European fiber optic community operator Eurofiber over the weekend introduced {that a} risk actor has compromised its ticket administration platform and the ATE buyer portal.
The incident, the corporate says, occurred on November 13 and resulted in an information breach. The hackers exploited a vulnerability that allowed them to exfiltrate information saved on the affected platforms.
The impacted ticket administration platform is utilized by Eurofiber France and its regional manufacturers Avelia, Eurafibre, FullSave, and Netiwan. The ATE buyer portal is utilized by Eurofiber Cloud Infra France, which is Eurofiber France’s cloud division.
In response to the corporate, the information breach affected solely prospects of Eurofiber France and its subsidiaries, and didn’t affect Eurofiber prospects in Belgium, Germany, or the Netherlands.
“For oblique gross sales and wholesale companions in France, the affect may be very restricted, as most use separate methods,” Eurofiber mentioned in an incident discover on its web site.
Instantly after detecting the incident, the corporate secured the ticketing platform and the ATE portal and patched the vulnerability. It additionally applied extra measures to strengthen system safety.
“Delicate data corresponding to banking particulars or crucial information saved in different methods is just not affected by this incident. Companies remained absolutely operational all through the assault and weren’t affected by the attacker,” the corporate mentioned.
Along with notifying prospects of the assault, the community operator reported the incident to the related authorities and filed “a report for extortion”.Commercial. Scroll to proceed studying.
Responding to a SecurityWeek inquiry, Eurofiber kept away from offering particulars on the kinds of exfiltrated data, the variety of impacted people, the risk actor behind the assault, or the extortion try.
In response to SOCRadar, the hackers breached Eurofiber’s GLPI IT service administration platform, which is used to handle IT property, configuration particulars, and buyer environments, along with help tickets.
The risk actor allegedly accessed data included in help tickets, in addition to inner messages, configuration information, VPN configurations, credentials, API keys, tokens, SQL backups, supply code, screenshots, and numerous inner paperwork.
Total, roughly 10,000 Eurofiber prospects seem to have been affected, together with authorities entities. A risk actor named ByteToBreach has claimed the assault on an underground discussion board.
The attacker reportedly exploited an SQL injection bug within the web-accessible GLPI interface and was capable of extract roughly 10,000 password hashes over a 10-day window. Additionally they declare to have used API keys and different secrets and techniques to steal paperwork, configuration information, and messages.
Associated: DoorDash Says Private Info Stolen in Knowledge Breach
Associated: Logitech Confirms Knowledge Breach Following Designation as Oracle Hack Sufferer
Associated: Checkout.com Discloses Knowledge Breach After Extortion Try
Associated: Automotive IT Agency Hyundai AutoEver Discloses Knowledge Breach
