Coca-Cola has confirmed said it is investigating a possible data loss incident, after a Russia-based threat actor started selling data allegedly belonging to the company.
As reported by The Register, a relatively new threat actor called Stormous listed 161GB of Coca-Cola data on the dark web, for sale to the highest bidder. The group claims to have lifted the data from "some of the company’s servers”.
"We are aware of this matter and are investigating to determine the validity of the claim," Coca-Cola told the publication. "We are coordinating with law enforcement."
The database is on offer for $64,000, or the next best offer, depending on the amount of data the buyer wants.
Potential Coca-Cola breach
The name Stormous first started popping up in early 2022, and then in early March, when the group was linked with a data breach at Epic Games. Allegedly, the group discovered a vulnerability in the company’s internal network and used it to steal almost 200GB of data, including data on 33 million users.
At the time, the group said it would leak information about Epic Games’ employees, but not users. However, as the data never saw the light of day, some cybersecurity experts were speculating that the entire thing was a hoax.
The group has publicly declared its support for Russia’s invasion of Ukraine, stating in a Telegram thread that it will not stand by and watch various threat actors go after Russian organizations and infrastructure.
"And if any party in different parts of the world decides to organize a cyber-attack or cyber-attacks against Russia, we will be in the right direction and will make all our efforts to abandon the supplication of the West, especially the infrastructure," the group wrote, in Arabic.
Via The Register
