Inside a SolarWinds hack

Follow Us Get the newsletter Hi, this is Alyza on Bloomberg's cybersecurity team. This week, I caught up with Marcin Kleczynski, the chief executive officer of Malwarebytes, one of several cybersecurity firms targeted in the course of a massive hacking campaign using software from Texas-based SolarWinds Corp. Kleczynski's experience sheds light on the series of quick and consequential decisions that hundreds of company and agency heads across the country have been forced to make in the aftermath of the breach by suspected Russian hackers. Those decisions include the central question of when and how much to tell customers and shareholders as companies grapple with the fallout of one of the largest cyber-attacks in recent memory. Kleczynski's story began when his mobile phone rang on Dec. 15, while he was working from his home office in Sunnyvale, California. The incoming call was unusual: It was from the company's head of research and innovation, Pedro Bustamante, who was in Madrid, where it was late. In a tone Kleczynski would later describe as matter of fact, but a whisper, Bustamante informed him about a message he had just received from a Microsoft employee over Signal, the encrypted messaging application. Microsoft Corp. had detected suspicious activity on a third-party email protection application used by Malwarebytes, which has Microsoft's Office 365 tools for email and other functions. The suspicious activity matched tactics associated with the SolarWinds hack, which had been publicly disclosed days earlier. It was clear to Kleczynski that Malwarebytes might have been hacked. Immediately he called company executives and directed them to stop sending emails, which he feared could have been compromised. "Let's not give any indication that we know," Kleczynski said. "Let's stop passing around anything that might be important." Then the CEO weighed his options: He didn't want to create panic in his company without knowing for sure whether Malwarebytes had been breached, or the extent of the damage if it had. But he also needed the company to act quickly to protect its customers. Quietly, he assembled a 20-person team of employees who worked shutting down servers, auditing code and otherwise making sure that any malware that might be on their systems could not be pushed to customers. Once the company was locked down, over the next few weeks, Kleczynski slept with his phone on high volume—for the first time ever that he could remember. Working with Microsoft, his team determined that internal emails had in fact been accessed by the hackers—but not customer details. After he understood the extend of the damage, Kleczynski said his next step was to go public. He spoke with executives at other hacked companies about how they approached the disclosure, and decided to write about the hack on the company's blog. In the 670-word post, he detailed the extent of the damage, noting that while cybersecurity firms were a particular target for the hackers, the attack highlighted "just how essential our work is moving forward." In our conversation, he also stressed that it was critical to be transparent with customers and disclose the extent of the damage after the breach. "This information will come out eventually," he said. "You either control the story or you don't." ​​​​​—Alyza Sebenius If you read one thing GameStop's wild rally kept going on Wednesday, notching a 135% gain and driving the company's market value to $24 billion—higher than nearly half the companies in the S&P 500. The small army of Reddit users driving the shares up also targeted the hedge fund Melvin Capital as an object of wrath.  Paid Post The world's most trusted organizations partner with Crowdstrike to stop data breaches. We stop. So you can go. Crowdstrike secures the data and infrastructure that keeps the world running. That's why we're a trusted partner of the world's most important organizations. We stop. So you can go. Crowdstrike And here's what you need to know in global technology news Apple's quarterly revenue topped $100 million for the first time, following the release of the iPhone 12.  Facebook beat analysts' expectations for the quarter, recording a 33% jump in sales, while warning of future uncertainty.  Intel's new CEO is hiring back engineering leaders who had previously left the company.  HBO Max got a boost in subscribers for the quarter, after it premiered the new Wonder Woman movie.  Amazon-owned Ring has a new $60 doorbell. You received this message because you are subscribed to Bloomberg's Fully Charged newsletter. Unsubscribe | Bloomberg.com | Contact Us Bloomberg L.P. 731 Lexington, New York, NY, 10022