Notepad++, a popular text and code editor, recently faced a significant security breach that could have compromised user data and privacy. Last year, the app’s shared hosting servers were hijacked, leading to the distribution of a malicious update to unsuspecting users. The developer of Notepad++, Don Ho, disclosed that the attackers behind the breach were likely a Chinese state-sponsored group, and the servers remained vulnerable for approximately six months.
The breach involved redirecting specific users to attacker-controlled servers, where their app updates were replaced with a malicious executable. This could have potentially granted the hackers remote access to users’ keyboards, posing a severe security threat. The attack was characterized by highly selective targeting, focusing on organizations with interests in East Asia.
While the incident raises concerns about the security of shared hosting servers, Don Ho assured users that the attacker’s access was terminated by December 2nd, 2025. Notepad++ has since implemented enhanced security measures in its updater to prevent tampering and verify update authenticity. Users are advised to update to version 8.8.9 or later directly from the official Notepad++ website to mitigate the risks posed by the hijacking attack.
Source: The Verge