A suspected supply chain cyber incident that includes Oracle Cloud has drawn attention from cybersecurity researchers and enterprise users alike. According to cybersecurity firm CloudSEK, a threat actor identified as “rose87168” claims to have accessed and extracted sensitive data from Oracle Cloud systems, including files and passwords associated with over 140,000 customer environments.

The data—allegedly obtained from Oracle’s Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) systems—includes encrypted credentials, Java KeyStore (JKS) files, and Enterprise Manager JPS keys. CloudSEK says the attack affects tenants across multiple regions and industries, with six million records reportedly compromised.

The activity was first observed in March 2025. In addition to listing the data for sale, the attacker has also used an X account to follow Oracle-related profiles, a move researchers believe may be intended to identify or pressure affected organisations.

Ransom demands and potential exploits

CloudSEK’s report suggests the threat actor has been active since January 2025 and is now demanding payment from companies included in the dataset. The actor is also said to be requesting help to decrypt the credentials in exchange for sharing parts of the data.

The breach appears to have involved the “login.(region-name).oraclecloud.com” endpoint, which is usually used to authenticate users on Oracle Cloud platforms. CloudSEK suspects that the attacker exploited an Oracle WebLogic Server vulnerability to access login services across different regions.

While the actor has no prior known history, researchers have noted the use of advanced tactics and an awareness of Oracle’s infrastructure.

CloudSEK has assigned a high-severity rating to the incident, citing risks such as data leaks, unauthorised access, and broader supply chain vulnerabilities if the stolen credentials are decrypted. The exposure of key files could, in theory, allow attackers to compromise systems connected to affected Oracle environments.

In response, CloudSEK has recommended immediate action from organisations using Oracle Cloud. Suggested steps include resetting credentials, conducting forensic investigations, monitoring dark web sources for leaked data, and reinforcing access controls.

Oracle denies any breach of its cloud systems

Following reports of a possible breach, Oracle has responded by stating that no intrusion into its cloud infrastructure has occurred. A company spokesperson told The Register that the credentials circulating online are not linked to Oracle Cloud and that no customer data has been exposed.

“There has been no breach of Oracle Cloud,” the spokesperson said. “The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

The denial comes after a user claiming to be behind the incident posted on a cybercrime forum, offering what they described as Oracle Cloud customer data for sale. The individual also uploaded a file to one of Oracle’s login servers—specifically login.us2.oraclecloud.com—as apparent proof of access. The file contained an email address tied to the seller and was archived on the Internet Archive’s Wayback Machine earlier this year.

Security researchers explore possible entry points

Security analysts reviewing the claims noted that the affected Oracle Cloud login server appeared to be running Oracle Fusion Middleware 11G as recently as February 2025. CloudSEK believes the server may not have been patched against CVE-2021-35587, a known critical vulnerability in Oracle Access Manager’s OpenSSO Agent.

If unpatched, that vulnerability could allow an attacker to gain access without authentication via a publicly available exploit. Whether this route was used in the alleged intrusion has not been confirmed, and Oracle has not commented further on the security posture of its login servers.

Data listing and extortion attempts surface online

On March 21, a user going by “rose87168” listed six million records for sale on BreachForums, claiming the data included Java KeyStore files, encrypted SSO and LDAP passwords, and Enterprise Manager keys. While the exact number of potentially affected organisations remains unclear, the attacker shared domain names of companies allegedly caught in the exposure and suggested that those wishing to avoid publication could pay for their information to be removed.

No specific asking price has been disclosed publicly, but the attacker reportedly approached Oracle with a demand for more than $200 million in cryptocurrency in exchange for full disclosure of the attack. That request was not accepted.

The forum post also included a call for help in decrypting the credentials. The attacker claimed they were unable to access the full dataset themselves but offered to share portions of it with anyone willing to assist.

The post Reports of Oracle Cloud data breach raise questions amid denials appeared first on TechWire Asia.

Cybersecurity experts across Japan and Asia expressed both relief and alarm, recognising the potential risk posed by his ability to use genAI to create functions for encrypting data and demanding ransom from companies.

“We need to look beyond traditional defences,” said Verizon’s Vice President for APAC, Rob Le Busque. “Small and medium-sized government agencies can lead in cybersecurity by embracing proven, innovative strategies and leveraging industry partnerships.”

GenAI expands attack surfaces due to its versatility and accessibility, unlike specialised AI, which is limited to specific tasks. GenAI can create diverse threats, such as phishing and deep fakes, making it a broader and more formidable risk. The World Economic Forum warns companies to prepare for these sophisticated AI techniques, which may also include synthetic identity fraud.

While concerning, the foiled Hayashi AI cyber attack is an exception, not a rule. It requires manual creativity, while larger-scale attacks would depend on scores of people and time to laboriously gather large amounts of data to launch an AI offence.

In fact, while genAI introduces elements of unpredictability and discomfort, the stark reality is that humans default to the most accessible and straightforward means of cybercrime using traditional methods like social engineering, phishing, and exploiting stolen credentials. These methods remain dominant in Asia Pacific, with many breaches involving human error or manipulation. Consequently, despite growing concerns about AI-driven threats, conventional cyber threats continue to pose the region’s most immediate and prevalent risks.

Although AI-related attacks currently make up a small percentage of overall attacks in Verizon’s 2024 Data Breach Investigations Report (DBIR), they are still an important topic due to their potential growth in the future.

What keeps cyber defenders on edge is nation-state actors using genAI to compromise critical infrastructure across APAC. By automating and scaling attacks utilising the technology, water plants, electrical grids, and public safety assets risk physical damage and downtime when scaled to this degree. Espionage accounts for 25% of cyberattacks in APAC, which is significantly higher than the 6% in EMEA and the 4% in North America. This suggests that attacks motivated by sensitive data collection are a significant concern.

Reports are already surfacing of state-sponsored cyber actors prepositioning within critical infrastructure to potentially disrupt key sectors like communications and energy in crisis scenarios, a trend that genAI may accelerate.

OpenAI and Microsoft recently terminated accounts linked to five state-affiliated actors from China, Iran, North Korea, and Russia who misused AI for tasks like researching targets, debugging code, generating scripts, and creating phishing content. Fortunately, no significant damage was reported.

Despite the dystopian power attributed to genAI, it also offers a transformative opportunity to turn defence into offence. According to Gartner®, “By 2027, generative AI will contribute to a 30% reduction in false positive rates for application security testing and threat detection by refining results from other techniques to categorise benign from malicious events.”^[1] At Verizon, security teams are nearing 90%, a notable achievement considering AI engines ingest more than 70 billion data points from the network daily.

Utilising zero-trust architectures, cyber defenders are finding novel ways to keep bad actors at bay. This includes using genAI for constant network monitoring to spot and fix real-time threats. Automated tests simulate cyber-attacks to find and fix weaknesses before hackers can, keeping defences solid and ready.

CISOs deploy AI to analyse traffic and detect phishing, identifying and blocking suspicious activities early. AI can also create strong passwords and handle routine tasks, allowing experts to focus on critical security issues.

Mastering AI, including for security, remains crucial to gaining a competitive advantage. Enterprises may unlock a return on investment in a little over a year, with an average return approaching $4 for every $1 invested.

However, AI risk quantification today unlocks this innovation tomorrow: Risk management must be fully embedded and integrated to succeed, not playing catch-up, especially when building new genAI applications. APAC companies, understandably excited to build their first internal genAI solution, often fail to consider the challenges with testing applications.

Random tests by those unfamiliar with genAI won’t reveal if it’s truly secure. It’s like securing a home versus the Pentagon; the approach must be tailored and quantified. Placing a regular penetration tester in a complex AI environment invites vulnerabilities — even more so as attack surfaces expand into IoT environments and self-optimising plants typical of Industry 4.0.

Knowing how you stack up against threats requires an objective assessment of your cybersecurity controls, particularly as introducing new AI frameworks increases the uncertainty surrounding the rollout of new technologies to customers or public sector agencies. GenAI risk quantification paves the way for safe, secure breakthrough innovations that protect sensitive data in some exciting ways.

Unlike other types of AI, genAI enables innovation by generating novel solutions and content, which makes its impact unique.

Deploying new genAI use cases solves the world’s biggest problems in healthcare, finance, climate change, energy, fire prevention, Industry 4.0, productivity and customer commerce. AI dashcams act as co-pilots for fleet drivers. With real-time coaching, drivers are reminded to maintain a safe distance from other vehicles.

Healthcare organisations use real-time insights from monitoring devices to improve clinical decisions. Supported by genAI-enabled solutions like intelligent video surveillance and equipment tracking, doctors can operate more safely with analytical insight using innovative diagnostic tools.

Imagine a customer service centre that can answer 95% of all inquiries, with the possibility of increasing this to 100%. New generations of genAI personal assistants not only understand employee needs but also streamline tasks and provide clarity.

Companies like Verizon are also pioneering new “Fast Pass” genAI features that intelligently pair customers with the best representatives for their specific needs, ensuring efficient and effective resolutions.

Achieving mastery of genAI in areas like the above hinges on meeting specific threats and vulnerabilities, including technical aspects, attack vectors and the need for robust security measures.

Renowned ethical hacker Bastien Treptel warned earlier this year that major banks work on the ethos that harmful agents are already inside their system: “They’re monitoring and trying to limit the damage.”

The Hayashi arrest also shows how genAI lowers the entry barrier for diverse cyber criminals, including nation-state actors with more extensive resources. People with little or no development experience can now write a zero-day exploit. As a result, attackers may eventually launch sophisticated cyber threats, burdening cash-strapped companies or public sector agencies.

In this environment, it is wise to “assume nation-state and work backwards.” This approach fosters a defensive mindset, preparing CISOs to effectively counteract even the most sophisticated genAI threats. Ultimately, while focusing on the risks of genAI is prudent, it’s vital to see its potential for defence. Cyber defenders can use AI to outsmart and neutralise threats as bad actors exploit it for attacks.

Finally, consider a spate of about 50 million cyberattacks on an Australian bank. The analysis would show that only a few are related to full-blown AI-generated sources. This perspective helps us understand the actual risk landscape and focus on defences where they are most needed.

Discover more about deploying generative AI securely and safely here.

^[1] Gartner, 4 Ways Generative AI Will Impact CISOs and Their Teams, Jeremy D’Hoinne, Avivah Litan, Peter Firstbrook, 29 June 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post From defence to offence: Unleashing genAI’s transformative power in APAC appeared first on TechWire Asia.

Another day, another Malaysian organization experiences a data breach. Everyone knows about the flaws and weaknesses in Malaysia’s cybersecurity laws. While the government is working on a new law to deal with this issue, businesses need to ensure they are well-prepared to deal with breaches.

While most companies in Malaysia continue to invest in improving their cybersecurity, they also need to be aware of how their company and customer data is being used, stored and disposed of. Malaysia already has several regulations on how personal data should be managed. However, the implementation of the law has still failed to boost some industries to take the matter seriously.

According to a report by Surfshark, a cybersecurity company, Malaysia was ranked as the eighth most breached country in Q3 2023, with 494,699 leaked accounts. The breach rate was 144% higher in Q3 2023 than it was in Q2 2023, and around four Malaysian user accounts were leaked every minute in Q3 2023.

Just taking a look at the recent cybersecurity incidents in the country, most of the data breaches are caused by ransomware attacks or systems that were simply not secured enough.

Major cybersecurity incidents in Malaysia in the past 24 months include:

• In December 2022, a hacker claimed to have the personal information of 13 million voters from the Election Commission, as well as customers of Maybank and Astro. The stolen data was posted on an online database marketplace, where the seller asked for direct messages through Telegram or the forum’s messaging features to complete the sale.
• In November 2023, a hacker claimed to have a 2022 database of 487 million WhatsApp user mobile numbers, of which 11 million were from Malaysia. The leak included accounts from 84 countries and was sold on a hacking community forum.
• In September 2023, Malaysia recorded its highest number of data breach cases, with an all-time high of 15 reported cases a week involving mainly ransomware attacks. The situation sparked concern over related cybercrimes and phone scams, which have led to millions of ringgit losses annually.
• iPay88, a payment gateway provider in Malaysia, suffered a data breach in May 2022 that potentially compromised customers’ card data. Since then, iPay88 has been working with cybersecurity experts to investigate and contain the breach.
• AirAsia was the subject of alleged data leak claims in November 2022, as confirmed by the Malaysian government and various news sources. The hacker group Daixin Team claimed responsibility for the attack, which compromised the personal data of five million passengers and all employees of AirAsia. The ransomware attack was on redundant systems, and AirAsia has launched an investigation into the alleged data breach.

 TM suffers data breach again

 The Star reported that customer data from Telekom Malaysia (TM) has made its way to the dark web forum. The report stated that a user claimed that he had stolen the complete customer database of the telco company.

The user claims that the data contains nearly 200 million entries, with “nearly 20 million effective user data.” Additionally, the user provided screenshots purporting to be the company’s customer database architecture documentation, with 161 pages outlining the structure, design, and functionality of the company’s customer database system.

This is not the first time TM has experienced a data breach. In 2023, TM confirmed a data breach involving historical Unifi customers’ personal information such as name, national identification/passport number, and contact details. In 2022, TM found 250,248 Unifi Mobile customers to be affected by a data breach, constituting both individual customers and SMEs. The type of data that was breached involved customer names, phone numbers and emails.

The Star also reported that TM released a statement claiming that it had received a ransom note recently, which had prompted “an immediate and thorough investigation to verify these claims.”

It claims that its investigation has shown “that the alleged materials are pre-processed, recycled and dated. Nonetheless, we are treating the situation with the utmost seriousness and are dedicated to resolving this issue with high urgency,” it said.

It also said that it has engaged the relevant authorities, lodged a police report, and is continuously fortifying its cyberdefenses and bolstering its resilience against such threats.

Data breaches impact all data

Here’s where it gets concerning. Despite the data being old and outdated, the information can still be compromised by cybercriminals. In fact, some cybercriminals are hacking encrypted data now so they can decrypt them in the future. Such is the value of data  – which businesses need to take more seriously.

For TM, suggesting that the data is “pre-processed, recycled and dated” may just lead to more concerning situations in the future. Here are several ways cybercriminals can still use old data:

• Identity theft: Old data can contain personal information that can be used to impersonate someone or access their accounts. For example, a cybercriminal can use an old email address and password to log in to a social media account and post malicious content or scam messages.
• Fraud: Old data can contain financial information that can be used to make unauthorized transactions or purchases. For example, a cybercriminal can use an old credit card number and expiry date to buy goods or services online.
• Blackmail: Old data can contain sensitive or embarrassing information that can be used to extort money or favors from the victim. For example, a cybercriminal can use an old photo or video to threaten to expose it to the public or the victim’s contacts.
• Phishing: Old data can contain contact information that can be used to send fake or malicious emails or messages to the victim or their acquaintances. For example, a cybercriminal can use an old phone number to send a text message claiming to be from a bank or a government agency and asking for personal or financial details.

At the same time, old data can be compromised by cybercriminals in various ways, such as:

• Data breaches: Cybercriminals can hack into online platforms or databases and steal old data that has not been deleted or secured properly. For example, in 2021, a hacker leaked the personal data of 533 million Facebook users from a 2019 breach.
• Malware infections: Cybercriminals can infect computers or devices with malicious software that can access and transmit old data stored on them. In 2021, a ransomware attack on Colonial Pipeline disrupted the supply of fuel in the US and exposed old data of the company’s customers.
• Phishing attacks: Cybercriminals can trick users into clicking on malicious links or attachments that can download malware or redirect them to fake websites that can capture their old data. For example, a phishing campaign in 2020 targeted Netflix users and asked them to update their payment details on a spoofed website.

As such, businesses need to be sure of how they use and store their data. At the end of the day, any form of data breach involving any type of data should not be taken lightly.

The post Malaysian telco provider has data breach – again appeared first on TechWire Asia.

Cyberattacks by Russian hackers have intensified recently, targeting two major technology companies within the same month. Hewlett Packard Enterprise (HPE) disclosed a breach in its cloud-based email systems, perpetrated by the same Russian hacking group implicated in previous Microsoft email account intrusions.

In a securities filing, HPE revealed that the December 12, 2023 incident affected several email accounts in areas including cybersecurity, marketing, and various business sectors. Following the discovery of the breach, HPE engaged external cybersecurity experts to launch an investigation and response, successfully eradicating the malicious activity.

HPE became aware of the intrusion on January 12, as stated in their Securities and Exchange Commission filing. The company suspects the hackers are part of Cozy Bear, a unit of Russia’s SVR foreign intelligence service.

Cozy Bear: the notorious group behind the attacks

Microsoft, too, experienced a similar breach in its corporate network, reported last week. Originating in late November, this attack compromised accounts of senior executives and staff in cybersecurity and legal departments, with Cozy Bear believed to be responsible.

Cozy Bear is a sophisticated cyber-espionage group with links to Russia’s foreign intelligence service, known by various names like “Midnight Blizzard” and “APT29.” The group, noted for stealthy intelligence-gathering, primarily targets Western governments, IT service providers, and think tanks in the US and Europe. Cozy Bear’s notoriety increased after orchestrating the SolarWinds breach.

HPE’s investigation suggests that the hackers have been accessing and extracting data from certain mailboxes since May 2023. Adam R. Bauer, a spokesperson for HPE, declined to reveal the source of the breach notification. He confirmed that the affected mailboxes were running on Microsoft software. The company is still assessing the full extent of the breach, which appears not to have significantly impacted its operations or financial health. This incident follows a new US Securities and Exchange Commission rule requiring public companies to report breaches that could impact their business promptly.

Additionally, the HPE breach involved unauthorized access to a limited number of SharePoint files in June 2023. SharePoint, a Microsoft 365 suite component, encompasses email, word processing, and spreadsheet applications.

While HPE is unable to confirm a direct link between its breach and the one reported by Microsoft, the company continues its investigation. The seniority of the affected HPE employees and the full scope of accessed mailboxes remain under scrutiny.

In response to these incidents, US officials have pointed out that Cozy Bear used compromised software from US tech firm SolarWinds in 2020 to infiltrate various US government agencies. This led to an overhaul of the US government’s cybersecurity defenses. Since then, the group has continued targeting US and European government agencies, frequently exploiting software providers and demonstrating a particular aptitude for breaching cloud computing networks. The FBI has observed such tactics as early as 2018.

Regarding the December breach, HPE is evaluating its potential impact on the company’s financial status and operations.

Microsoft’s recent disclosure of a breach by Cozy Bear involved a small number of its corporate email accounts, including senior executives. The company’s response included immediate investigation and mitigation efforts. However, Microsoft’s revelation that the hackers employed a simple technique, known as password spraying, has led to increased scrutiny of its security practices. A senior US National Security Agency official expressed disappointment over Microsoft’s vulnerability to such attacks, emphasizing the need for large tech firms to be vigilant against state-backed hackers.

Microsoft has refrained from commenting on these developments. Additionally, the company was involved in an alleged Chinese hack last year, compromising the email accounts of top US officials, including the Commerce Secretary and the US Ambassador to China. This campaign originated with the breach of a Microsoft engineer’s corporate account.

Sweden is also targeted by Russian hackers

In a related development, Russian hackers are suspected of disrupting online services for several Swedish government agencies and retail stores, as reported by IT consultancy Tietoevry. The Swedish-Finnish company indicated that resolving the issue might take considerable time.

The Moscow Times reported that the attack affected Tietoevry’s data center in Sweden, impacting online transactions at the country’s largest cinema chain, department stores, and other retail outlets. Sweden’s central government service center, Statens Servicecenter, experienced disruptions to its human resources system, affecting public sector employees’ ability to submit overtime, sick leave, or vacation requests.

In a statement issued recently, Tietoevry suggested that the restoration process could extend over several days or weeks due to the incident’s complexity and the numerous customer-specific systems involved. Caroline Johansson Sjowall, spokesperson for Statens Servicecenter, reported that the attack affected “120 government agencies and more than 60,000 employees.”

Cybersecurity experts, including Tietoevry, suspect the involvement of Akira, a hacker group with Russian ties. The company has filed a police report regarding the attack and is assessing its financial implications. Currently, Tietoevry has not released any information regarding a ransom demand, which is typical in ransomware attacks where hackers encrypt or steal data and then demand payment for its decryption or to prevent its public release.

Civil Defense Minister Carl-Oskar Bohlin stressed the urgency of prioritizing cybersecurity across both public and private sectors. In a statement on X, formerly known as Twitter, Bohlin announced the government’s intention to convene a meeting with affected parties to thoroughly evaluate the incident and formulate a response strategy once the operational phase is concluded.

The Swedish Civil Contingencies Agency (MSB) underscored the significance of this attack as a critical alert. Margareta Palmqvist, head of information security at MSB, voiced concerns to the Swedish news agency TT about the country’s rapid digitalization outpacing its cybersecurity investments. She emphasized the importance of being proactive in cybersecurity measures, ensuring preparedness for such cyber threats.

This series of cyberattacks underscores the evolving landscape of digital threats, highlighting the critical need for robust cybersecurity measures in both the public and private sectors. The incidents involving HPE, Microsoft, and the Swedish government agencies reflect a growing trend of sophisticated cyber-espionage and ransomware attacks that target vital infrastructure and services.

As these threats evolve, the need for vigilance and investment in cybersecurity becomes increasingly crucial to protect sensitive data and maintain the integrity of critical systems worldwide.

The post Russian hackers are targeting everyone; first Microsoft, now HPE – and there could be more appeared first on TechWire Asia.

One of the biggest problems with data collected by government agencies is that it is often stored in silos by the respective agencies. Accessing all this data through a single platform or hub would ideally be the most effective way to gain comprehensive insights.

The Malaysian government has just launched the country’s national central database hub. Called Padu, the system will contain individual and household profiles of citizens and permanent residents in the country.

The entire central database hub, developed locally, took around six months to complete. Since its launch, thousands of Malaysians have rushed to register their accounts, leading to such high registration traffic that the system briefly struggled to cope with the demand.

While most Malaysians were impressed that the government had finally launched a system consolidating all necessary information in one location, there were concerns about the security features of the Padu system. Comments on social media highlighted weaknesses in some features, particularly in user registration processes.

Rafizi Ramli, Malaysia’s Economic Minister who is overseeing the database, said that the government is aware of the cybersecurity concerns and has taken the measures needed to protect the data in Padu.

When the government handles data of this size, the risk in terms of data intrusion and security is a significant concern. The development of Padu has taken into account all the aspects of system security risks and classified information breaches,” he said.

In a report by Channel News Asia, the minister added that measures adopted include establishing comprehensive standard operating procedures as well as strategic cooperation between groups – namely the National Cyber Security Agency (NACSA), the Office of the Chief Government Security Officer (CGSO), CyberSecurity Malaysia and the Department of Personal Data Protection (PDP).

“The government has also appointed a group of independent experts with expertise in various fields who act as a check and balance in ensuring that Padu’s development includes the latest and best safety features,” added the minister.

How secure is Padu?

Several cybersecurity professionals in Malaysia have raised concerns about the Padu database. Given that the database is also expected to underpin the country’s forthcoming digital ID, many emphasize the need for developers to ensure the absence of backdoors that could be exploited by cybercriminals to compromise the system.

According to a report by The Star, CyberSecurity Malaysia (CSM) chief executive officer Datuk Dr Amiruddin Abdul Wahab said that cyberthreats to the data of millions of Malaysians are real and constantly evolving with technological advancements. Despite this concern, he assured readers that the responsible authorities have undertaken all necessary measures to secure Padu.

“CSM was tasked with conducting a Security Posture Assessment (SPA) as an independent third party. However, the overall requirements and ownership belong to the Malaysian Administrative Modernisation and Management Planning Unit (Mampu) and the Statistics Department. Generally, the cloud is secure for storage, and it is based on the cloud security controls implemented by the cloud service provider,” he added.

Additionally, Dr Amiruddin expressed hope that the government would conduct regular security audits on Padu. He emphasized that, given the ever-evolving nature of threats, the current security system does not guarantee future safety.

Five ways the central database hub can be compromised

The Tech Wire Asia team decided to register their details on the system. Initially, the layout and design of the system seemed very amateurish, resembling the work of student developers. The database appeared to predominantly focus on sources of income, which seems redundant since most individuals already declare their taxes to the Inland Revenue Board of Malaysia.

If Padu aims to streamline subsidies to deserving individuals, it may face challenges, particularly because many who need government assistance are in rural areas with limited access to the platform.

The registration process was straightforward. However, the eKYC component, highlighted as complex by several parties, was the most challenging aspect. A former MP even suggested that the government should suspend the registration of accounts until all security concerns on the platform have been addressed.

With that said, here are five ways hackers and cybercriminals could easily compromise the Padu platform.

Identity theft – While some have denied this is a possibility, the reality is that once a cybercriminal has access to an account, they will also have access to all the information that is available. That includes not only personal data but also financial data, including the source of any recorded income.

Such information would fetch a hefty price on the dark web. Hackers could also use the information to set up accounts on other sites, causing havoc to victims. For example, a hacker could use the information for financial identity theft, in which the malicious actor uses financial details to apply for and obtain credit, loans, goods, and services.

Brute force attacks – A brute force attack uses trial-and-error to guess login information and encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.

For Padu, once a user has verified their account, there is no multi-factor authentication needed to log in to their accounts. All that is needed is the identity card number and password – which can be easily compromised. In fact, the Economy Ministry has thanked a member of the public who found a loophole within its system that allowed third parties to use identity card numbers to override passwords in Padu.

DDoS attacks – A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt online services or sites by overwhelming its target with unusually high volumes of data traffic. Hackers can easily launch DDoS attacks on the platform to disrupt its services. For example, in Singapore last year, a DDoS attack disrupted the country’s public healthcare institution website for hours, leaving many unavailable to log in and such.

Application vulnerabilities – No matter how secure it is, or how big a budget an organization has, all software has some flaws or bugs that can be exploited by cybercriminals. The developers of Padu need to constantly update their software to the latest version. They should also avoid downloading or installing software from untrusted sources or clicking on suspicious links or attachments.

Currently, Padu says that the responsibility for data security lies with the source of the data – meaning each government agency from which the data is coming. But this mentality needs to change as data security needs to be a collective responsibility.

Data breaches – Everyone knows the weaknesses in Malaysia’s cybersecurity laws and the number of data leaks, breaches and such that have occurred in government agencies. As a matter of fact, the current PDPA laws in Malaysia exclude government agencies. Hence, if a data breach was to occur on the database, who would be responsible for it?

The bottom line is that the central database hub is definitely a system that could be a game-changer for Malaysia. But if the concerns raised are not addressed properly, the platform could end up causing more harm to the public instead of benefiting them. With the country’s digital ID plans on the horizon, improving the security features in Padu should be a prerogative that must not be taken lightly.

The post Here’s how Malaysia’s central database hub, Padu can be compromised by cybercriminals appeared first on TechWire Asia.

Ubisoft, the French video game company celebrated for its array of popular titles such as Assassin’s Creed, FarCry, Tom Clancy’s Rainbow Six Siege, and the newly launched Avatar: Frontiers of Pandora, has recently found itself grappling with a cybersecurity dilemma.

There are reports that Ubisoft is investigating a cybersecurity breach involving an anonymous hacker who reportedly infiltrated key company channels like Microsoft Teams, Confluence, Atlas, and SharePoint. The intruder is said to have had access for 48 hours before being ousted from the system.

Investigating the recent cyberattack hitting Ubisoft

The gaming community, particularly the Gaming Leaks and Rumours subreddit, and a Bleeping Computer report, highlight that screenshots supposedly captured during the cyberattack on December 20th have been leaked online. Ubisoft has acknowledged this incident and is looking into this supposed data security breach.

Ubisoft’s official statement was concise: “We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time.”

Vx-underground, via a tweet, shared information from an undisclosed source claiming responsibility for the breach on December 20th. This individual alleged their intention was to extract roughly 900GB of data after gaining entry to Ubisoft’s internal systems, including the SharePoint server, Microsoft Teams, Confluence, and MongoDB Atlas panel. They also purportedly provided screenshots showing access to some of these platforms.

In a separate but possibly related development, MongoDB Atlas reported a breach. However, there seems to be no direct connection between that incident and the one at Ubisoft.

In communication with vx-underground, the perpetrators revealed their failed attempt to steal data from Rainbow 6 Siege users. They were detected and subsequently lost access before they could complete their intended data theft.

Ubisoft is no stranger to cyberattacks. In 2020, the company fell victim to the Egregor ransomware gang, leaking portions of the Ubisoft game Watch Dogs‘ source code. Another breach occurred in 2022, disrupting the company’s games, systems, and services.

The Lapsus$ connection: past and present intrusions

In these previous instances, the cybercriminal groups responsible for the attacks were either known or strongly suspected. For instance, the 2022 breach was widely attributed to the Lapsus$ group.

Ubisoft has reported a temporary disruption to some of its games, systems, and services in light of the most recent incident. The company’s IT teams are currently probing the issue in collaboration with external experts. As a precautionary measure, Ubisoft initiated a reset of passwords across the company. The company also ensured that all games and services were functioning normally, and at the time of publishing, there was no indication that any players’ personal information had been compromised or exposed in the incident.

Lapsus$, a hacking group based in South America, indirectly hinted at its involvement in the recent cyberattack at Ubisoft on Telegram, accompanied by a smirking face emoji. However, it did not directly claim responsibility. The group later added in the same thread that its target was not Ubisoft as such, but the customer data it could harvest from the attack.

Previously, Lapsus$ made headlines for claiming responsibility for leaking Nvidia employee password hashes, leading to outages in Nvidia’s developer tools and email systems. The group even threatened to release confidential files related to Nvidia’s GPUs unless its demands for open sourcing the GPU drivers were met. It also confessed to breaching Samsung’s systems and leaking almost 200 GB of internal files online. Furthermore, Lapsus$ broadcasted on Telegram its intent to recruit insiders at potential targets, explicitly targeting significant software and gaming corporations.

Ubisoft’s server revival and future closures

In an unrelated turn of events, Ubisoft gamers were surprised to find that servers for games like Driver: San Francisco, Splinter Cell: Blacklist, Rayman Legends, and Assassin’s Creed III, which were officially shut down in October 2022, have mysteriously come back online. This unexpected development has allowed players to earn various online achievements previously considered discontinued.

TrueAchievements community members have noted that the servers for Driver: San Francisco and Splinter Cell: Blacklist are operational again. Additionally, there are reports that servers for Assassin’s Creed III and Rayman Legends on Xbox 360 are also back. Players can now unlock achievements linked to these games’ online features.

However, it is speculated that this server reactivation is an unintentional outcome from Ubisoft, and it’s likely that the servers will go offline again shortly. Gamers hoping to obtain achievements from these games are encouraged to seize this opportunity swiftly.

Looking ahead, next month is set to see the closure of servers for four Xbox games, including WWE 2K22, signaling the end of an era for these titles.

The post Ubisoft faces the challenge of a recent cyberattack appeared first on TechWire Asia.

MongoDB, a database software company, recently issued a warning about a breach in its corporate systems, leading to the exposure of customer data. This cybersecurity incident marks a significant event for the company, known for its extensive reach in the database software market and its substantial revenue of US$1.2 billion this year.

MongoDB database breach: unveiling the incident

The breach was first detected on the evening of December 13, 2023 (US Eastern Standard Time), when MongoDB identified suspicious activity within its corporate systems. The company promptly initiated its incident response process. However, it is believed that the unauthorized access had been ongoing for some time before its discovery.

In a notice posted on December 16 on its alert page, MongoDB confirmed the security incident involved unauthorized access, resulting in the exposure of customer account metadata and contact information. Despite this, MongoDB assured customers there was no evidence of exposure to the data stored in MongoDB Atlas, its flagship database service.

As a precaution, MongoDB recommends customers remain alert to potential social engineering and phishing attacks. The company advises activating phishing-resistant multi-factor authentication (MFA) and the regular rotation of MongoDB Atlas passwords. MongoDB emphasizes that it has not found any security vulnerabilities in its products as a result of this incident.

Importantly, MongoDB says that access to MongoDB Atlas clusters is authenticated through a system separate from the compromised corporate systems. As of December 17, no evidence suggests any unauthorized access to MongoDB Atlas clusters or compromise of the Atlas cluster authentication system.

The breach resulted in unauthorized access to some corporate systems containing customer names, phone numbers, email addresses, and other account metadata. Notably, system logs for one customer were accessed, and MongoDB has notified the affected customer. There is no indication that other customers’ system logs have been accessed.

Past incidents

The database provider company has faced multiple cybersecurity incidents, not just this recent one. In July 2020, a significant event unfolded when a hacker placed ransom notes on 22,900 MongoDB databases that were exposed online without password protection. At the time it was claimed that this figure represented nearly half (47%) of all misconfigured self-hosted MongoDB databases that had been left accessible online.

In this incident, the hacker employed an automated script to identify and exploit misconfigured MongoDB databases. The script erased the database contents and replaced them with a ransom note demanding 0.015 bitcoin (approximately US$140).

The cybercriminal set a tight deadline, giving companies two days to comply with the payment demands. Failure to pay would result in the leaking of their data and a report to the victim’s local General Data Protection Regulation (GDPR) enforcement authority, exposing them to potential legal issues.

These specific ransomware attacks, identified by the ransom note titled “READ_ME_TO_RECOVER_YOUR_DATA,” were first detected in April 2020. The attacker repeatedly accessed the same databases, leaving multiple copies of the ransom note over several days.

Such MongoDB wiping and ransom attacks are not a recent phenomenon. These incidents are part of a larger trend that began in December 2016. At that time, hackers discovered they could profit significantly by erasing MongoDB servers and demanding ransoms, exploiting the desperation of server owners to recover their data.

In a series of attacks, over 28,000 servers were held for ransom in January 2017, followed by another 26,000 in September 2017, and 3,000 more in February 2019.

This specific MongoDB incident occurred during a year marked by several high-profile data breaches. For example, in November 2020, Samsung reported a significant breach spanning a year, from July 1, 2019, to June 30, 2020. This breach resulted in unauthorized access to customer data from its UK store, but it wasn’t discovered until November 13.

Samsung assured that no financial data or customer passwords were compromised, though contact information was accessed. In response, the company reported the breach to the Information Commissioner’s Office and notified the affected customers, taking steps to resolve the situation.

Ongoing investigation and updates

MongoDB continues to investigate the breach and will provide updates on the MongoDB Alerts web page, which is used for communicating about outages and other incidents. The company remains committed to transparency and the security of its systems and customer data.

This incident serves as a reminder of the ever-present cyberthreats facing technology companies. It underscores the importance of robust security measures and constant vigilance in an increasingly interconnected digital world. Customers of MongoDB and similar services are urged to follow the recommended security practices and stay informed about the latest updates regarding this breach.

The post The database provider MongoDB security breach exposes customer contact information appeared first on TechWire Asia.

Data security has become paramount in a world increasingly reliant on digital technologies. Toyota, a global leader in the automotive industry, has recently faced a series of significant data breaches, raising concerns about the safety of customer information. These incidents at Toyota Financial Services (TFS) and other divisions have exposed millions of customers’ sensitive personal and financial details, highlighting the vulnerabilities even large corporations face in the digital age.

Toyota Financial Services, a division of Toyota Motor Corporation, operates in almost all markets where Toyota vehicles are sold, offering automotive financing services.

The company issued a statement on its website: “Due to an attack on the systems, unauthorized persons gained access to personal data. Affected customers have now been informed. Toyota Kreditbank’s systems have been gradually restarted since December 1st.”

Immediate response and advisories

Toyota Financial Services advised its German customers to remain alert, contact their banks for added security measures, monitor unusual activities, and check their credit status with Schufa. The company has also reported the breach to North Rhine-Westphalia’s data protection officer.

Previously, Toyota acknowledged unauthorized access to some of its European and African systems, following claims by the Medusa ransomware group that it had compromised the automaker’s division.

Medusa, also known as MedusaLocker, has claimed responsibility for the breach and listed Toyota Financial Services on its Tor-based leak site, threatening to release the stolen data unless a US$8 million ransom is paid within ten days. Evidence, including screenshots and a file directory made public by the attackers, indicates that the data was extracted from Toyota Financial Services’ systems in Germany.

SecurityWeek reported that the hackers’ published screenshots reveal various corporate documents, spreadsheets with personal data, and copied passports. Cybersecurity expert Kevin Beaumont suggested that the Medusa group might have exploited the Citrix NetScaler vulnerability, CVE-2023-4966 or CitrixBleed, to infiltrate the company.

Beaumont noted that Toyota Financial Services had an exposed Citrix Gateway system in Germany, potentially vulnerable to CitrixBleed attacks. This vulnerability has been widely exploited in ransomware attacks, including by the LockBit group against government, legal, and banking institutions. LockBit also claimed responsibility for a recent attack on China’s largest bank – which had an exposed Citrix system.

Beaumont also identified vulnerable, internet-exposed Citrix devices belonging to Boeing and Australian shipping firm DP World, which were recently targeted. It appears Toyota has not engaged in ransom negotiations with the attackers, and as a result, all the compromised data is now available on Medusa’s dark web extortion portal. Toyota Kreditbank GmbH in Germany has acknowledged the breach, admitting that hackers have accessed customer data.

Heise obtained a sample of Toyota’s communications to German customers, confirming that names, addresses, contact information, lease-purchase details, and IBAN numbers were among the compromised data, which could be exploited for phishing, scams, and identity theft.

The notification confirms the compromised data, but Toyota’s internal investigation is ongoing, and additional data breaches may yet be uncovered. Toyota has commited to keeping affected customers informed about any further data exposure discovered during the ongoing investigation – arguably, the very least its customers should be able to expect.

Toyota’s historical data breaches

In May of this year, Toyota disclosed a significant data breach, revealing that over two million customer records had been exposed online for the past ten years. This revelation followed the detection of a data leak involving the details of 260,000 car owners.

In a recent statement, Toyota acknowledged an additional set of data that was inadvertently made available externally due to a misconfiguration in Toyota’s connected cloud service. This service provides various internet services in the company’s vehicles, including vehicle information, in-car entertainment, and emergency support in case of accidents or breakdowns.

The issue came to light during an extensive review of Toyota’s cloud infrastructure, following an earlier admission this month that customer data was publicly accessible online.

The exposed information includes identifiers for in-vehicle devices and mapping data shown on the navigation systems of Toyota customers in Japan. However, this data does not contain specific location details and is insufficient to identify individual customers. The exposure potentially impacts customers who bought Toyota vehicles since December 2007, with the data breach taking place between February 2015 and May 2023. Toyota plans to issue individual apologies to the customers affected by this breach.

Toyota has also confirmed that an unspecified number of customers outside Japan, particularly in Asia and Oceania, also had their personal information exposed between October 2016 and May 2023. The nature of the exposed data varies but may include names, addresses, Toyota-specific customer numbers, and vehicle registration and identification details. The company intends to inform these customers, as per regional legal requirements.

Moving forward: Toyota’s commitment to data protection

In summary, Toyota’s string of data breaches serves as a potent reminder of global companies’ challenges in safeguarding personal information in the digital era. While Toyota is taking steps to address these breaches and inform affected customers, the incidents underscore the ongoing need for robust cybersecurity measures across industries. As Toyota continues its investigation and strengthens its digital defenses, these events highlight the importance of vigilance and proactive strategies in data protection.

The post Data breaches at Toyota: the company once again warns customers of a breach appeared first on TechWire Asia.

Imagine a scenario where your online activities, from casual email exchanges to confidential financial dealings, leave a digital footprint prone to cyberthreats. This situation is far from a mere speculative plot in a science fiction film; it’s a tangible challenge we confront in our current era of digital interconnectivity. In this environment, the security of our personal data, which is invaluable and deeply intertwined with our private lives, is under continuous threat.

Despite its role in connecting global communities and streamlining our lives, this digital era has also been the backdrop for some of the most significant data security breaches. These incidents, impacting billions of people worldwide, go beyond mere statistics. They represent personal stories, breaches of confidential information, and shattered trust, all having far-reaching consequences in our increasingly online existence.

What have been the most monumental data breaches of recent times? And how have even prominent corporations succumbed to cyber-incursions, despite the general awareness of the danger? From the astonishing Yahoo breach impacting billions to an unknown company’s unsecured database leak, each incident sheds light on the dynamic field of cybersecurity and the relentless effort to defend our digital selves.

Analyzing monumental data breaches

A recent analysis by NinjaOne, a patch management software company, unveils startling findings: Yahoo’s 2013 data breach is the most severe, with three billion records compromised. This study sifts through the most significant breaches to identify which organizations have faced the gravest data losses.

1. Yahoo with three billion records in 2013

In 2013, Yahoo endured the most significant recorded data breach in history, affecting every one of its three billion user accounts. Initially underestimated at one billion affected accounts, this figure was later corrected to a breathtaking three billion. The breach led to the theft of diverse data, including email addresses, passwords, birth dates, and phone numbers.

2. First American Corporation with 885 million records in 2019

First American, the nation’s second-largest title insurance company, processes vast amounts of personal and financial information annually. This data, sourced from numerous title-related documents, is stored in its proprietary software, EaglePro.

In May 2019, a security weakness was discovered in EaglePro. This vulnerability allowed unauthorized access to confidential documents, enabling anyone with a specific link to view their documents and those of unrelated transactions without needing authentication. A whopping 885 million records were compromised due to lax security on its servers, exposing critical data like bank accounts, social security numbers, wire transactions, and mortgage details.

The New York State Department of Financial Services (DFS) investigated and found that First American had violated cybersecurity regulations. The company had failed to establish adequate governance, access controls, identity management, and risk assessment procedures, leading to insufficient security measures in EaglePro against unauthorized data access.

DFS recently announced that First American would face a US$1 million penalty for breaching cybersecurity regulations. This fine is linked to the May 2019 cybersecurity incident, which unintentionally exposed sensitive consumer information.

3. Facebook with 540 million records in 2019

A leak of data from around 540 million Facebook users, including personal details like names and phone numbers, was recently made public. Initially, Facebook downplayed this as relating to a known 2019 breach, but later admitted the data came from a previously unreported exploit in their contact import feature. The breach was distinct from other Facebook security issues and involved the information of notable figures. Facebook’s response to the incident, including a failure to directly notify affected users, has drawn criticism for lack of transparency and clarity.

4a. Marriott International with 500 million records in 2018

Marriott International, a global hotel chain, tied for the fourth-largest breach in 2018, with half a billion records compromised. The data breach, allegedly orchestrated by hackers linked to the Chinese government, targeted Marriott’s reservation database, compromising sensitive data, including passport numbers and credit card details.

4b. Yahoo with 500 million records in 2014

Yahoo’s 2014 data breach, tied as the fourth-largest, affected 500 million records, including personal details like usernames and birth dates. The fallout from this breach, which became more apparent in 2018 with a US$35 million fine for Yahoo’s delayed disclosure, heightened public awareness of data security. Additionally, between 2015 and 2016, hackers breached 32 million more accounts. Yahoo’s subdued response to these incidents, mainly through security notices on its website, sparked concerns about its commitment to robust cyberdefenses.

6. FriendFinder Networks with 412 million records in 2016

In 2016, FriendFinder Networks suffered a major hack, exposing over 412 million accounts across sites like Adultfriendfinder.com. Steve Ragan initially reported security flaws, but the full scale of the breach, involving usernames, emails, and weakly encrypted passwords, was revealed by LeakedSource. Despite a previous breach in 2015, FriendFinder continued insecure password practices, leading to widespread concerns about its commitment to data security.

7. Exactis with 340 million records in 2018

Exactis, a marketing and data aggregation firm, suffered the seventh-largest breach in 2018, with 340 million records exposed. It inadvertently made detailed personal data of millions publicly accessible, including phone numbers, addresses, and email contacts.

8. Airtel with 320 million records in 2019

In 2019, Airtel, a major Indian telecom provider, faced a data breach exposing 320 million customer records due to a system vulnerability. This breach compromised personal details like names, phone numbers, email addresses, and Aadhaar card numbers.

The incident prompted data privacy concerns and investigations in India. In response, Airtel strengthened its security protocols and informed affected customers, highlighting the need for stringent data protection measures to handle sensitive information.

9. Truecaller with 299 million records in 2019

Truecaller, known for its caller ID and call-blocking features, encountered the ninth-largest breach in 2019, with 299 million records compromised. Leaked data encompassed phone numbers, email addresses, and other personal details.

10. Database leak with 275 million records in 2019

In 2019, an unknown company reportedly faced the tenth-largest breach when a misconfigured database with 275 million records was exposed.

The need for robust cybersecurity measures

NinjaOne remarked on the findings, highlighting the immense value of data in our interconnected world and the significant returns of investing in robust security measures.

It underscored the importance of updating software and limiting access to sensitive data as critical strategies to minimize data breach risks.

NinjaOne pointed to Yahoo’s 2013 and 2014 data breaches, which resulted in billions of compromised records, as stark examples of the significant costs of data breaches. These incidents, with the 2013 breach being one of the largest in history, led to severe financial consequences for Yahoo.

The company faced a monumental class action settlement of US$117,500,000. Additionally, Yahoo and its successors encountered legal implications for how they managed these breaches.

“One such example is the US$35,000,000 SEC fine Yahoo incurred for not disclosing the data breach when it first learned about it, thereby misleading investors,” NinjaOne said.

This commentary emphasizes the critical nature of transparency and proactive security measures in the digital domain. The cases of Yahoo and others serve as stark reminders of the vital importance of protecting digital data and the potential consequences of failing to do so in our increasingly connected world.

The post Unprecedented data breaches of the last ten years – and their aftermath appeared first on TechWire Asia.

The recent Okta data breach may have actually had a greater impact than what was initially reported. Okta initially stated that hackers gained access to its customer support system and stole cookies and session tokens that could be used to compromise Okta customer accounts.

The breach supposedly affected around 1% of Okta’s 18,400 customers, including some prominent companies like 1Password, BeyondTrust and Cloudflare. These companies detected and blocked the intrusions before any of their own customers were affected, and notified Okta about the suspicious activity.

Okta initially said that there was no unauthorized access to the Okta service or customer data and that it has taken steps to secure its repositories and notify law enforcement. However, some security experts have criticized Okta for its delayed disclosure and repeated incidents, as this is not the first time Okta has suffered a breach due to social engineering or credential theft.

In 2022, Okta was breached by hackers who compromised a subprocessor that Okta had trusted to do customer support work. In August 2023, Okta was also targeted by a ransomware group that breached more than 100 organizations, including Twilio and New Relic.

As Okta is a leading identity and authentication platform that provides critical digital infrastructure for its customers, including top cloud providers, hyperscalers and technology companies, a breach of Okta could potentially expose sensitive data and credentials for multiple accounts belonging to some of the biggest companies across the globe. Okta claims that it does not rely on the confidentiality of its source code for the security of its services and that the Okta service remains fully operational and secure.

What really happened?

As things seemed to normalize, Okta continued its review of the breach. However, the recent findings from the review painted an even scarier scenario. According to a blog post by David Bradbury, the chief security officer at Okta, the threat actor was actually able to run and download a report that contained the names and email addresses of all Okta customer support system users.

“All Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers are impacted except customers in our FedRamp High and DoD IL4 environments (these environments use a separate support system not accessed by the threat actor). The Auth0/CIC support case management system was also not impacted by this incident,” said Bradbury.

Bradbury was quick to point out that the majority of the fields in the report are blank and the report does not include user credentials or sensitive personal data. In fact, he said that for 99.6% of users in the report, the only contact information recorded is full name and email address.

“While we do not have direct knowledge or evidence that this information is being actively exploited, there is a possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks. Okta customers sign in to Okta’s customer support system with the same accounts they use in their own Okta org. Many users of the customer support system are Okta administrators. It is critical that these users have multi-factor authentication (MFA) enrolled to protect not only the customer support system but also to secure access to their Okta admin console(s),” added Bradbury.

Bradbury also acknowledged that there could now be a bigger risk for customers, since the names and email addresses were downloaded. Specifically, cybercriminals could use the data to launch phishing and social engineering attacks on the users affected. As such, Okta recommends its customers employ MFA for their administrators and consider using phishing-resistant authenticators to further enhance their security.

A costly data breach but valuable lesson for Okta

In the report, Bradbury also said that Okta identified additional reports and support cases that the threat actor accessed, which contain the contact information of all Okta-certified users and some Okta Customer Identity Cloud (CIC) customer contacts, and other information. Some Okta employee information was also included in these reports. This contact information does not include user credentials or sensitive personal data.

“We are working with a third-party digital forensics firm to validate our findings and we will be sharing the report with customers upon completion,” the statement said.

This update on the impact of the Okta data breach may have changed the entire situation. A jump from 1% to the entire customer portfolio is not a small change in the report. The concern now is what might happen if the investigations unveil that even more files and data were actually compromised from the breach.

As Okta looks to mitigate the situation and bring some calm to its customers, the reality is that all Okta customers should now look to boost their security. Okta has suggested MFA, but businesses can also look to add a few more layers of additional security, including allowing privileged access to its administrators.

Bloomberg reported that Okta has sent a notice to customers, warning them that they may face an increased risk of phishing and social engineering attacks. The company also said it had pushed new security features and recommendations to defend against targeted attacks.

While this would be a last resort, it wouldn’t be surprising to see some companies moving away from Okta to other providers, given the latest updates from the company.

Whatever happens, one thing is for certain – the cybercriminals are clearly the winners of this breach, as they not only managed to trick Okta into believing that only a small amount of data was compromised, but also made the company look incompetent in terms of addressing the issue to its customers in the first place.

The Okta data breach could end up being a much costlier and more impactful incident in the long run, especially since it is not the first time the company has been targeted.

The post From 1% to 100%: Tallying the impact from Okta data breach appeared first on TechWire Asia.