Key Takeaways:
- Crunchbase, a market intelligence firm, has confirmed a data breach after hackers published files allegedly stolen from its systems.
- The ShinyHunters cybercrime group claims to have stolen over 2 million records containing personal information from Crunchbase.
- The hackers have also targeted other companies, including SoundCloud and Betterment, and claim to have stolen sensitive data from these firms.
- The breaches are believed to be linked to a recent Okta SSO vishing campaign, which used custom phishing kits to target various companies.
- The affected companies have issued statements and are investigating the incidents, with some reporting that the hackers have been harassing users and employees.
Introduction to the Data Breach
The market intelligence firm Crunchbase has confirmed a data breach after hackers published files allegedly stolen from its systems. The notorious ShinyHunters cybercrime group claims to have stolen more than 2 million records containing personal information from Crunchbase. The hackers have made available over 400 MB of compressed files for download on their website after the company refused to pay a ransom. This incident highlights the increasing threat of cybercrime and the importance of robust cybersecurity measures to protect sensitive data.
Crunchbase’s Response to the Breach
Crunchbase has issued a statement confirming the breach and stating that it has contained the incident and secured its systems. The company has engaged cybersecurity experts to assist in the investigation and has contacted federal law enforcement. Crunchbase is reviewing the impacted information to determine if any notifications are required consistent with applicable legal requirements. The company’s swift response to the breach is commendable, and it is essential to follow best practices in incident response to minimize the damage caused by such incidents.
Analysis of the Leaked Data
Alon Gal, CTO of threat intelligence company Hudson Rock, has analyzed the leaked Crunchbase data and found personally identifiable information (PII), contracts, and other corporate data. The leaked data includes sensitive information that could be used for identity theft, phishing, and other malicious activities. The analysis of the leaked data highlights the severity of the breach and the potential consequences for individuals and organizations whose data has been compromised.
Other ShinyHunters Hacking Victims
The ShinyHunters leak website also lists SoundCloud and the robo-advisor firm Betterment, from which the hackers claim to have stolen several gigabytes of files containing tens of millions of records that include PII. SoundCloud confirmed a data breach in mid-December, saying that email addresses and publicly available profile data belonging to roughly 20% of its users had been accessed by threat actors. Betterment disclosed a cybersecurity incident on January 12, saying that threat actors had penetrated its systems through social engineering, using their access to send cryptocurrency-related scam messages to some customers. The hacking group’s activities demonstrate their capabilities and the breadth of their targets.
Okta Vishing Campaign
Hudson Rock’s Gal learned from ShinyHunters that the hackers claim to be behind a recent Okta SSO vishing campaign, and that Crunchbase, SoundCloud, and Betterment are among its victims. Okta has issued a private warning to customers regarding vishing attacks, and a public blog post describes custom phishing kits that enable advanced voice-based social engineering for vishing campaigns. The identity solutions provider pointed out that such phishing kits have been used to target Google, Microsoft, Okta, and cryptocurrency services. However, it has not said whether these campaigns are linked to the recent ShinyHunters attacks.
Conclusion and Recommendations
The recent data breaches at Crunchbase, SoundCloud, and Betterment highlight the importance of robust cybersecurity measures to protect sensitive data. The incidents demonstrate the capabilities of cybercrime groups like ShinyHunters and the need for organizations to be vigilant in their defense against such threats. It is essential for companies to implement best practices in incident response, including swift notification of affected parties, thorough investigation, and cooperation with law enforcement. Additionally, individuals whose data has been compromised should be aware of the potential risks and take steps to protect themselves, such as monitoring their accounts and credit reports for suspicious activity. By working together, we can reduce the impact of cybercrime and create a safer online environment.
