shopify is handling their processing. So... if it were actual real phishing, then we can think of at least 3 major companies that are not on their game

    😉

    Using Bitdefender Total Security. Paying BD customer since 2012

  • I have sent the website to bitdefender malware researchers and we will know if the website is phishing only after 72 hours.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Flexx
    Flexx mod
    edited August 2023

    lol 😂

    The link has also been submitted to avast, avg, avira, norton, eset, malwarebytes & google safe browsing to check for any phishing activity.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Hello.

    This is what i got when tried to visit the website:

    So, obviously the website is spam/phising/scam/fake site.

    Also, you can find the Bitdefender partner's (reseller/distributor) list here:

    Regards.

  • Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Please note that the domain solutions-antivirus.store (sending email from sales@solutions-antivirus.store) also has a "sister-domain", i.e. solutions-antivirus.pro which is used for unsolicited commercial emails via sales@solutions-antivirus.pro

    The emails from both domains looks the same.

  • Scott
    Scott ✭✭✭✭✭

    Thank you for sharing that helpful information with us, PixelHermit, it's appreciated.

    Scott

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • Website shared with different antimalware vendors to check for phishing attempt.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • I can tell you categorically that Bitdefender HAS 100% definitively shared our details with unknown parties.

    Here's why:

    I use Apple's iCloud+ which has Hide My Email, and I generate a new unique email alias for EVERY single new website, service, app, whatever I sign up to. If I ever receive spam, all I need to look at is what email address the spammer sent it to, and I know exactly which company leaked my data.

    In this case, I received an IDENTICAL email to the screenshot that OP posted, and the email they sent it to is the SAME email I generated and used only for Bitdefender. Haven't even entered that email anywhere for 2 years, which is when I signed up to Bitdefender.

    To be crystal clear. I technically have hundreds of unique email addresses that I only ever use for each specific website/service. There is no way anyone could have acquired my Bitdefender email alias, other than Bitdefender leaking/sharing it.

    I have just contacted Bitdefender's live chat and sent them the scammer's email, and they said "It's from the unofficial Bitdefender reseller. What I recommend is not to buy from them. We are still investigating this reseller." Happy to post email transcript or screenshots.

    How utterly ridiculous is it that Bitdefender, a service that is supposed to be PROTECTING us, is actually leaking our data to others? Including other companies under investigation? And Bitdefender expects me to renew when the time is up in a couple months? Hell no. Bitdefender is now permanently blocklisted – never again.

    No excuses when you cannot even stick by your own product's purpose.

  • Scott
    Scott ✭✭✭✭✭
    edited August 2023

    Thank you for your post, orangesevenhills. Maybe @Alexandru_BD or @Mike_BD would comment on this?

    My thought is, if Bitdefender did share, leak our information, especially with the website in the 1st post, why would their Online Threat Prevention throw up a warning? Wouldn't they, Bitdefender engineers, have allowed that in their whitelisted website category?

    Kind regards,

    Scott

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • Using Bitdefender Total Security. Paying BD customer since 2012

  • Bitdefender did NOT start detecting that page as Suspicious until AFTER I started this thread.

    Before I started this thread Bitdefender let me visit it with NO PROBLEM - my screenshots prove that.

    Using Bitdefender Total Security. Paying BD customer since 2012

  • When I started this thread, that site was marked as CLEAN on ALL Anti-Virus, as you can see from the screenshot I took before I started this thread.

    And I could visit the site with no problem.

    Then 20 minutes AFTER I started this thread, THEN Bitdefender started marking it as suspicious.

    I'd be interested to see / hear that explained. 🤔

    Using Bitdefender Total Security. Paying BD customer since 2012

  • Hello @AnotherDave and thanks for sharing your findings with the community.

    Please note that the above online seller does not partner with Bitdefender. The first red flag would be that Bitdefender itself detects their homepage as fraudulent, and then there's the tactics involved, where they are phishing for potential customers offering "discounts" randomly via email. The email body also looks pretty raw and unprofessional. I've seen these tactics before and the spammers usually change their domain frequently, to avoid / delay detection. As Bitdefender’s influence in the cyber-security industry grows, there are more scammers pretending to be affiliated with the brand or even entities with malicious intentions that claim to offer technical assistance. So, in my opinion it's really a case of phishing in the big pond to lure potential victims in an attempt to steal financial data. As to how they got to you in the first place, it's difficult to tell. Are you aware of any possible leaks where your email address might have been compromised?

    Below there's a similar case involving another fake reseller:

    These kind of fraud schemes are very common for last couple of years and there's not much you can do to catch them. Because their tactics involve fake websites and you can't know exactly who is behind them. In my experience, they will change the name and website after they found out that we know about their scheme. Once they have covered their tracks, they will resume this shady practice from someplace else. It's like looking for the needle in the haystack.

    Premium Security & Bitdefender Endpoint Security Tools user

  • @Alexandru_BD Thanks for confirming those details. Regarding how the fraudster(s) obtained our email addresses in the first place, as I mentioned this absolutely MUST have originated from Bitdefender. It is impossible for anyone else to have obtained the single purpose email address I generated, copied and pasted once 2 years ago to sign up for Bitdefender.

    I have hundreds of email address aliases through iCloud+. The email address that the fraudster(s) used was the exact same one I created and used once solely for Bitdefender. I have never received any other Bitdefender scam emails in my life. Therefore it is crystal clear that Bitdefender has shared/leaked customer data, and I would like this to be investigated internally immediately please so that the full scope of this unauthorized sharing/leaking can be advised to customers who trusted Bitdefender with their data. We would then be able to understand what other potential sensitive data of ours Bitdefender has shared/leaked to fraudsters and if necessary, take precautions e.g. identity theft measures.

    Has Bitdefender shared/leaked our names too? Our card details? Billing info? etc. We need to know this. Thanks.

  • "I have never received any other Bitdefender scam emails in my life."

    Me neither, this is the first time ever receiving a scam email third party Bitdefender distributor (from the aforementioned: sales@solutions-antivirus.pro). Hoping to receive a statement clarifying how my email address was culled/targeted. Thanks in advance.

    Thanks AnotherDave for having posted.

    Regards,

    Kathy

  • Scott
    Scott ✭✭✭✭✭
    edited August 2023

    @Alexandru_BD do you have any thoughts regarding @orangesevenhills question above as to how they got specific information as far as members (email addresses) of even having Bitdefender at all?

    It was the same concern as just posted by this member:

    I know in the past we had the thread of members getting spammed by McAffee, and in my case of never even registering a McAffee product before.

    Thank you.

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/

  • orangesevenhills
    edited August 2023

    In addition to this thread, am communicating with Bitdefender's support via email. Still no explanation, scope detail or accountability so far. They confirmed that the email and website are "not owned by any of our official resellers or partners and it is indeed a scam attempt".

    They said "Bitdefender will not reveal any personal data about its users to third parties without explicit consent from the users." – I don't think any of us remember authorizing Bitdefender to share our personal data with fraudsters?

    They also said "Bitdefender may use personal data to prevent and identify fraud, as well as in any other related legitimate purpose." – Would like to see what these legitimate purposes are, especially considering they go against the core purpose of Bitdefender's entire business.

    Bitdefender needs to be held accountable for their actions, and needs to specifically explain how much of their customers' data has been shared/leaked to fraudsters. I am more than happy to make the rounds with a variety of news media outlets to nudge Bitdefender to do the right thing.

  • Kindly send the part where it mentions Bitdefender can share/leak our personal data to fraudsters?

    It's been several days now and still no accountability or transparency from Bitdefender. Pathetic. As long as they've got the subscription money, right? Seems like the best route now is entering the inbox of as many news media websites as possible, because when this may affect Bitdefender's reputation and profits, maybe then they'll do something about it.

  • I received an email from sales@solutions-antivirus.store I forwarded it to Bitdefender Data Protection Office. What concerns me is after checking the message source of the email, my full name, which appears on my credit card, was connected to my account email address. I don't use my real name in my Bitdefender online account. How they managed to retrieve this information is disquieting. I haven't heard back from Bitdefender DPO.

  • I shared you the websites, you will have to go through the information on your own.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Mike_BD
    Mike_BD BD Staff

    Hello @orangesevenhills and @P Andrew ,

    Alex and I ensured all your posted information has been shared with the appropriate colleagues. We'll provide an update once we have it. I saw that you also appealed to the official contact channels.

    cheers,

    Mike

    Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB

  • I ask where it states that BD customers consent to their data being shared to fraudsters and the other 'legitimate purposes' that go against the entire purpose of BD – you send a bunch of links and can't point to any part that answers my questions. Your replies are pointless.


    Hi Mike, thank you for forwarding this on.

    ICO states "You must report a notifiable breach to the ICO without undue delay, but not later than 72 hours after becoming aware of it." Please can you confirm whether Bitdefender have contacted ICO yet? As this is now almost 2 weeks since multiple customers reported this to Bitdefender, with no report or proper response released to the customers whose data has been shared/leaked, I will be personally filing a report with ICO if we do not receive anything from Bitdefender by the end of today.

    Thanks.

  • Hello everyone,

    At this moment there are no indications to confirm the hypothesis of an information leak and it is unlikely that this would occur from our side.

    As a leader in information security services, confidentiality and data protection are of vital importance for us. Access to the collected personal data is restricted only to Bitdefender employees and data processors that need access to this information. All Bitdefender information security policies are ISO 27001 and SOC2 Type2 certified.

    Bitdefender may use other companies to process the collected personal data. These companies are considered data processors and have strict contractual obligations to keep the confidentiality of the processed data and to offer at least the same level of security as Bitdefender. Data processors have the obligation not to allow third parties to process personal data on behalf of Bitdefender and to access, use and/or keep the data secure and confidential.

    Of course, we understand your concern and we have requested an internal investigation based on the reports received on this forum. The infosec team is currently investigating and we will let you know when we have further information.

    Thank you for your patience and understanding.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • Hello.

    Both websites "antivirus-solutions pro" and "antivirus-solutions store" are now detected and blocked by Bitdefender:

    Regards.

  • Hi Alexandru,

    Thanks for coming back to us. This is why I've been referring to this situation as Bitdefender "sharing" or "leaking", as either way, it is 100% factually evident that Bitdefender customer data has been collected and processed by fraudsters. There is no debating this. The evidence is 100% clear, as explained previously. It is impossible for anyone else to have obtained the email address alias I generated purely for a one-time Bitdefender account creation and login.

    The method of which these fraudsters obtained Bitdefender customer data, and the extent of the data set they have on us, remains unclear. But again, either way, Bitdefender is in the wrong and has handled customer data irresponsibly, whether by allowing our data to be leaked to fraudsters, or sharing our data with fraudsters.

  • Alexandru_BD
    Alexandru_BD admin
    edited August 2023

    Hello @orangesevenhills,

    At this time I think it's far from factually evident that any form of data has been collected without consent or compromised, since there is no tangible proof in this regard and the claim is subject to an investigation that has not been concluded yet.

    What you are implying is an assumption based on deduction and available facts known to you. And rightfully so, if you haven't used a specific email address elsewhere and you are absolutely certain that the address was protected accordingly and could not have been leaked someplace else, you are of course entitled to ask questions.

    But here's the thing. I don't have access to your email address associated with Central, I am unaware of its level of security, when it was created and if there was a chance for it to be leaked somewhere at all, so I cannot make any statements concerning this.

    My advice would be to wait for the Support teams to provide a response for your inquiry, as I'm not in the position to advise you on the next steps and cannot know for sure by what means you have received that phishing message.

    If you have provided your registered email address to the Support representatives, the infosec teams will track down all possible leads to see where the rabbit hole goes.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • @Alexandru_BD and @Mike_BD  - thank you both for your responses and efforts.

    And just for informational purposes - oddly enough VirusTotal.com as of right shows that Bitdefender still has the .STORE domain listed as clean (though we know it is phishing and BD blocks it now) , but they do show that the .PRO domain is marked as phishing by BD.

    I guess I'm just a little surprised that only one security vendor has the .STORE domain tagged (and not even as phishing, just spam) whereas the .PRO domain is tagged as Malicious / Phishing by 10 vendors. Does BD have to submit the status to VirusTotal manually?

    Using Bitdefender Total Security. Paying BD customer since 2012

  • @Alexandru_BD - I forgot to answer your question - "As to how they got to you in the first place, it's difficult to tell. Are you aware of any possible leaks where your email address might have been compromised?"

    My email password has never been compromised - I use a strong password generator (RoboForm, which I simply prefer over the many others available and have been using for about 15 years) and I never use the same password twice for anything.

    So even though my email address has been exposed by companies, such as Adobe back in 2013 and Canva back in 2019 (and I think almost anyone who checks their email addresses on https://haveibeenpwned.com will find that at some point as least some info about them has been exposed), my password itself has never been compromised.

    My password generator generates random different passwords for me each site / service I use, and they're very strong... here's an example of what they look like - 7^tzbGcMiN*!T9jN - 16 characters and quite the mix, and I change my passwords frequently using the generator. This is why I've never been compromised / hacked despite some companies/sites having leaked my name and email address in the past.

    So while it's certainly plausible that some of the "bad guys" know my name and email address, they definitely don't know my passwords. 😉

    Using Bitdefender Total Security. Paying BD customer since 2012

  • @AnotherDave thanks for sharing the VirusTotal info, I've passed this onto the relevant teams. 👍️

    Premium Security & Bitdefender Endpoint Security Tools user

  • Thanks for replying Alex. I disagree however, as the evidence is clear. It is simply impossible for anyone else on this planet to have known this email address exists, besides Apple and I. And sorry but wait for the support teams? You mean the one I replied to on 8th Aug requesting answers and accountability yet still haven't bothered to reply?

    Also, today, I received a further 2 emails to the same iCloud+ alias I generated and used once for Bitdefender. Both were from notification@emails.avast.com, which appears to be Avast's genuine email, and the links in the email all direct to Avast's official website.

    The subject of the first was 'Great news! No password leaks for your email.', while the other was 'Want the latest from Avast?'. The first one mentions a "password leak report from Avast Hack Check", saying "Good news! No new leaks were found for the email address [the iCloud+ alias I used for Bitdefender]".

    Don't tell me Bitdefender staff are using another company's service to see whether my email address has been compromised... This is ridiculous. I create an iCloud+ alias for Bitdefender 2 years ago, create a Bitdefender account with it, log in and that's it. 2 years later, I get spam emails selling me a Bitdefender subscription from scammers, then once I report it to Bitdefender and repeatedly try to get answers and hold you accountable for your actions, suddenly I get these 2 emails from Avast. I don't remember giving you my consent to share my data with Avast? (And no, I have NEVER used this iCloud+ alias with Avast or ANY other company whatsoever.)

    Bitdefender, STOP SHARING/LEAKING MY DATA!!!!!!! I am now reporting this to ICO for investigation and speaking with Avast to acquire the IP address that was used to submit my Bitdefender email into Avast's 'hack check' service. What is wrong with your company. You need to inform your customers what the hell you are doing with your customers' data, IMMEDIATELY.

  • Below stated website holds the largest database of compromised emails of individuals over the internet. You can check your email on the website and check for leaks. Avast & Kaspersky compromised email section stands no where when compared to this website.

    https://haveibeenpwned.com/

    As far as the email goes, anyone can create phishing website and it may be possible that bitdefender being one of the top most antimalware companies in the world whose signature based engine is used by many of other antimalware vendors can get attacked by phishing website and through phishing emails. In recent times the bitdefender phishing emails have become more common among users but without any genuine data or proof you cannot blame the company of doing such things.

    Also, until and unless you do not receive any emails from xxxx@bitdefeder.com every other person with some technical knowledge will know that it is a fake or phishing email and might contact the support team for getting the required information.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • @Flexx - gee, I wonder where I've seen the link to HIBP before 😉 https://community.bitdefender.com/en/discussion/comment/327595/#Comment_327595

    I've actually been a donating user of https://haveibeenpwned.com since 2018 when Troy Hunt (the security expert / practical genius who created and runs HIBP) announced that it was being integrated into Firefox Monitor.

    Ever since then, I've had all of my (many) email addresses subscribed to the HIBP Notification service, as well as all of my domain names via https://haveibeenpwned.com/DomainSearch

    It's an incredible service that Troy provides for free - giving us all direct automatic alerts if any email addresses / domain email addresses have been compromised, including that details of what was leaked - which is why I donate to Troy / HIBP via the Donate button on his site.

    When I'm working with a client I always recommend that they go to his site and check all of their email addresses and subscribe to the free Notifications service. Clients are always shocked at what they discover when they check their accounts on his site.

    Using Bitdefender Total Security. Paying BD customer since 2012

  • I know of this website thanks, but it is irrelevant to the post you replied to. Someone at Bitdefender, or whoever they leaked/shared my data with, entered my email address into Avast's checker. Fact.

    The rest of your message also does not have much relevance to my post, and once again I have already explained that it is physically impossible for anyone else in existence in this universe to have had the email alias I generated solely for Bitdefender. Bitdefender have continued to not hold themselves accountable, failed to respond to me via email for almost 3 weeks, and have still failed to inform their customers how wide the scope is of the customer data that has been leaked/shared with fraudsters. Pathetic.

    I'm following this up with ICO now for investigation, considering Bitdefender cannot be bothered to conduct themselves professionally nor treat their customers with respect and care.

  • Well, I cannot provide you more details regarding this. Maybe @Alexandru_BD or @Mike_BD can check with the bitdefender internal department for you.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)