Unknown hackers have reportedly managed to steal login information for data centers used by some of the world’s biggest tech and banking companies, researchers have claimed.
Cybersecurity researchers from Resecurity recently reported how a threat actor breached GDS Holdings and ST Telemedia Global Data Centers - two of the largest third-party data center companies in Asia. Between them, these providers cover some of the world’s biggest brands, including Apple, Amazon, BMW, Goldman Sachs, and others.
In total, roughly 2,000 companies were at risk.
In the breach, the hackers obtained customer support logins for Apple and other firms, were able to access internet-connected security cameras and could have even used the stolen data to gain physical access to the servers (as customer support usually has access to these things).
Although the incident happened two years ago, Resecurity noted it has only just been reported, with the threat actors apparently using the compromised login credentials until January 2023, when the two data center firms finally reset them and locked the attackers out.
While any compromise is damaging, physical access to the endpoints was particularly concerning. Speaking to 9to5Mac, Malcolm Harkins, former chief security and privacy offer of Intel, said this type of compromise could have “devastating consequences.”
> Apple's PC and mobile chips suffer from world-first data theft exploit (opens in new tab)
> Apple releases security fix for iPhone and Mac zero-day flaw, so update now (opens in new tab)
> These are the best firewalls today (opens in new tab)
As for the surveillance cameras, more than 30,000 were compromised, it was said. Most of them had weak, or factory default passwords (opens in new tab), such as “admin” or “admin12345”, it was said.
So far, most of the affected companies have no comment. According to Bloomberg, a few did reach out to media inquiries and said that the incident did not impact their operations (yet). BMW said the incident had “a very limited impact.”
Both GDS Holdings and ST Telemedia tried to minimize the importance of the breach, the media said.
- Here's our rundown of the best endpoint protection software (opens in new tab) around
Via: 9To5Mac (opens in new tab)