Security Advisory: Credential Theft Incidents
January 7, 2026
Information for ownCloud Users Regarding the Hudson Rock Report
Overview
A threat intelligence report published in January 2026 by Hudson Rock identified credential theft incidents affecting multiple self-hosted file sharing platforms, including some ownCloud Community Edition deployments.
This advisory explains what happened, what did not happen, and which actions administrators should take now to secure their environments.
What Happened — and What Did Not
The ownCloud platform itself was not hacked or breached.
The Hudson Rock report explicitly states that no zero-day exploits and no platform vulnerabilities were involved:
“These catastrophic security failures were not the result of zero-day exploits in the platform architecture.”
Instead, the incidents followed a well-known attack pattern:
-
User credentials were stolen from infected employee devices
-
Infostealer malware such as RedLine, Lumma, or Vidar captured usernames and passwords
-
Attackers reused those credentials to log in to ownCloud accounts where Multi-Factor Authentication (MFA) was not enabled
As the report summarizes plainly:
“No exploits, no cookies — just a password.”
Immediate Action Required: Enable MFA
If MFA is not enabled on your ownCloud instance, enable it immediately.
MFA remains one of the most effective controls against credential-based attacks.
Recommended steps for administrators:
-
Enable Multi-Factor Authentication for all users using ownCloud’s two-factor authentication apps
-
Reset passwords and enforce strong, unique credentials
-
Review authentication and access logs for suspicious activity
-
Invalidate all active sessions to force re-authentication with MFA enabled
These measures significantly reduce the risk of unauthorized access, even when credentials have been compromised elsewhere.
Talk to Us
If you want help securing your ownCloud deployment or would like to explore a migration path, our team is here to help. Contact Kiteworks: Sales, Support & General Inquiries
Staying secure starts with understanding the threat — and acting decisively on the basics.