Unknown hackers have reportedly managed to steal logins to data centers used by some of the world’s largest tech and banking companies, researchers claim.
Cybersecurity researchers at Resecurity recently reported how threat actors compromised the global data centers of GDS Holdings and ST Telemedia — two of the largest third-party data center companies in Asia. Between them, these suppliers include some of the biggest brands in the world, including Apple, Amazon, BMW, Goldman Sachs, and more.
In total, approximately 2,000 companies are at risk.
devastating consequences
In this breach, hackers gained access to customer support logins for Apple and other companies, gained access to networked security cameras, and even used the stolen data to gain physical access to servers (since customer support usually has access to these things).
Although the incident happened two years ago, Resecurity noted that it was only just being reported, and that the threat actors apparently used the compromised login credentials until January 2023, when the two data center companies finally reset them and denied the attackers access. outside the gate.
While any compromise is harmful, physical access to endpoints is especially worrisome.Speaking of 9to5MacSuch a compromise could have “devastating consequences,” said Malcolm Harkins, Intel’s former chief security and privacy officer.
As for surveillance cameras, more than 30,000 are said to have been compromised.Most of them have weak or factory default passwords (opens in a new tab)such as “admin” or “admin12345”, it is said.
Most of the companies affected have so far not commented. According to Bloomberg, some people did contact the media to inquire and said that the incident has not affected their operations (for now). BMW said the incident had “very limited impact”.
Both GDS Holdings and ST Telemedia attempted to minimize the significance of the breach, the media said.
pass: 9To5Mac (opens in a new tab)
