Hackers have posted a massive trove of personal information onto the Tor network following a failed blackmail attempt.
There’s been a massive dump of personal information being made public recently. According to the hackers in question, the total amount of data spans 312,570 files in 51,025 folders. In all, over 516GB of data has been allegedly published.
The hack in question seems to originate from a German IT backbone company known as Citycomp. Apparently, hackers gained access to the storage services they offer. After obtaining the stolen content, the hackers then demanded payment or else the information would be published. Citycomp refused. When hackers realized they weren’t going to see a penny from their efforts, they went ahead and dumped the data onto the Tor network for anyone to access.
From ZDNet:
On the website, the threat actor claims that “312,570 files in 51,025 folders and over 516GB of data” was stolen, including “financial and private information on all clients, include VAG, Ericsson, Leica, MAN, Toshiba, UniCredit, and British Telecom (BT).”
Other Citycomp clients named in the data dump include ATOS, Grohe, Hugo Boss, Oracle, SAP, and Porsche, among others.
In the data dump, which was viewed by ZDNet, customer email addresses and telephone numbers, meetings reports, asset lists — such as servers and other equipment connected to a customer account — as well as some payroll records, project sheets, and accountancy statements were all available.
Some clients were only connected to a handful of leaked documents, whereas other customer records were far more robust and extensive. The authenticity of the leaked data has not been verified at the time of writing.
If this data dump turns out to be authentic, it’s extremely difficult to even begin to figure out how damaging this dump actually is. The list of affected companies is huge, so figuring out which laws apply and which authorities who would have jurisdiction to investigate alone is going to be an incredibly tall order.
April has proven to be a pretty brutal month for data leaks and breaches. We’ve seen the Docker Hub data breach where 190,000 accounts were compromised. Before that, there is the 80 million record mystery database which was found randomly floating around the web unencrypted.
Before that, there is the Facebook and Instagram data leak where half a billion accounts were exposed. Finally, there is the Toyota data breach which saw 3.1 million accounts exposed.
It’s looking like May is starting off with a bang, though it’s unclear how many accounts were exposed specifically.
Drew Wilson on Twitter: @icecube85 and Facebook.
