(In)secure digest: enormous data leaks and insider’s revelations
02.03.2023
Back to blog listThe time has come to discuss information security incidents, which happened in February. Traditionally, we have gathered all most significant cases in our digest – here you will find new scenarios for fraud schemes, leaked data on millions of users and the denouement of the infamous Ubiquiti company’s incident.
The caught avenger
Situation: the American technology company Ubiquiti Network's former engineer pleaded guilty stealing files from the company's network and attempting to blackmail the employer.
Case study: in 2021 Ubiquiti reported a data leak incident, however, users were assured that their data wasn’t compromised. Lately the company’s engineer Nickolas Sharp incognito got in touch with a famous cybersecurity expert Brian Krebs and claimed that the consequences of the data leak were tremendous and that Ubiquiti officials concealed them. The engineer told the cyber expert that an unidentified intruder had hacked the Ubiquiti’s infrastructure and managed to gain access to all company’s accounts. After this information was exposed, the company’s stocks dropped by 20%.
However, the employee still wasn’t satisfied. Nickolas Sharp sent an anonymous letter to the company’s executives. He demanded a $2.000.000 ransom in bitcoins in exchange for the stolen data. However, the company refused to pay ransom and contacted law enforcement.
The company’s executives and police officers did not suspect Nickolas for a while. That’s why after the incident took place Ubiquiti’s management included the former engineer into the team, responsible for the incident investigation. However, FBI officers finally managed to identify the mysterious hacker. As it was revealed, Nickolas Sharp abused authority, changed the access rights to resources and downloaded confidential data. 
In 2023 it was revealed that Sharp pleaded guilty:
• Uploading malicious software to a PC, which affected the system
• Fraud
• Perjury to FBI agents
The final sentence for the former Ubiquiti Networks employee will be handed down in 2023.
The prank turned out to be a successs
Situation: a cyberexpert hacked Toyota counterparty’s portal and gained access to information on 14.000 users.
Case study: a cyber researcher, who names himself as EatonWorks, successfully hacked GSPIMS – web-application, used by employees and suppliers for managing Toyota’s supplements. EatonWorks told that he managed to obtain a vulnerability, which enabled any user to access an employee’s account by guessing a staff member’s email. This way the researcher managed to access the GSPIMS regional administrator’s account. As the result of this test intrusion EatonWorks obtained thousands of confidential documents, internal projects, data on suppliers and 14.000 users.
The expert notified about the security issues on the 3rd of November 2022. Later the manufacturer reported, that the problems were eliminated.
Data leak with a sweet taste.
Situation: Pepsi-Cola drinks manufacturer experienced a data leak incident after an attack with the help of malicious software was performed.
Case study: the incident happened on December 23rd 2022, however, the problems in the Pepsi Bottling Ventures LLC corporate infrastructure were detected only 18 days later. In the notification to the Attorney General the company officials stated that unknown intruders gained access to internal IT-systems, uploaded malicious software and even managed to obtain confidential data. According to the Pepsi’s internal investigation, cybercriminals managed to gain access to:
• Full names
• Home addresses
• Financial details (including passwords and PIN-codes)
• State and Federal government-issued ID numbers
• Drivers’ licenses numbers
• ID cards
• Social Security numbers
• Passport details
• Digital signatures
Still, the details on the amount of the affected users have not been disclosed.
What’s more, it’s not clear yet whether intruders managed to obtain data on Pepsi clients or employees.
Enormous data leak
Situation: data on 10 million sportswear retailer JD Sport’ clients was leaked.
Case study: in the official statement by company representatives it was confirmed that the organization experienced a cyber attack. Intruders managed to access the following retailer clients' data:
• Names
• Order details
• Contact details
The data leak affected 10 million company’s clients. It concerned data on online purchases made in the period from 2018 to 2020. However, JD Sports claimed that only limited amount of data was obtained and that payment details did not leak. The retailer notified the law enforcement about the incident and stated that it notified clients about ongoing fraud and phishing risks.
Design options for any taste.
Situation: Andersen Corporation subsidiary company exposed clients’ personal data, including their addresses and photos of their homes.
Case study: Cybernews research group obtained an archive in an Azure storage, containing millions of files belonging to Renewal by Andersen, which is a subsidiary to global Andersen Corporation. Approximately 300.000 of documents contained company clients’ addresses, contact details and information about home repair orders, including photos of interiors.
Cyberexperts notified that detailed information on repair works, as well as photos of houses make company’s clients vulnerable in terms of robbery.
Cybernews specialists got in touch with Andersen corporation representatives to notify them about the incident. Company officials, in turn, quickly blocked the access to documents. What’s more, they officially stated that they had finished audit of internal IT systems and revealed that the systems hadn’t been compromised.
Medical data leaks
Situation: hackers gained access to data on 3.3 million Regal Medical Group clients.
Case study: an unidentified party hacked Californian medical services supplier with the help of a ransomware on the 1st of December, however, they had remained unspotted in the company’s infrastructure for approximately a week. According to some mass media sources, the incident also affected a few Regal Medical Group subsidiaries. Intruders managed to obtain the following clients’ data:
• Names
• Dates of birth
• Adresses
• Phone numbers
• Social Security numbers
• Laboratory test results
• Diagnosis and treatment
On the 1st of February Regal informed social services and Ministry of Health that the incident could affect more than 3.3 million people. The Regal Medical Group representatives also stated that they contacted counterparties to regain access to the affected systems.
