Product, Service, Component:Autodesk user accounts
Impact:Unauthorized logins
Original Publish:8/30/2024
| Severity | CVSS Score | Impact |
|---|---|---|
| Low | 0.1 - 3.9 | A vulnerability where scope and impact of exploitation is restricted and the ability to exploit is extremely difficult. |
| Medium | 4.0 - 6.9 | A vulnerability where exploitation is mitigated by factors such as difficulty to exploit, default configuration or ease of identification. |
| High | 7.0 - 8.9 | A vulnerability, which if exploited, would directly impact the confidentiality, integrity or availability of user's data or processing resources. |
| Critical | 9.0 - 10 | A vulnerability, which if exploited, would allow remote execution of malicious code without user action. |
As a courtesy, Autodesk is informing its customers of a general uptick in third-party threat activity, in which suspected threat actors seemingly target media and entertainment organizations. We have found no evidence that this industry threat campaign is due to a compromise of Autodesk systems, and the credentials were obtained from sources outside of Autodesk. Rather, suspected threat actors are taking advantage of and attempting to access user accounts with compromised credentials from public data leaks unrelated to Autodesk.
After learning of the general uptick in third-party threat activity in August, Autodesk’s Cyber Threat Management & Response Team confirmed that some Autodesk customers experienced successful logins from unauthorized individuals, who leveraged credentials stolen from public data leaks unrelated to Autodesk’s systems. As stated above, we found no evidence that Autodesk systems were compromised.
Out of consideration for these impacted customers, Autodesk notified the accounts with detected logins from IP addresses associated with this third-party threat campaign and initiated protective measures. We also used this uptick in third-party threat activity to proactively remind Autodesk customers of best practices related to account password management.
As a result of our investigation, Autodesk Threat Intelligence believes the following IPs were associated with this threat campaign during the period between 16-July 2024 and 14-Aug 2024.
178.246.141.184 (17-Jul 2024 through 14-Aug 2024)
178.246.166.2 (13-Aug 2024 through 14-Aug 2024)
78.182.141.239 (16-Jul 2024 through 14-Aug 2024)
31.143.237.16 (12-Aug 20224 through 14-Aug 2024)
Autodesk customers are encouraged to review their respective account logs – for both Autodesk software and non-Autodesk software, given the threat activity was not due to a breach of Autodesk systems – to understand whether they experienced unauthorized access during the provided date ranges.
User credentials leaked in public data breaches are unfortunately increasingly common and often permit threat actors to gain access to sensitive or private information. Account credentials can become compromised via many means including malware, phishing campaigns, or because credentials are re-used from sites unrelated to Autodesk that have been compromised.
While the general uptick in third-party threat activity is not due to a breach in Autodesk systems, we would like to remind our customers of best practices related to account password management.
Autodesk is committed to privacy and security and helping our customers protect their design & make data. We strongly recommend users follow these security practices to better protect their Autodesk (and non-Autodesk) accounts:
Enable Two-Step Verification (2FA): 2FA adds an additional layer of protection against unauthorized access to accounts. We recommend using an authenticator application, such as Microsoft Authenticator or Google Authenticator. Learn how to enable 2FA here.
Enable Single Sign-On (SSO):SSO uses a single point of authentication, where passwords are received and validated only by the identity provider.Learn how to enable SSO here.
Rotate API keys:Rotating your API keys on a regular basis reduces the window of opportunity in which a key can be abused should a threat actor get hold of it. We have found no evidence of unauthorized use of customer API keys; however, we are including this suggestion as it is a best practice.
Use strong, unique passwords:Ensure your password incorporates a mix of letters, numbers, and special characters. Avoid using easily guessable information, such as names or birthdays.
Avoid password reuse:Do not use the same password across multiple sites or accounts to minimize risk.
Change passwords regularly:Changing your password frequently minimizes the window of opportunity a threat actor has should your credentials become compromised.
Utilize a password manager:Use a reputable password manager to securely store and generate strong, unique passwords for all your accounts, reducing the need to remember each one individually.
INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” IN CONNECTION WITH AUTODESK PRODUCTS. AUTODESK AND/OR ITS RESPECTIVE SUBSIDIARIES, AFFILIATES, SUPPLIERS AND LICENSORS AND ITS AND THEIR DIRECTORS, OFFICERS, EMPLOYEES, AGENTS AND REPRESENTATIVES MAKE NO REPRESENTATIONS ABOUT THE SITE, ANY PRODUCTS AND SERVICES CONTAINED ON THE SITE OR THE SUITABILITY OF THE INFORMATION CONTAINED IN THE MATERIALS, INFORMATION, CONTENT, DOCUMENTS, AND RELATED GRAPHICS PUBLISHED ON THIS SITE FOR ANY PURPOSE. THE SITE, ANY PRODUCTS OR SERVICES (INCLUDING WITHOUT LIMITATION, THIRD PARTY PRODUCTS AND SERVICES) OBTAINED THROUGH THE SITE, AND ALL SUCH INFORMATION, CONTENT, DOCUMENTS, AND RELATED GRAPHICS ARE PROVIDED FOR YOUR USE AT YOUR OWN RISK AND "AS IS" WITHOUT WARRANTY OF ANY KIND. AUTODESK AND/OR ITS RESPECTIVE SUBSIDIARIES, AFFILIATES, SUPPLIERS AND LICENSORS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS SITE, SUCH PRODUCTS AND SERVICES AND SUCH INFORMATION, CONTENT, DOCUMENTS, AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
