Market intelligence agency Crunchbase has confirmed an information breach after hackers revealed information allegedly stolen from its techniques.
The infamous ShinyHunters cybercrime group claims to have stolen greater than 2 million data containing private info from Crunchbase.
The hackers have made out there greater than 400 MB of compressed information for obtain on their web site after the corporate refused to pay a ransom.
“Crunchbase detected a cybersecurity incident the place a risk actor exfiltrated sure paperwork from our company community. No enterprise operations have been disrupted by this incident. Now we have contained the incident and our techniques are safe,” Crunchbase mentioned in an announcement to SecurityWeek.
“Upon detecting the incident we engaged cybersecurity specialists to help us and we contacted federal legislation enforcement. Crunchbase is conscious that the risk actor posted sure info on-line. As a part of our incident response procedures we’re reviewing the impacted info to find out if any notifications are required in line with relevant authorized necessities,” it added.
Alon Gal, CTO of risk intelligence firm Hudson Rock, has analyzed the leaked Crunchbase knowledge and located personally identifiable info (PII), contracts, and different company knowledge.
Different ShinyHunters hacking victims
The ShinyHunters leak web site additionally lists SoundCloud and the robo-advisor agency Betterment, from which the hackers declare to have stolen a number of gigabytes of information containing tens of hundreds of thousands of data that embrace PII. Commercial. Scroll to proceed studying.
SoundCloud confirmed an information breach in mid-December, saying that e-mail addresses and publicly out there profile knowledge belonging to roughly 20% of its customers had been accessed by risk actors. Passwords and monetary info weren’t compromised, the music streaming service mentioned.
In an announcement despatched to SecurityWeek final week after the hackers revealed the stolen knowledge, SoundCloud mentioned it’s reviewing the leaked information.
In an replace shared on January 13, the corporate revealed that the hackers had been harassing customers, workers, and companions, nevertheless it had discovered no proof to verify the attackers’ claims about delicate knowledge being stolen.
As for funding advisor Betterment, the corporate disclosed a cybersecurity incident on January 12, saying that risk actors had penetrated its techniques by means of social engineering, utilizing their entry to ship cryptocurrency-related rip-off messages to some clients.
Okta vishing
Hudson Rock’s Gal realized from ShinyHunters that the hackers declare to be behind a current Okta SSO vishing marketing campaign, and that Crunchbase, SoundCloud, and Betterment are amongst its victims.
Okta has issued a personal warning to clients relating to vishing assaults. A public weblog publish describes customized phishing kits that allow superior voice-based social engineering for vishing campaigns.
The identification options supplier identified that such phishing kits have been used to focus on Google, Microsoft, Okta, and cryptocurrency providers. Nonetheless, it has not mentioned whether or not these campaigns are linked to the current ShinyHunters assaults.
Associated: Nike Probing Potential Safety Incident as Hackers Threaten to Leak Knowledge
Associated: Beneath Armour Trying Into Knowledge Breach Affecting Clients’ Electronic mail Addresses
