Sophos has issued a security notification to channel partners, explaining why the security company took its partner portal offline last week and reset all portal user passwords. The reason: Sophos discovered suspicious activity on April 3, issued an initial alert on April 5, and offered a more comprehensive partner update on April 6. Here's the blow-by-blow.

The chatter started on April 5, when Sophos stated:

"Sophos monitors its servers closely for potential security issues, and on 3rd April identified some suspicious activity on the main webserver that serves our Partner Portal at https://gpp.partners.sophos.com/.Two unauthorized programs were found on the server, and our preliminary investigations indicate that these were designed to allow unauthorized remote access to information.


Sophos explained some precautionary steps and an in-depth security audit to help determine if any damage had been done. The company "assumed the worst" during the audit and rest partner passwords as a precautionary step.


By Friday, April 6, Sophos disclosed that no financial information was stolen from this database. At the time, the company was still performing a forensic offline analysis to gain "a complete understanding of the attack."

Predictably, hackers sometimes attack security companies in pursuit of fame or back-door fortune into additional IT systems. Ironically, the Sophos alert to partners arrived around the same time that Sophos announced a new global channel chief.