Logins for Apple data centers and others found online

(Image credit: Amazon)

Unknown hackers have reportedly managed to steal login information for data centers used by some of the world’s biggest tech and banking companies, researchers have claimed.

Cybersecurity researchers from Resecurity recently reported how a threat actor breached GDS Holdings and ST Telemedia Global Data Centers - two of the largest third-party data center companies in Asia. Between them, these providers cover some of the world’s biggest brands, including Apple, Amazon, BMW, Goldman Sachs, and others. 

In total, roughly 2,000 companies were at risk.

Devastating consequences

In the breach, the hackers obtained customer support logins for Apple and other firms, were able to access internet-connected security cameras and could have even used the stolen data to gain physical access to the servers (as customer support usually has access to these things).

Although the incident happened two years ago, Resecurity noted it has only just been reported, with the threat actors apparently using the compromised login credentials until January 2023, when the two data center firms finally reset them and locked the attackers out.

While any compromise is damaging, physical access to the endpoints was particularly concerning. Speaking to 9to5Mac, Malcolm Harkins, former chief security and privacy offer of Intel, said this type of compromise could have “devastating consequences.”

As for the surveillance cameras, more than 30,000 were compromised, it was said. Most of them had weak, or factory default passwords (opens in new tab), such as “admin” or “admin12345”, it was said.

So far, most of the affected companies have no comment. According to Bloomberg, a few did reach out to media inquiries and said that the incident did not impact their operations (yet). BMW said the incident had “a very limited impact.”

Both GDS Holdings and ST Telemedia tried to minimize the importance of the breach, the media said.

Via: 9To5Mac (opens in new tab)

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.