One day after the creator of the software reported that a security issue had been detected, U.S. security researchers claimed that hackers had stolen data from the systems of a number of users of the well-known file transfer tool MOVEit Transfer.

After revealing the flaw on Wednesday, software developer Progress Software Corp warned that it would enable unauthorised access to customers’ systems.

The Burlington, Massachusetts-based company’s managed file transfer software enables businesses to send files and data to clients and business partners.

It wasn’t immediately clear which organisations use the software, how many do, or how many were affected by possible breaches. Ian Pitt, the chief information officer, declined to provide those specifics but noted that Progress Software had made remedies available following its late-May 28 discovery of the vulnerability.

This has an effect on the software’s named cloud-based service as well, he told Reuters.

“As of now we see no exploit of the cloud platform,” he said.

Rapid7 Inc., a cybersecurity company, and Google-owned Mandiant Consulting reported finding several instances where the issue had been used to steal data.

“Mass exploitation and broad data theft has occurred over the past few days,” Charles Carmakal, chief technology officer of Mandiant Consulting, said in a statement.

According to Mandiant, such “zero-day,” or previously undiscovered, vulnerabilities in managed file transfer solutions have in the past resulted in data theft, leaks, extortion, and victim-shaming.

“Although Mandiant does not yet know the motivation of the threat actor, organizations should prepare for potential extortion and publication of the stolen data,” Carmakal said.

Rapid7 claimed that after the weakness was made public, there had been an increase in cases of breach connected to it.

Users who are at risk can take the actions indicated by Progress Software to lessen the effects of the security vulnerability.

Pitt declined to comment on the possibility that someone was trying to use the vulnerability to steal data.

“We have no evidence of it being used to spread malware,” he said.

Compared to the more than 20 users of the company’s other software products, he claimed, MOVEit Transfer had a comparatively “small” number of users.

“We have forensics partners on board and we are working with them to make sure that we have an ever-evolving grasp of the situation.”

(Adapted from ThePrint.in)