Hackers have exploited a vulnerability in SolarWind’s free cloud service to create a “virtual machine” to attack the service.
The vulnerability affects the free service, which lets users upload custom images and videos to their cloud, according to the security firm FireEye.
It can be exploited in three ways: via the free account of a paid account, or with the purchase of an ad-supported license.
If the ad-enabled account is compromised, users can access the “clouds” by entering their credentials.
They can then use the “machine” to upload the image and video files, and the “server” to take over.
This isn’t the first time SolarWind has been hacked.
SolarWind customers were targeted in February when an attack on the company’s servers resulted in the theft of personal data.
The attack was discovered when a user discovered a maliciously crafted image in the company server that could potentially be used to compromise their accounts.
FireEye said the company has been in contact with security experts, and it has deployed a patch for the exploit.
In an emailed statement, the company said: “We take all reported security vulnerabilities seriously and are actively working with our security partners and security experts to address these issues.
The company is currently investigating this incident and will be updating customers to the latest version of the service.”