U.S. repairable laptop computer maker Framework has confirmed that hackers accessed buyer information after efficiently phishing an worker at its accounting service supplier.
In an electronic mail despatched to affected prospects, Framework mentioned that an worker at Keating Consulting, its major exterior accounting accomplice, fell sufferer to a social engineering assault that allowed malicious hackers to acquire prospects’ private info associated to excellent balances for Framework purchases.
The San Francisco-based Framework was based in late 2019 by former Apple and Oculus engineer Nirav Patel. The corporate, which raised $18 million in Collection A funding led by Oculus backer Spark Capital in 2022, positions itself as a proponent of the right-to-repair motion, and its gadgets — equivalent to its Framework Laptop computer 16 — are designed to be straightforward to repair with replaceable components.
“On January ninth, at 4:27am PST, the attacker despatched an electronic mail to the accountant impersonating our CEO asking for Accounts Receivable info pertaining to excellent balances for Framework purchases,” Framework mentioned in its notification, which the corporate has not but shared publicly however was posted by a buyer on the corporate’s boards.
The notification mentioned the accountant responded to this electronic mail on January 11, offering the attacker with a spreadsheet containing buyer info, together with full names, electronic mail addresses and balances owed. Framework advised affected prospects that hackers may use this stolen info to impersonate Framework to ask for cost info.
“Notice that this checklist was primarily of a subset of open pre-orders, however some accomplished previous orders with pending accounting syncs have been additionally included on this checklist,” Framework mentioned.
It’s not but identified if any of Keating’s different shoppers have been additionally affected. The Silicon Valley-based accounting firm, which primarily gives interim monetary management and back-office assist to startups, has nearly 300 shoppers, in line with its web site. These embrace on-line pharmacy GoodRx (which was just lately fined $1.5 million for sharing customers’ well being information with Fb and Google), computational chemistry platform Molecule.com and company studying enterprise Udemy.
Keating has not but responded to information.killnetswitch’s questions nor shared any info publicly about its breach.
Framework mentioned that in gentle of the incident at Keating, the corporate would require necessary phishing and social engineering assault coaching for any of the corporate’s staff who’ve entry to Framework prospects’ info. “We’re moreover auditing the trainings and normal working procedures of all different accounting and finance consultants who at the moment or beforehand have had entry to buyer info,” the pc maker added.
Do you’ve got any extra details about this incident? You may contact Carly Web page securely on Sign at +441536 853968 or by electronic mail at carly.web page@techcrunch.com. You can even contact information.killnetswitch through SecureDrop.
