Spanish telecommunications firm Telefónica confirms an inside ticketing system was breached after stolen knowledge was leaked on a hacking discussion board.
Telefónica is a Spanish multinational telecommunications firm working in twelve international locations with over 104,000 workers. The corporate is the most important telecommunications agency in Spain, working below the identify Movistar.
In an e-mail to BleepingComputer at the moment, Telefónica confirmed its ticketing system was breached and are investigating the incident.
“We’ve change into conscious of an unauthorized entry to an inside ticketing system which we use at Telefónica,” Telefónica instructed BleepingComputer
“We’re at present investigating the extent of the incident and have taken the required steps to dam any unauthorized entry to the system.”
This affirmation comes after a Telefónica Jira database was leaked on a hacking discussion board, with the breach claimed by 4 folks utilizing the aliases, DNA, Grep, Pryx, and Rey.
Supply: BleepingComputer
One of many attackers, Pryx, instructed BleepingComputer that the “inside ticketing system” is an inside Jira growth and ticketing server, utilized by the corporate to report and resolve inside points.
BleepingComputer was instructed that the system was breached yesterday utilizing compromised worker credentials, with Telefónica blocking their entry at the moment after performing password resets on impacted accounts.
Utilizing the compromised worker accounts, the risk actors say they have been capable of scrape roughly 2.3 GB of paperwork, tickets, and varied knowledge. Whereas a few of this knowledge was labeled as clients, BleepingComputer was instructed the tickets have been opened with @telefonica.com e-mail addresses, so could have been tickets opened on behalf of consumers.
Pryx says they didn’t contact the corporate or try to extort them earlier than leaking the information on-line.
Three folks behind this assault, Grep, Pryx, and Rey, are additionally members of a not too long ago launched ransomware operation often known as Hellcat Ransomware.
Hellcat is liable for a latest breach of Schneider Electrical, the place 40GB of information was stolen from the corporate’s JIRA server.
