Has SolarWinds been breached again?

A total of 9 breaches were found and analysed resulting in 770,830 leaked accounts containing a total of 7 different data types. The breaches found publicly and freely available included Okta, Jamtangan, Naumen, Cristalix and SpyHuman. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

The amount of leaks coming out of Russia continues ranging from government departments to cloud and IT services providers and we know that trend is continuing. Also we are seeing companies still trading in Russia being targeted by hacktivists. For example, Nestle, after refusing to leave Russia, were hacked by a group called 'Against The West' and they took it upon themselves to leak 15 of their top employees' personal information on a hacking forum. They posted the leaked data, even though very small, but of high ranking employees. These employees had their email addresses, names and addresses leaked on the forum.

The other big news is that the cyber criminal gang, Lapsus$, continue to expose code and credentials on a vast scale. We have analysed the data from some of the big breaches and extracted and anonymised the data types associated with those breaches. What is interesting is the amount of credentials exposed is not as high as first thought or reported in the media after trawling through all the files. This might change with recently Okta data that we are currently analysing.

Going back to Russia, the most notable Russian breach was for Naumen which is a software and cloud service vendor. A variety of data was leaked, including the usual email address and hashed passwords in SHA512.

SolarWinds breached again? A member of the team came across a post on an forum claiming to have exploited a vulnerability in their main frame (asp.net) dumping a very small number of email addresses and hashed Brcrypt passwords.