A modification to the Sophos Central login experience on January 20, 2022, resulted in the unintended logging of a subset of Sophos Central passwords in specific circumstances. The issue was discovered internally during a routine review of log information. After investigation, we have determined there is no exposure of these passwords outside of the Sophos logging platform.
Multi-factor authentication (MFA) secures all Sophos Central accounts to prevent the misuse of credentials under all circumstances.
The remediation for Sophos Central updated the logic of the login experience to prevent saving passwords to the log.
- The issue was discovered by Sophos Central operators at 21:30 UTC on February 5, 2022
- Fix went live in Sophos Central at 23:24 UTC on February 5, 2022
- All logged plaintext password data was purged from all Sophos systems by 02:09 UTC on February 6, 2022
- On February 8, 2022, Sophos recommended a password reset for all users who logged in to Sophos Central between January 20, 2022, and February 5, 2022, with their password auto-filled using either a password manager or the password-saving functionality of their web browser