{
"facts": [
{
"statement": "Cyberhaven, a data‑loss prevention company, suffered a supply‑chain breach. The breach was caused by a phishing attack that compromised an employee’s Chrome Web Store account.",
"confidence": 1.0,
"finding_confidence": 1.0,
"source_finding_titles": [
"Cyberhaven Chrome Extension Compromised Leading to Massive Data Theft Incident"
]
},
{
"statement": "The attackers published a malicious version of the Cyberhaven Chrome extension (version 24.10.4) on 25 December 2024. This malicious version exfiltrated cookies, session tokens and passwords from more than 400 000 users.",
"confidence": 1.0,
"finding_confidence": 1.0,
"source_finding_titles": [
"Cyberhaven Chrome Extension Compromised Leading to Massive Data Theft Incident"
]
},
{
"statement": "Cyberhaven detected the incident on 26 December 2024 and removed the malicious package. The company issued an emergency advisory to customers to revoke and rotate credentials.",
"confidence": 1.0,
"finding_confidence": 1.0,
"source_finding_titles": [
"Cyberhaven Chrome Extension Compromised Leading to Massive Data Theft Incident"
]
}
]
}