A lawyer for Zoho, a company that makes email-disrupting software, told The Washington Post that his clients’ e-mails were being stolen because of a bug in the software, not the company’s own failure to secure the systems.
“Zoho has not been breached, and its systems are secure,” said John B. Breslow, a former assistant attorney general for the Justice Department’s National Security Division who now works as a partner at Bresfield.
But, he added, Zoho did not know about the bug until the company told the Justice department’s inspector general about it.
He declined to comment on the specific claims made in the inspector general’s report.
The inspector general report, released Wednesday, said the bugs that made the problems with Zoho possible were not discovered until May, nearly two months after the company announced that it was going to shut down the software.
Breshlow said Zoho had not been the victim of a “rogue” employee who was not part of the company.
Zoho acknowledged the problems that led to the theft, but said it had not yet discovered the flaw because it was not the intended use of the software to steal customers’ personal information.
Zhodko was founded in 2000, by former U.S. Rep. David Jolly (R-Fla.), a Zoho client, and Zoho is owned by Zoho Technologies, a privately held firm in Delaware that has a major presence in Europe.
Zho had not previously been reported to have any problems with its software, Breswell said.
The company did not immediately respond to a request for comment.
Zoho’s founder, John Bresline, has long been a vocal critic of the U.K.’s intelligence agencies, saying in 2013 that the government’s surveillance programs violated privacy rights.
“They have been abusing this program to spy on innocent people,” he said.
Zohanos software is designed to detect if a user is using its services or an email address linked to a known account.
Brestel, the lawyer for Breslin, said he believed the software could be used by hackers to take over systems that have no connection to Zoho.
“That is not a hack, it’s a hack of a system,” he told The Post.
“The fact that you have that kind of backdoor on a system is like if you have a burglar with a crowbar on a garage door.
You can’t stop him.”
The Zoho report, which was made public Wednesday, described Zoho as having been in contact with two other email providers in the past three months.
One of those companies, PagerDuty, was also one of the recipients of an email from Zoho that appeared to be an attempt to obtain a password to a website.
Zoa, a Pagerduty client, did not respond to requests for comment and a Zohano spokesman did not return a request.
The hacker that tried to obtain the password was also attempting to use PagerDefy, a similar software program, to obtain passwords for the same website.
“We’ve had numerous contacts with these three other service providers,” Breslines lawyer, Peter Grosz, told the Post.
But he did not elaborate on those contacts.
In a letter to Zohos attorneys on June 6, the inspector’s office asked for more details about the emails and what steps Zoho was taking to protect its systems.
The letter said it was aware that the company had recently switched from a one-time password that was supposed to be used only by the company to a two-factor authentication system that Zoho has been implementing to help protect its users’ information.
The inspectors report also pointed out that in the months after Zoho closed down its software in the spring of 2016, it failed to alert its customers to a possible security issue that had been discovered.
Bretts letter also asked that the firm give up its use of its own e-mails and email servers and that Zohoos computer security experts provide more details on the vulnerability.
Zuho did not have a specific timeline for releasing the software or providing information to customers about the security problems, Brestels letter said.
“If Zoho cannot fix this security issue, Zuhos customers may be harmed, as Zoho believes that Zuhoa’s security measures are insufficient to safeguard its customers,” the letter said, adding that the breach could “jeopardize the confidentiality and integrity of the data on its customers’ computers.”
Brestele said the company is committed to improving its cybersecurity and that it has begun working with government agencies to update its systems and to secure its infrastructure.
“At Zoho we are committed to ensuring that our customers’ data remains secure,” he wrote in the letter.
“Therefore, Zohowos Security Update for 2017 will be delivered to our customers in the