Several of the world's largest companies are being hacked by hackers

In an episode that underscores the vulnerability of global computer networks, hackers got ahold of login credentials for data centers in Asia used by some of the world’s biggest businesses, a potential bonanza for spying or sabotage, according to a cybersecurity research firm.

The previously unreported data caches involve emails and passwords for customer-support websites for two of the largest data center operators in Asia: Shanghai-based GDS Holdings Ltd. and Singapore-based ST Telemedia Global Data Centres, according to Resecurity Inc., which provides cybersecurity services and investigates hackers. About 2,000 customers of GDS and STT GDC were affected. Hackers have logged into the accounts of at least five of them, including China’s main foreign exchange and debt trading platform and four others from India, according to Resecurity, which said it infiltrated the hacking group.

It’s not clear what — if anything — the hackers did with the other logins. The information included credentials in varying numbers for some of the world’s biggest companies, including Alibaba Group Holding Ltd., Amazon.com Inc., Apple Inc., BMW AG, Goldman Sachs Group Inc., Huawei Technologies Co., Microsoft Corp., and Walmart Inc., according to the security firm and hundreds of pages of documents that Bloomberg reviewed.

Responding to questions about Resecurity’s findings, GDS said in a statement that a customer support website was breached in 2021. It’s not clear how the hackers obtained the STT GDC data. That company said it found no evidence that its customer service portal was compromised that year. Both companies said the rogue credentials didn’t pose a risk to clients’ IT systems or data.

However, Resecurity and executives at four major US-based companies that were affected said the stolen credentials represented an unusual and serious danger, primarily because the customer-support websites control who is allowed to physically access the IT equipment housed in the data centers. Those executives, who learned about the incidents from Bloomberg News and corroborated the information with their security teams, who asked not to be identified because they weren’t authorized to speak publicly about the matter.

The magnitude of the data loss reported by Resecurity highlights the growing risk companies face because of their dependency on third parties to house data and IT equipment and help their networks reach global markets. Security experts say the issue is particularly acute in China, which requires corporations to partner with local data service providers.

“This is a nightmare waiting to happen,” said Michael Henry, former chief information officer for Digital Realty Trust Inc., one of the biggest US data center operators, when told about the incidents by Bloomberg. (Digital Realty Trust wasn’t affected by the incidents). The worst-case scenario for any data center operator is that attackers somehow get physical access to clients’ servers and install malicious code or additional equipment, Henry said. “If they can achieve that, they can potentially disrupt communications and commerce on a massive scale.”

GDS and STT GDC said they had no indication that anything like that happened, and that their core services weren’t impacted.

The hackers had access to the login credentials for more than a year before posting it for sale on the dark web last month, for $175,000, saying they were overwhelmed by the volume of it, according to Resecured and a screenshot of the posting reviewed by Bloomberg.

“I used some targets,” the hackers said in the post. “But unable to handle as total number of companies is over 2,000.”

The email addresses and passwords could have allowed hackers to masquerade as authorized users on the customer service websites, according to Resecured. The security firm discovered the data caches in September 2021 and said it also found evidence the hackers were using it to access accounts of GDS and STT GDC customers as recently as January, when both data center operators forced customer password resets, according to Resecured.

Even without valid passwords, the data would still be valuable — allowing hackers to craft targeted phishing emails against people with high-level access to their companies’ networks, according to Resecured.

Most of the affected companies that Bloomberg News contacted, including Alibaba, Amazon, Huawei and Walmart, declined to comment. Apple didn’t respond to messages seeking comment.

In a statement, Microsoft said, “We regularly monitor for threats that could impact Microsoft and when potential threats are identified we take appropriate action to protect Microsoft and our customers.” A spokesperson for Goldman Sachs said, “We have in place additional controls to protect against this type of breach and we are satisfied that our data was not at risk.”

The automaker BMW said it was aware of the issue. But a company spokesperson said, “After assessment, the issue has a very limited impact on BMW businesses and has caused no damage to BMW customers and product related information.” The spokesperson added, “BMW has urged GDS to improve the information security level.”

Comments

31 million Indian passengers affected by hacking of RailYatri's ticketing platform

RailYatri, a famous Indian train ticket booking stage, has experienced an enormous information break that has uncovered the individual data of north of 31 million clients/voyagers. The break is accepted to have happened in late December 2022, with the data set of delicate data presently being released on the web. The 12 GB worth of spilled information incorporates email addresses, complete names, sexual orientations, telephone numbers, areas and 37,000 solicitations which could seriously jeopardize a great many clients of wholesale fraud, phishing assaults, and other digital wrongdoings. Hackread.com can affirm that the information base has been spilled on Breachforums, a programmer and cybercrime discussion that surfaced as an option to the famous and presently held onto Raidforums. RailYatri and its Information Break Yatra RailYatri implies train traveler, while Yatra represents the excursion. The RailYatri information break is definitely not a normal instance of programmers taking a...

After Ion Attack again Hackers Target Thousands of Computers

A strange and unidentified gathering of programmers has tried to deaden the PC organizations of very nearly 5,000 casualties across the US and Europe, in one of the most far reaching ransomware assaults on record. The hacking unit, at first nicknamed the Nevada Gathering by security scientists, started a progression of assaults that began something like three weeks prior by taking advantage of a handily fixed weakness in a piece of code that is universal in cloud servers. The Monetary Times reached a few casualties recognized from the freely accessible data. Generally declined to remark, saying they had been approached by policing do as such. They remember colleges for the US and Hungary, delivery and development bunches in Italy and makers in Germany. Specialists presently can't seem to distinguish the culprits, speculating just from their enlisting declarations on the web that it is a blend of Russian and Chinese programmers. The programmers have requested a shockingly little p...

Accounts of customers were hacked by a sophisticated hacking group

The net host says it fell sufferer to a two-year safety breach that noticed unknown attackers steal purchaser and worker login important points and trap enterprise supply code. GoDaddy, one of the world’s greatest internet web hosting services, stated in a filing(Opens in a new window) this week that it fell sufferer to a two-year safety breach that noticed unknown attackers steal client and worker login small print and catch business enterprise supply code. In the Securities and Exchange Commission filing, the corporation stated the attackers additionally set up malware that redirected patron web sites to malicious sites. The attackers had been allegedly accountable ...

Three Captured In Huge Hacking, Information Burglary And Extortion Test

Amsterdam's digital wrongdoing police group has captured three young fellows as a component of a significant examination concerning hacking, information burglary, extortion and tax evasion including the confidential subtleties of a huge number of individuals. The three, matured 21 and 18, were gotten on January 23 and two have been confined to contact with their attorneys just, in light of a legitimate concern for the examination, police said. One of the three is a 'exceptionally shrewd programmer who has come on the police radar previously,' an equity division representative told the Telegraaf. 'Information is the new gold and these are the new burglars.' As per telecaster NOS, one of the group likewise worked for the information security association DIVD or Dutch Foundation for Weakness Exposure, which the public authority is thinking about giving a more prominent job in handling digital wrongdoing. He approached 'touchy data', the source said. Test The ex...

The Power of Branding: How to Build a Strong Brand Identity

Your brand is more than just a logo and a name. It's the identity of your business and the promise you make to your customers. A strong brand identity can help you stand out from your competitors, build trust with your audience, and create a lasting impression in the minds of your customers. Here are some tips for building a strong brand identity. Define Your Brand The first step in building a strong brand identity is to define your brand. This involves understanding your company's mission, values, and unique selling proposition. Ask yourself, what makes your business unique? What do you stand for? What do you want to be known for? Once you have a clear understanding of your brand, you can start building a visual identity that reflects your brand's personality. Develop Your Visual Identity Your visual identity includes your logo, color palette, typography, and other design elements that represent your brand. These elements should be consistent across all of your marketing m...

Tech Giants Leaked in Two Data Center Hacks

Danger entertainers have hacked two server farms in Asia and got to login certifications of top innovation monsters, including Apple, Uber, Microsoft, Samsung, Alibaba, and so on, and spilled them on a programmer gathering. The spilled information incorporates email addresses, secret word hashes, names, telephone numbers, and that's just the beginning. Programmers got login certifications for a few standard corporate goliaths, including Microsoft, Samsung, Uber and Apple, and so on and acquired remote admittance to the elements' reconnaissance cameras in the wake of going after two server farms in Asia. This was uncovered by the digital protection firm Resecurity. The organization initially recognized the information break in September 2021; nonetheless, subtleties of it were simply uncovered to the media now as on February twentieth, 2023, programmers released the taken login qualifications on the web. It is quite significant that these certifications were spilled on Breachfor...

Top 15 Must-Have Art and Design Apps for Unleashing Your Creativity

As technology continues to evolve, more and more people are using their smartphones and tablets as creative tools. Whether you are a professional artist or designer, or simply enjoy creating as a hobby, there are a plethora of apps available to help bring your ideas to life. Here are our top 15 picks for art and design apps to unleash your creativity: Procreate: This app is a favorite among digital artists and designers for its powerful tools and intuitive interface. Procreate features over 130 brushes, layer masks, and a wide range of customizable settings. Adobe Photoshop: One of the most popular image editing programs, Adobe Photoshop is available on mobile devices and offers many of the same features as its desktop counterpart. Autodesk Sketchbook: Sketchbook is a powerful digital sketching and painting app with an extensive array of brushes, intuitive drawing tools, and time-lapse recording capabilities. Canva: Perfect for graphic design and social media marketing, Canva offer...

From Problem to Solution: Practical Tips for Finding Answers

Problems are a part of life, and it's natural to encounter them from time to time. However, the key to overcoming challenges is to find solutions that work. Whether you're facing a personal problem or a professional challenge, here are some practical tips to help you go from problem to solution. Define the Problem The first step in finding a solution is to define the problem clearly. What exactly is the problem, and what are its underlying causes? Write down a clear and concise description of the problem to help you gain clarity and focus. Brainstorm Solutions Once you've defined the problem, it's time to brainstorm solutions. Start by generating as many ideas as possible, no matter how unrealistic they may seem. This can help you think outside the box and uncover new solutions that you may not have considered otherwise. Evaluate Your Options After you've generated a list of potential solutions, it's time to evaluate your options. Consider the pros and cons of e...

Navigating Change: How to Adapt Your Business to Changing Markets

Change is inevitable, especially in the world of business. Markets are constantly evolving, and businesses need to adapt in order to stay relevant and profitable. However, navigating change can be challenging, especially when it comes to adapting to changing markets. In this blog, we’ll explore some strategies that businesses can use to successfully navigate change and stay ahead of the curve. Stay informed and anticipate change The first step in adapting to changing markets is to stay informed about the trends and changes that are taking place. This requires a proactive approach to monitoring industry news, competitors, and customer feedback. By anticipating change, businesses can prepare themselves for new challenges and opportunities that arise. Be flexible and agile Flexibility is essential for businesses that want to adapt to changing markets. This means being willing to pivot when necessary, and to embrace new strategies and technologies that can help you stay ahead of the curve....

Find Your Solutions

Search This Blog