Share this analysis

Has SolarWinds been breached again?

27 March 2022
BREACHAWARE HQ
Wind

A total of 9 breach events were found and analysed resulting in 770,830 exposed accounts containing a total of 7 different data types of personal datum . The breaches found publicly and freely available included Okta, Jamtangan, Naumen, Cristalix and SpyHuman. Sign in to view the full library of breach events which includes, where available, reference articles relating to each breach.

Categories of Personal Data Discovered

Contact Data, Technical Data, Socia-Demographic Data.

Data Breach Analysis

One of the most high-profile names among the breaches is Okta, a major identity and access management company whose platform is widely used by enterprises for securing logins and user identities. A breach associated with Okta, even indirectly, has far-reaching implications. If credentials or integrations are compromised, attackers can pivot into enterprise systems, escalate privileges, or abuse authentication tokens. For clients of Okta and their users, the impact may be felt in the form of downstream attacks or compromised trust in identity systems.

Another significant inclusion is SpyHuman, a controversial spyware app designed for monitoring smartphones. Breaches involving surveillance apps like this one raise major ethical and security concerns, especially as they often operate in legal grey areas. Such apps can collect sensitive information from targets without their knowledge, and when these services are compromised, they may leak highly personal data from both the monitored individuals and those doing the monitoring. This represents a dual privacy violation, with potential legal consequences in multiple jurisdictions.

Jamtangan, an Indonesian e-commerce retailer specialising in luxury and branded watches, was also included. Retail-focused breaches typically carry risks for customer financial information, order histories, and shipping addresses, especially when platforms don’t follow robust data security practices. For affected users, this could mean targeted phishing campaigns or fraudulent transactions.

The inclusion of Naumen, a Russian enterprise software firm offering IT service management and customer engagement platforms, points to breaches within the B2B technology sector. Companies using Naumen’s products to manage help desks, internal systems, or client services could face indirect exposure if employee or customer data were part of the compromised dataset.

Finally, Cristalix, likely associated with online gaming or Minecraft server hosting based on its public profile, illustrates the continued targeting of platforms catering to younger or niche communities. Gaming-related platforms often store usernames, email addresses, and session data, making them valuable for credential stuffing attacks or exploitation through social engineering.

While the specific types of personal data involved are not detailed in this analysis, the diversity of industries, from spyware apps and secure identity platforms to e-commerce and enterprise software, indicates that breaches can affect individuals in a variety of contexts. In many cases, it’s not just customers who are at risk, but also system administrators, internal staff, and business partners.

From a cybersecurity perspective, this breach set reinforces the importance of security at every level, particularly for service providers in the identity, surveillance, and enterprise IT spaces. The reputational damage, legal exposure, and operational disruption stemming from such breaches can be long-lasting and difficult to remediate, especially when trust in foundational systems like authentication or data management tools is eroded.

In conclusion, the 770,830 accounts exposed in these 9 events serve as another reminder that no sector is off-limits. From surveillance tech to identity services, every breach represents a risk multiplier, one that impacts not only the directly affected platforms, but also the broader ecosystems they support.

Spotlight

The amount of leaks coming out of Russia continues ranging from government departments to cloud and IT services providers and we know that trend is continuing. Also we are seeing companies still trading in Russia being targeted by hacktivists. For example, Nestle, after refusing to leave Russia, were hacked by a group called 'Against The West' and they took it upon themselves to leak 15 of their top employees' personal information on a hacking forum. They posted the leaked data, even though very small, but of high ranking employees. These employees had their email addresses, names and addresses leaked on the forum.

The other big news is that the cyber criminal gang, Lapsus$, continue to expose code and credentials on a vast scale. We have analysed the data from some of the big breaches and extracted and anonymised the data types associated with those breaches. What is interesting is the amount of credentials exposed is not as high as first thought or reported in the media after trawling through all the files. This might change with recently Okta data that we are currently analysing.

Going back to Russia, the most notable Russian breach was for Naumen which is a software and cloud service vendor. A variety of data was leaked, including the usual email address and hashed passwords in SHA512.

SolarWinds breached again? A member of the team came across a post on an forum claiming to have exploited a vulnerability in their main frame (asp.net) dumping a very small number of email addresses and hashed Brcrypt passwords.

  • Key Stats
  • BREACH EVENTS
    0
  • EXPOSED ACCOUNTS
    0
  • EXPOSED DATUM TYPES
    0