Security firm Cylance says it has been hacked, data put up for sale online

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

Cybersecurity firm Cylance has confirmed falling victim to a cyberattack, saying data being sold on the dark web is legitimate.

Reporting on the news, BleepingComputer said the company lost 34 million emails and other personally identifiable information (PII) belonging to both customers, employees, and partners. 

This database is now being sold for $750,000, with the seller going by the name Sp1d3r, seemingly the same individual that recently broke into, and stole sensitive information from Advance Auto Parts. The hacker was selling this database, holding 380 million customer profiles, for $1.5 million. 

Old data

Advance Auto Parts is one of many victims broken into via Snowflake, a major cloud service provider.

However, in a statement to BleepingComputer, BlackBerry Cylance said that the breach is not related to Snowflake and that the data being sold now is relatively old. BlackBerry Cylance said it was “aware and investigating” the claims made on the dark web, before adding that no "BlackBerry data and systems related to [..] customers, products, and operations have been compromised."

"Based on our initial reviews of the data in question, no current Cylance customers are impacted, and no sensitive information is involved," the company added.

"The data in question was accessed from a third-party platform unrelated to BlackBerry and appears to be from 2015-2018, predating BlackBerry's acquisition of the Cylance product portfolio."

"BlackBerry Cylance is not a Snowflake customer,” the company said.

Once a giant in consumer mobile technology, BlackBerry was selling more than 50 million devices at one point. Similarly to Nokia, however, the company did not properly adjust to Android and iPhone devices surging in popularity, and thus slowly faded into obscurity. In 2016, the company stopped making phones and pivoted towards enterprise services and, more notably, cybersecurity. In 2019, the company made its biggest acquisition to date, spending $1.4bn on Cylance.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.