The total number of organizations compromised by the MOVEit hack remains a mystery.

The Cl0p extortion group, which exploited at least one of the vulnerabilities in Progress Software’s popular file transfer service, has been publishing a steady drip of what it claims are newly identified victims daily. So far, there are no signs that the pace of reported incidents is slowing since the breach was disclosed in May.

Cl0p has posted the names of hundreds of companies, state and local governments, universities and other organizations on its dark web leak site. It’s threats include leaking the data of any alleged victim if payment demands are not met. Meanwhile dozens of organizations have confirmed through media reports, public statements or regulatory disclosures that their data was indeed stolen.

That puts MOVEit in rarefied air as the most widespread file transfer hack recorded. But the daily stream of newly disclosed impacted companies has many security experts asking where the bottom is, and when Cl0p may finally exhaust its pool of companies to extort. Thus far, Cl0p is the only group that cybersecurity experts have seen exploiting one of the vulnerabilities, but Progress Software has announced a slew of similar SQL bugs in the past two months.

John Hammond, a senior security researcher at Huntress, quipped to SC Media that Cl0p “certainly knows how to drag out the news cycle.”

“The MOVEit Transfer exploitation still seems to be an incident that never dies. Between the initial infection, the following vulnerabilities that we at Huntress discovered…and of course Cl0p’s continued leaking of company data, this has continued for over a month and a half now,” Hammond told SC Media.

Nearly 370 organizations confirmed in MOVEit breach

Thus far, much of the public discussion around the impact of the hacks has focused on direct Progress Software’s customers, or entities that purchased or used its file transfer service. But cybersecurity experts who have sorted through the wreckage, as well as companies that specialize in scrutinizing software supply chain vulnerabilities, believe the universe of potential exposure could reach well beyond that group.  

Brett Callow, a ransomware…