Spanish telecommunications firm Telefónica confirms its inside ticketing system was breached after stolen knowledge was leaked on a hacking discussion board.
Telefónica is a Spanish multinational telecommunications firm working in twelve nations with over 104,000 staff. The corporate is the biggest telecommunications agency in Spain, working beneath the identify Movistar.
In an electronic mail to BleepingComputer as we speak, Telefónica confirmed its ticketing system was breached and are investigating the incident.
“We have now grow to be conscious of an unauthorized entry to an inside ticketing system which we use at Telefónica,” Telefónica informed BleepingComputer
“We’re at present investigating the extent of the incident and have taken the required steps to dam any unauthorized entry to the system.”
This affirmation comes after a Telefónica Jira database was leaked on a hacking discussion board, with the breach claimed by 4 folks utilizing the aliases, DNA, Grep, Pryx, and Rey.
Supply: BleepingComputer
One of many attackers, Pryx, informed BleepingComputer that the “inside ticketing system” is an inside Jira growth and ticketing server, utilized by the corporate to report and resolve inside points.
BleepingComputer was informed that the system was breached yesterday utilizing compromised worker credentials, with Telefónica blocking their entry as we speak after performing password resets on impacted accounts.
Utilizing the compromised worker accounts, the risk actors say they had been in a position to scrape roughly 2.3 GB of paperwork, tickets, and varied knowledge. Whereas a few of this knowledge was labeled as clients, BleepingComputer was informed the tickets had been opened with @telefonica.com electronic mail addresses, so could have been tickets opened on behalf of shoppers.
Pryx says they didn’t contact the corporate or try to extort them earlier than leaking the info on-line.
Three folks behind this assault, Grep, Pryx, and Rey, are additionally members of a not too long ago launched ransomware operation generally known as Hellcat Ransomware.
Hellcat is answerable for a latest breach of Schneider Electrical, the place 40GB of information was stolen from the corporate’s JIRA server.