Last week, for about three days, the macOS video transcoding app HandBrake was compromised. One of the two download servers for HandBrake was serving up a special malware-infested version of the app, that, when launched, would essentially give hackers remote control of your computer.
In a case of extraordinarily bad luck, even for a guy that has a lot of bad computer luck, I happened to download HandBrake in that three day window, and my work Mac got pwned.
Long story short, somebody, somewhere, now has quite a bit of source code to several of our apps
Before I continue, three important points:
- There’s no indication any customer information was obtained by the attacker.
- Furthermore, there’s no indication Panic Sync data was accessed.
- Finally, our web server was not compromised.