Tag: Security breach

SnowBall effect of Snowflake Breach

Posted on by Srishti Chaubey

Executive Summary

Snowflake an American cloud computing–based data cloud company, identified a breach in June 2024, which had far-reaching implications for various organisations. Attackers exploited stolen credentials from a Snowflake employee, enabling unauthorised access to sensitive customer data, including credentials and access tokens. This breach was exacerbated by bypassing Okta’s security measures, allowing the attackers to generate new session tokens and access extensive customer data without detection.

Key Affected Customers:

Attack Method

  • Credentials Theft: Initial access through compromised employee credentials
  • Bypass Mechanism: Circumvention of Okta Security Protocols
  • Exploitation: Generation of new session tokens to access databases and steal data
Attack Path Diagram
Credit: The Hacker News

The Domino Effect

The Snowflake breach has created a domino effect, where the initial compromise has led to multiple subsequent breaches. This incident mirrors the earlier Okta breach,, where attackers leveraged stolen credentials to infiltrate various organizations.

Domino Effect of Snowflake Breach

Companies affected include:

  • Ticketmaster: Reported unauthorised access to sensitive data.
  • Advance Auto Parts: Experienced data theft, with stolen information now for sale on dark web marketplaces.
  • Santander Bank: Compromised customer data led to financial and reputational damage.
  • Hugging Face, Quote Wizard, Lending Tree: Also reported breaches, with more organizations likely to follow .

Inherent Weaknesses in Traditional IAM Solutions

Password + MFA Based Authentication:

  • Reliance on passwords makes systems vulnerable to phishing and credential theft.
  • Multi-Factor Authentication (MFA) is often ineffective as attackers can bypass Password + MFA protection mainly by phishing or using a compromised device.
  • Social Engineering attacks have shown that phishing resistant MFA like FIDO keys, & passkeys can prove to be ineffective & can be easily disabled or reset.

IAM Blind Spots:

Apart from reliance on vulnerable passwords for identifying user. The existing IAM solutions are blind to following risks

  • Connection Risk – Traditional IAM solutions lack visibility of user connections. They cannot know whether an authentication request is coming from an authorised actor or an attacker in the middle.
  • User’s Device Risk – They also do not account for the type & security posture of user’s devices, leaving systems exposed to malware and remote monitoring, as seen in the Uber incident.

Impact Assessment

The Snowflake breach is termed as the biggest data breach so far and it’s cascading effect has led to numerous organisations reporting security incidents & data breach. 

The amplification effect could potentially lead to a vast number of downstream breaches, escalating the overall impact.

Impact of Snowflake Breach
Credit: XQ

Towards a Secure Future

Challenges with Current Solutions:

  • Time and again Password + MFA based systems are proven to be ineffective against simple attacks like phishing & social engineering.
  • There is a pressing need for more robust authentication mechanisms.

Protect your Enterprise, #GoPasswordless with PureAUTH

FIDO Solutions like Passkeys and hardware tokens focus on giving users a passwordless experience keeping the passwords on the server as the primary way to identify and authenticate users.

PureAUTH Platform on the other hand provides a comprehensive passwordless approach, eliminating the passwords from server side & not just from user side. PureAUTH is the only solution that protects an organisation against phishing, social engineering, frauds & all types of credential-based attack.

To learn more about PureAUTH & how it protects your existing IAM systems like Okta, OneLogin, CISCO Duo, or Azure AD in just 60 minutes at Zero Cost – get in touch with us

Related Blogs

Okta Warns Customers of Credential Stuffing Attacks

Unpacking Okta’s Recent Security Breach

PuTTY Vulnerability Exposes Private Keys

Posted on by Srishti Chaubey

Introduction: Understanding the PuTTY Vulnerability

PuTTY, a widely-used SSH and Telnet client, contains a critical vulnerability, tracked as CVE-2024-31497, affecting versions 0.68 through 0.80. This flaw allows threat actors to potentially recover private keys used for cryptographic signatures, posing significant security risks. 

Exploring the Vulnerability: How Attackers Exploit PuTTY

The vulnerability arises from the biased generation of ECDSA nonces for the NIST P-521 curve, used in SSH authentication. Attackers can leverage this flaw to recover private keys by collecting cryptographic signatures, enabling unauthorised access to SSH servers or the ability to sign commits masquerading as legitimate users.

PuTTY Vulnerability Exposes Private Keys

Expert’s Insights

“PuTTY’s technique worked by making a SHA-512 hash and then reducing it mod q, where q is the order of the group used in the DSA system. For integer DSA (for which PuTTY’s technique was originally developed), q is about 160 bits; for elliptic-curve DSA (which came later), it has about the same number of bits as the curve modulus, so 256 or 384 or 521 bits for the NIST curves.”

“In all of those cases except P521, the bias introduced by reducing a 512-bit number mod q is negligible. But in the case of P521, where q has 521 bits (i.e. more than 512), reducing a 512-bit number mod q has no effect at all – you get a value of k whose top 9 bits are always zero.”

-PuTTY security advisory.

Impact and Implications: Risks Posed by the Flaw

The exploitation of this vulnerability can lead to severe consequences, including unauthorised access to sensitive systems, data breaches, and potential supply chain attacks. Affected software includes FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, urging users to take immediate action.

The following software that uses the vulnerable PuTTY is confirmed as impacted:

  • FileZilla 3.24.1 – 3.66.5 (fixed in 3.67.0)
  • WinSCP 5.9.5 – 6.3.2 (fixed in 6.3.3)
  • TortoiseGit 2.4.0.2 – 2.15.0 (fixed in 2.15.0.1)
  • TortoiseSVN 1.10.0 – 1.14.6 (mitigation possible by configuring TortoiseSVN to use Plink from the latest PuTTY 0.81 release)

Mitigation and Resolution: Steps to Address the Vulnerability

In light of the vulnurability, users are advised do the following:

  1. Improved Randomness: Enhance the randomness of nonce generation by integrating a more robust cryptographic random number generator (RNG). This ensures nonces with sufficient entropy to prevent bias and enhances overall security.
  2. Different Hashing Algorithm: Consider utilising a different hashing algorithm or a combination of algorithms suitable for the NIST P-521 curve. Selecting a hash function compatible with curve parameters can mitigate bias introduced by modulo “q” reduction.
  3. Nonce Generation Scheme: Implement a nonce generation scheme independent of reducing the hash value modulo “q.” Develop a method to directly produce nonces within the defined range of “q” to preserve randomness and prevent bias.
  4. Comprehensive Review: Conduct a thorough review of the nonce generation process and cryptographic operations in PuTTY. Collaborate with security experts to identify and address any additional vulnerabilities or weaknesses, ensuring the fix is robust and effective.
  5. Update and Patch: Once a fix is developed, PuTTY would release a patch. Encourage users to upgrade to the latest version promptly to mitigate the vulnerability and enhance the security of their SSH connections.

Conclusion: Ensuring Security in SSH Environments

The PuTTY vulnerability underscores the importance of robust security measures in SSH environments. By staying informed and implementing necessary updates and precautions, organizations can bolster their defence against potential threats.

Read Also

Unveiling Terrapin: A New Threat to SSH Security

BoAt Lifestyle: Understanding the Data Breach

Posted on by Srishti Chaubey

Introduction

A recent data breach has shaken boAt, a leading manufacturer of audio products and smartwatches. The personal data belonging to over 7.5 million customers of boAt is getting sold for 2 euro only. This breach highlights the critical need for robust security measures and the adoption of zero trust architecture to protect customer data effectively.

About the Breach

A hacker named “ShopifyGuy” claimed to have leaked personal data of over 7.5 million boAt customers on the dark web. The compromised information includes names, addresses, contact numbers, email IDs, and customer IDs, posing severe risks to customer privacy and security.

Data Loss

The leaked data, totaling approximately 2GB, exposes boAt customers to potential financial scams, identity theft, and phishing attacks. Threat actors could exploit this information to conduct fraudulent activities, posing significant threats to individuals’ financial and personal well-being.

Credit : TOI

Aftermath

The aftermath of the data breach includes a loss of customer confidence, legal consequences, and reputational harm for boAt. Prompt action is necessary to mitigate risks and restore trust among affected customers.

Strengthening Data Security: The Role of Zero Trust Architecture

In preventing data breaches like the one experienced by boAt, adopting a zero-trust architecture proves crucial. By implementing strict access controls, continuous monitoring, and privilege access policies, organizations can reduce the chances of unauthorised access and mitigate the risks associated with potential breaches.

With these proactive measures, boAt and other organizations can better safeguard customer data and maintain trust in an increasingly digital world.

Investigating Fidelity Investments Life Insurance Data Breach: A Closer Look

Posted on by Srishti Chaubey

In recent weeks, Fidelity Investments Life Insurance has come under scrutiny following a significant data breach affecting thousands of customers. Here’s what you need to know about the incident:

1. Data Breach Details:

  • The breach, which occurred between October 29 and November 2, 2023, stemmed from an unauthorised party accessing sensitive consumer data held by Fidelity Investments Life Insurance.
  • Approximately 28,000 customers were impacted by the breach, with their personal information compromised.
  • The breached data includes names, social security numbers, dates of birth, states of residence, and financial information, particularly bank account and routing numbers used for premium payments on life insurance policies.
  • This data can contribute to an increase in phishing attacks, and uplift the risk of identity theft or financial fraud for the customers.

2. Third-Party Involvement:

  • The breach was traced back to Infosys McCamish Systems, a third-party service provider utilised by Fidelity Investments Life Insurance.
  • Infosys McCamish notified Fidelity Investments of the breach in early November, prompting an investigation into the incident.

3. Ongoing Investigation:

  • Infosys McCamish has engaged external experts to conduct a thorough investigation into the breach.
  • While the investigation is ongoing, Fidelity Investments Life Insurance officials believe that a range of sensitive customer data was compromised during the breach.

4. Customer Notifications:

  • Fidelity Investments Life Insurance has begun notifying affected customers about the breach and the potential exposure of their personal information.
  • The company emphasises its commitment to protecting customer data and pledges to take appropriate actions in collaboration with Infosys McCamish.

5. Prior Incidents:

  • This isn’t the first time Infosys McCamish has caused security breaches.
  • In a separate incident, Infosys McCamish notified Bank of America about a breach affecting over 57,000 customers enrolled in deferred compensation plans.

6. Response and Assurance:

  • Fidelity Investments Life Insurance reassures customers that they have not impacted their systems by the breach and that they have detected no related activity within Fidelity’s environment.

7. Legal Investigation:

  • The law firm of Federman & Sherwood has initiated an investigation into the data breach at Fidelity Investments Life Insurance, aiming to assess the impact on affected individuals.

8. Call for Action: Implementing Zero Trust Measures

  • To mitigate the risk of data breaches like this in the future, companies can adopt a zero trust approach.
  • By implementing strict access controls, continuous monitoring, and least privilege access policies, organizations can significantly reduce the likelihood of unauthorised access to sensitive data, hence lowering the risk of data and reputation loss because of a third party vendor breach.

As the investigation unfolds and affected customers are notified, Fidelity Investments Life Insurance remains focused on addressing the breach, safeguarding customer data, and ensuring transparency throughout the process.

Stay tuned for further updates as the situation develops.

#getzerotrust #gopasswordless

American Express Warns Customers of Third-Party Data Breach

Posted on by Srishti Chaubey

Introduction

American Express (Amex) has disclosed a potential data breach, affecting some of its credit card holders. The breach, originating from a third-party service provider, has raised concerns about the security of cardholder information.

Timeline

  • March 4, 2024: Breach Notification:
    • American Express files a breach notification letter with the Massachusetts State Attorney General’s Office as a precautionary measure.
    • The breach is attributed to a point-of-sale attack at a merchant processor, not directly involving American Express or its service providers.
  • March 5, 2024: Public Disclosure:
    • Details of the breach are publicly disclosed by American Express, acknowledging the potential compromise of cardholder names, account numbers, and expiration dates.
    • American Express reassures card members and emphasises its robust monitoring systems.
Screenshot of American Express Breach Notice

Details of the Breach

Incident Overview:

  • The breach occurred due to a point-of-sale attack at a merchant processor, not directly involving American Express or its service providers.

Affected Information:

  • Account information potentially compromised includes cardholder names, American Express card account numbers, and expiration dates.
  • Both active and previously issued credit card account numbers may have been impacted.

Customer Perspective

Customer Liability:

  • American Express assures its card members that they won’t be liable for fraudulent charges on their accounts.
  • The company emphasises its sophisticated monitoring systems to detect and address any suspicious activity promptly.

Recommendations for Customers:

  • Customers should regularly review and monitor their account activity.
  • American Express recommends Free fraud and account activity alerts via email, SMS text messaging, and app notifications for added protection.

Industry Perspective

Accountability of Third-Party Service Providers:

  • Cyber security experts such as Liat Hayun, CEO and co-founder of Eureka Security, stress the importance of holding third-party service providers accountable for data security.
  • Recent incidents, like the Bank of America breach with Infosys McCamish Systems, highlight the persistent challenge of third-party vulnerabilities.
  • With breaches attributed to groups like LockBit ransomware, there’s a pressing need to fortify security measures.
  • Previous breaches, such as Bank of America’s exposure via Ernst & Young, emphasise the necessity of securing access points to sensitive data.

Conclusion

The American Express data breach serves as a reminder of the ongoing cybersecurity challenges faced by financial institutions and the imperative need for proactive security measures. Using and Managing passwords also costs a lot. The easiest solution of this unavoidable situation is adopting passwordless solutions for Identity and Access Management (IAM). Password-based authentication methods are increasingly vulnerable to cyber threats.  Embracing advanced authentication mechanisms can mitigate unauthorised access risks and safeguard sensitive information.

Cloudflare Breach: Okta’s Ripple Effect

Posted on by Srishti Chaubey
Abstract

In a recent revelation, Cloudflare disclosed a security breach on Thanksgiving Day, November 23, 2023. This blog delves into the timeline of events and emphasises the critical role of passwordless authentication in mitigating such breaches.

Breach Overview: Understanding the Thanksgiving Intrusion

In an orchestrated attack, threat actors exploited stolen credentials from the Okta security breach in October. Cloudflare’s internal systems, particularly the Atlassian server, became the focal point for unauthorised access and data compromise.

Compromised Credentials: The Fallout on Cloudflare’s Security

Despite the awareness of the Okta breach, Cloudflare’s failure to rotate service tokens that have very long validity and account credentials allowed threat actors to establish persistent access. This breach impacted Cloudflare’s Atlassian environment, leading to unauthorised access to sensitive documentation and a limited set of source code repositories.

Nation-State Attribution and the Real Culprit: Passwords

Cloudflare attributes the breach to a likely nation-state actor, mirroring the recent trend in cyber threats. However, one can suggest that the fundamental issue lies in the continued reliance on a vulnerable authentication method, which enables such breaches to unfold.

Highlighting the Key Issue: The Perils of Passwords

The breach underscores the inherent vulnerability of conventional password systems. Stolen Okta credentials served as the gateway for threat actors, exposing the limitations of password-centric security measures. This incident highlights the urgent need for organisations to transition towards passwordless authentication solutions & short session validity to fortify their security posture.

It’s the painful experience of passwords based login which forces admins and users to choose long term session tokens to minimise the number of logins.

PureID Solution: A Glimpse into a Secure Future

PureID offers a robust passwordless authentication solution that would have mitigated this breach. By eliminating the relevance of stolen credentials, PureID represents a paradigm shift in cybersecurity, providing a secure alternative to traditional password systems.

PureAUTH offers a simple & smooth login experience. This makes working with short term sessions and frequent login delightful.

Risk Mitigation: The Imperative of Passwordless Security

Cloudflare’s breach serves as a wake-up call for organizations to reevaluate their cybersecurity strategies. Embracing passwordless solutions, such as PureID, emerges as a proactive step to mitigate the risks associated with stolen credentials and enhance overall security.

Immediate Response: Cloudflare’s Security Reinforcement

In response to the breach, Cloudflare has initiated a comprehensive security reinforcement effort. Measures include mass credential rotation, system segmentation, forensic triage, and a meticulous review of all systems to ensure the threat actor’s access is fully revoked.

Ongoing Investigation: Collaboration for a Secure Future

Cloudflare’s ongoing collaboration with peers, law enforcement, and regulators emphasises dedication to assessing the breach’s full impact. This collaborative approach aims to implement additional preventive measures and adapt to the evolving landscape of cyber threats.

Conclusion: Advocating for Passwordless Security

The Cloudflare breach underscores the critical need to shift from traditional passwords and false passwordless systems to true passwordless authentication that can not be breached by stolen credentials. Passwordless solutions, like PureID, offer a robust defence against unauthorised access, heralding a more secure digital future for organisations.

Read Also:

Unpacking Okta’s Recent Security Breach
Okta Breach Part 2: Unveiling the Full Scope and Impact

Mother of all breaches: Which you could have avoided !!

Posted on by Srishti Chaubey

Introduction

Don’t use passwords they said. It can be breached they said. Well, surprise, surprise, we didn’t pay much attention. Now, here we are, nervously checking our email IDs against the colossal 26 billion-record breach – the mother of all breaches!

Breach Unveiled: A Symphony of Chaos

So, there’s this massive breach, Mother of All Breaches (MOAB), a digital pandemonium that has exposed a whopping 26 billion records. It’s like a digital opera – records from MySpace to Adobe, starring Tencent, Weibo, Twitter, and LinkedIn. Your data just had its grand debut!

Mother of all breaches: 100M+ leaked records
Credit: https://www.extremetech.com/internet/repository-named-moab-mother-of-all-breaches-contains-12tb-of-stolen-credentials

The Dramatic Unfolding

Picture this: MOAB is a blockbuster compilation of data breaches, meticulously curated. It’s like a Hollywood blockbuster, but your credentials are the star, and not in a good way. Your once-secure passwords are now part of a hacker’s treasure trove. Slow clap for the password drama.

Passwords – The Ultimate Blunder

If  Ellen DeGeneres hosted this show, she’d say, “You had one job – say no to passwords!” See the aftermath? Identity theft, phishing attacks, and a surge in password-stuffing shenanigans. All thanks to those outdated, reused, and easy-to-crack passwords.

Passwordless Paradise: Where Dreams Come True

Now, imagine an alternate universe where you actually listened – where passwordless authentication is the superhero. No MOAB nightmares, just smooth, secure logins without the hassle of juggling countless passwords. A utopia, right?

Mitigation Party: Reclaim Your Digital Kingdom

Inspect Your Vulnerability: Employ tools such as “Have I Been Pwned” and data leak checker. data leak checker. Use “Privacy Hawk” to trace your data’s path and request removal from unwanted websites. Move swiftly: Purge your digital footprint by eliminating your data from irrelevant websites.

Conclusion: Lessons Learned (Hopefully)

In an ideal world, you’d have embraced passwordless authentication, and we’d all be sipping digital margaritas by now. But, alas, here we are – dealing with the aftermath. Take this as a digital wake-up call: passwords belong to the past, let’s march into a passwordless future.

A Final Plea: Break Free from Passwords

Passwords are so yesterday!! The revolution is calling – will you answer? Join the passwordless parade; your digital sanity will thank you later. Use PureId, Stay Safe.

MongoDB Security Incident: Navigating the Aftermath

Posted on by Srishti Chaubey

Breach Chronicles: MongoDB’s Unsettling Security Saga Unfolds

On December 13, 2023, MongoDB, a prominent US-based open-source NoSQL database management system provider, faced a substantial security incident. This breach of MongoDB Atlas, a fully-managed cloud database, unfolded as unauthorised access infiltrated corporate systems, laying bare customer account metadata and contact information. The assailants employed a cunning phishing attack, exploiting support service applications. The consequences were dire – a trove of sensitive data, including customer names, phone numbers, and account details, left exposed in the turbulent aftermath of this cyber storm.

MongoDB Steps Explained

Intrusion Footprints: A List of IPs Disclosed

In a proactive move, MongoDB disclosed a comprehensive list of external IP addresses on their alerts page. These IPs were strategically employed by the unauthorised third party. Organisations are strongly advised to meticulously scrutinise their networks, diligently searching for any ominous signs of suspicious activity intricately linked to these disclosed IPs. If you spot these IPs, you’ve got unwelcome guests. Remember it’s time to act, and act fast.

MongoDB Breach

Phishing & Social Engineering – The Achilles’ Heel of Multi-Factor Authentication

MongoDB issues a resolute counsel to its user base, emphasising the critical need to bolster defences against the looming threats of social engineering and phishing. In response, the company advocates the implementation of multi-factor authentication (MFA), urging users to promptly update their MongoDB Atlas passwords as an additional layer of security.

Phishing attacks or social engineering can bypass and disable all types of MFA solutions, as seen time and again. The security incident under discussion started with phishing attacks. So implementing MFA will have zero security advantage but will only increase the cost, efforts and complexity of authentication.

GoPasswordless – The best protection for MongoDB

Going passwordless with PureAUTH will benefit in 2 broad ways to protect MongoDB or any other enterprise applications –

  1. Secure Authentication – PureAUTH offers passwordless authentication which is secure from phishing & social engineering attacks.
  2. Resilience in case of data breach – If data from the database like MongoDB is leaked due to mis-configurations, 0-day vulnerability or insider attacks etc, the adversary will not find any passwords, MFA seeds, swap-able public keys, or any usable data to carry out unauthorised access elsewhere.

Conclusion

Amidst the gloom, MongoDB presents a silver lining: Passwordless Authentication. It’s a call to transcend traditional password reliance for a more secure future. Fortify your defences with passwordless security. MongoDB users, the future beckons. Embrace the resilience of passwordless authentication, reinforce your security posture with PureID, and navigate the cyber security landscape with renewed strength. Passwords? Pfft, that’s so yesterday. The journey continues—Passwordless Authentication awaits.

Unpacking Okta’s Recent Security Breach

Posted on by Srishti Chaubey

Introduction

In today’s interconnected world, data breaches have become unfortunately common. One recent incident that has drawn the cybersecurity community’s attention involves Okta, a prominent identity and access management (IAM) provider. This blog post delves into the specifics of the Okta breach, its impact, and the lessons we can learn.

The Initial Okta Breach

The story starts with a breach of Okta’s case management system, reported in late October. Threat actors gained unauthorised access to sensitive files of 134 Okta customers, less than 1% of the customer base. Some stolen files were HTTP Archive (HAR) files with session tokens, usable in session hijacking attacks.

Okta Breach
Image Source : https://www.helpnetsecurity.com/2023/11/06/okta-support-compromised-service-account/

Targets: BeyondTrust, Cloudflare, and 1Password

BeyondTrust, Cloudflare, and 1Password confirmed their systems were targeted due to this breach. They emphasised no loss of customer data during these incidents, highlighting their robust security measures.

Okta’s Response and Investigation

David Bradbury, Okta’s Chief Security Officer, revealed the breach’s origin. An employee logged into their personal Google account on an Okta-managed laptop, inadvertently saving service account credentials. The hackers exploited this service account, gaining permissions to view and update support cases. The breach occurred from September 28 to October 17, 2023.

Okta Breach Flow
Image Source: https://www.cyberark.com/resources/blog/piecing-together-the-attack-on-oktas-support-unit

Investigation Challenges

Okta’s security team initially focused on unauthorized access to support cases. Identifying suspicious downloads took 14 days. Unique log event types and IDs complicated the detection process.

On October 13, BeyondTrust provided a suspicious IP address, leading to the identification of the compromised account’s activities.

Implications and Ongoing Concerns

The breach raises numerous cybersecurity concerns. Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, highlighted the potential for secondary attacks arising from exposed data. Such incidents erode trust in service providers, especially for security-focused companies like Okta.

John Bambenek, Principal Threat Hunter at Netenrich, pointed out that recurring security events raise questions about Okta’s reliability in sensitive roles like identity and authentication.

Conclusion: The Vital Role of Passwordless Authentication

The Okta breach underscores the importance of robust cybersecurity practices. Organisations must remain vigilant, conducting continuous security assessments and proactively implementing measures against evolving threats.

A single compromised password can jeopardize an entire institution. Therefore, we strongly advocate for passwordless authentication. By eliminating passwords, organizations can fortify their defenses, enhancing security and reducing the risk of future incidents. Passwordless authentication is a safer and more effective approach to protecting digital identities in today’s evolving landscape. #gopasswordless

Resolution 2023 | Making World Password Free

Atlassian Pawned by hacker group : Blame Game is on

Posted on by Srishti Chaubey

SiegedSec, the same hacking group that made headlines last year after leaking eight gigabytes of data from the state governments of Kentucky and Arkansas, has hacked the software company Atlassian. The group has shared two floor maps for the Sydney and San Francisco offices and a JSON file containing information about approximately 13,200 Atlassian employees, including their names, email addresses, work departments and phone numbers.

Atlassian Pawned by hacker group Siegedsec. The post by Siegedsec.

SiegedSec post

“THAT’S RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian,” the hacking group said in a message that was posted along with the data. “This company worth $44 billion has been pwned by the furry hackers uwu.”

Reason and responsibility:- 

“On February 15, 2023, we became aware that an unauthorised party had compromised and published data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources,” said Atlassian spokesperson Megan Sutton.

Atlassian Pawned by SiegedSec

Envoy, however, was just as quick to rebuff Atlassian’s claims. Envoy spokesperson April Marks said that the startup is “not aware of any compromise to our systems,” adding that initial research had shown that “A hacker gained access to an Atlassian employee’s valid credentials to manipulate and access the Atlassian employee directory and office floor plans held within Envoy’s app.”

Soon after the startup’s denial, Atlassian changed its stance to align more closely with Envoy. They later said an employee posted their credentials on a public repository by mistake.

Damage Control:- 

Atlassian said they disabled the account of the said employee so there is no more threat to Atlassian’s Envoy data. Therefore Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk.”

“The safety of Atlassians is our priority, and we worked quickly to enhance physical security across our offices globally. We are actively investigating this incident and will continue to provide updates to employees as we learn more.”

Mitigation:- 

It has become increasingly common for hacker groups to target individual employees or devices to gain access to enterprise systems. If an attacker is able to obtain an employee’s credentials, they can use that information to infiltrate the organization. To mitigate this risk, some experts recommend using a passwordless solution like PureAUTH. By eliminating passwords, organizations can significantly reduce the likelihood of future breaches and minimize their exposure to unforeseen vulnerabilities.

Resolution 2023 | Making World Password Free
Know Your Code Infrastructure (CIx)

© 2024 | PureID. All Rights Reserved

Privacy & Terms | Licenses