File-sharing platform ownCloud warned users today to enable multi-factor authentication (MFA) to block attackers using compromised credentials from stealing their data.
ownCloud has over 200 million users worldwide, including hundreds of enterprise and public-sector organizations such as the European Organization for Nuclear Research, the European Commission, German tech company ZF Group, insurance firm Swiss Life, and the European Investment Bank.
In a security advisory published today, the company urged users to enable MFA following a recent report from Israeli cybersecurity company Hudson Rock, which revealed that multiple organizations had their self-hosted file sharing platforms (including some ownCloud Community Edition instances) breached in credential theft attacks.
“The ownCloud platform was not hacked or breached. The Hudson Rock report explicitly confirms that no zero-day exploits or platform vulnerabilities were involved,” ownCloud said.
“The incidents occurred through a different attack chain: threat actors obtained user credentials via infostealer malware (such as RedLine, Lumma, or Vidar) installed on employee devices. These credentials were then used to log in to ownCloud accounts that did not have Multi-Factor Authentication (MFA) enabled.”
ownCloud advised users to immediately enable MFA on their ownCloud instance to secure their data against future attacks and prevent unauthorized access even when their credentials are compromised.
Additionally, ownCloud recommends resetting all user passwords, invalidating all active sessions to force re-authentication, and reviewing access logs for suspicious login activity.
This warning comes after a threat actor (known as Zestix) has been offering to sell corporate data stolen from dozens of companies, likely obtained after breaching their ShareFile, Nextcloud, and ownCloud instances.
In its January 5th report, Hudson Rock says the attackers may have obtained initial access to the companies’ file-sharing servers using credentials stolen by infostealer malware such as RedLine, Lumma, and Vidar, which infected employee devices.
The cybercrime intelligence firm identified thousands of infected computers, including some on the networks of high-profile organizations like Deloitte, KPMG, Samsung, Honeywell, Walmart, and the U.S. CDC (Centers for Disease Control and Prevention).
It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.