Zack Whittaker reports on the Sitel compromise after not previously disclosed documents were obtained by independent security researcher Bill Demirkapi: The Lapsus$ hackers used compromised credentials to break into the network of customer service giant Sitel in January, days before subsequently accessing the internal systems of authentication giant Okta, according to documents seen by TechCrunch that…
Category: Business Sector
Mansfield company hacked, personal information stolen
Oops — I missed this one last week. George W. Rhodes reported: The computer system of a Mansfield company that does background checks for employers was hacked and the perpetrators got away with the personal information of 164,000 people. Creative Services Inc., located on Pratt Street, was hit by hackers in November, according to The…
Hotel WiFi across MENA compromised and exposing private data
Kareem Chehayeb reports: Pakistani cybersecurity researcher Etizaz Mohsin was in a hotel room in Qatar when he unexpectedly discovered a technical vulnerability in its internet system that exposed the private information of hundreds of hotels and millions of guests worldwide. […] “I found out that there is a service running rsync [file synchronization tool], which…
Data leak at Desjardins: Industry watchdog wants to ban mortgage broker
Hugo Joncas reports (machine translation follows): Mathieu Joncas, who is also a private lender, bought confidential information on “150,000 to 200,000” Desjardins customers without ensuring their consent. During the hearings, he admitted having given this information to a fellow broker in January 2017. In September 2021, the disciplinary committee of the Organisme d’autoréglementation du courtage…
London police make arrests related to Lapsus$
BBC reports: A 16-year-old from Oxford has been accused of being one of the leaders of cyber-crime gang Lapsus$. The teenager, who is alleged to have amassed a $14m (£10.6m) fortune from hacking, has been named by rival hackers and researchers. City of London Police say they have arrested seven teenagers in relation to the…
Microsoft confirms they were hacked by Lapsus$ extortion group
Lawrence Abrams reports: In a new blog post published tonight, Microsoft has confirmed that one of their employee’s accounts was compromised by Lapsus$, providing limited access to source code repositories. “No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our…