Company Sues Ars Technica Journalist Over Software Vulnerability Publication

The Keeper company has sued both the Ars Technica site and its owner as security journalist Dan Goodin. The reason is an article about the company’s password manager, which briefly had a vulnerable version installed automatically on some Windows 10 users.

The lawsuit alleges that the company is accusing Goodin of defamation, deception and publishing false information about a product or company. Keeper demands that Ars Technica withdraw the item in question and pay damages. The company claims that “Goodin knew his statements were incorrect” and that he did not contact the company, which published its own blog post after the incident. The article’s purpose would have been to “inflict harm on Keeper.”

Goodin has adapted his article several times, according to Ars Technica. The release followed the discovery of the vulnerability by Google researcher Tavis Ormandy, who is more likely to find vulnerabilities in third-party products and to other password managers in the past. The vulnerability in question was present in the Chrome extension of the Keeper software and allowed an attacker to steal users’ passwords through a malicious site. Before that, people had to get the Keeper software up and running and install the extension.

This isn’t the first time Keeper has taken legal action after discovering a vulnerability. In 2013, security firm Fox-IT found a leak in the company’s password manager. At the time, the company said it was taking legal action against Fox-IT. The current lawsuit is filed in the US state of Illinois.