In the night of February 2, 2024, AnyDesk released an advisory confirming a compromise of the company's "production systems" without further specification other than indicating the event is not ransomware-related.
As the advisory mandates customers to reset their web application portal passwords, there is a potential that the event impacted credentials of my[.]anydesk[.]com web application users. However, there is reportedly no evidence of a compromise of end-user devices.
The event appears to have been discovered on January 29, when AnyDesk logged a change to their code signing certificates.
AnyDesk users may want to consider the following actions:
Reset the client portal password;
If the potentially compromised password was used across other platforms, reset those credentials as well;
Make sure to enable multi-factor authentication across accounts where the password was reused;
As a precautionary measure, revoke the AnyDesk session tokens.
AnyDesk's investigation is still ongoing. There may be developments during the next days or weeks.