the chinese company GDS Holdings it’s at ST Telemedia Global Data Centersfrom Singapore, suffered attacks in their data centers, with data involving emails and passwords of their customer service centers.
These companies — among the largest in the area in the region — provide services to companies such as Ali Babaa Bloomberga Microsoft it’s at Apple. Nearly 2 mil customers were affected, including China’s largest exchange platform (China Foreign Exchange Trade System).
The attackers were able to log into the accounts of at least five companies (customers of the companies that suffered the attack); even though the passwords were scrambled, it wasn’t difficult to figure them out. The information obtained includes credentials of GDS and STT employees, as well as the companies they provide services to. These findings came after an investigation by security consultancy Resecurity. GDS claimed to have suffered the attack in 2021while the Singaporean did not make it clear when the episode took place.
To make matters worse, crackers who gained access to the data put it up for sale on dark web (deepest portion of the internet not indexed by search engines) last month by US$175 mil, saying they scouted a few targets but couldn’t handle everything. The data ended up being released by crackers. According to Resecurity, emails and passwords allowed attackers to gain access to customer service services as if they owned the credentials.
The attacks were discovered in September 2021 by the cybersecurity consultancy, through an undercover agent. According to the Bloomberg, the GDS and STT were notified both at the time and in January of this year about the attack and claimed to have responded quickly after notification. Resecurity also revealed that the data was used until at least last month, when operators of the companies were forced to reset their passwords. According to the GDS, the reason this happened was because a customer failed to reset the password on an account that belonged to a former employee. Even if the passwords don’t work, the information is still used to apply scams. phishingfor example.
GDS, for its part, said that a customer service center had a breach attacked in 2021 and that it investigated and repaired a vulnerability in the same year. The company added that the application was limited in scope, that there was no risk to customers and that there is no connection to other corporate systems or other “critical” infrastructure. The Singapore Cybersecurity Agency said it was aware of the matter and was watching ST Telemedia.
Asked about attacks in January 2023, the company said it had detected multiple new recent hacker attacks using old account information. These attempts, according to a representative, were blocked and, since then, there has been no successful attack motivated by vulnerabilities in the GDS system. Apple declined to comment on the matter.
Just 4 credentials from Apple are in the leak, while Alibaba figures with 201, Amazon with 99 and Microsoft with 32. Banks like Goldman Sachs had 3 leaked logins, less than the 15 of the Bank of America and the 9 of the Bank of China . Large companies such as the Indian operator Airtel, the SoftBank fund, Mastercard and ByteDance were also affected.
The risks of this attack even involve the physical infrastructure of data center companies, and there may be serious consequences. What happened demonstrates the weaknesses of current systems, which operate connected in networks with quite distant cores. It also draws attention to the fact that the companies were notified in 2021 and apparently only acted this year.
via Gadgets 360