Spanish telecommunications firm Telefónica confirms its inner ticketing system was breached after stolen knowledge was leaked on a hacking discussion board.
Telefónica is a Spanish multinational telecommunications firm working in twelve international locations with over 104,000 staff. The corporate is the most important telecommunications agency in Spain, working underneath the identify Movistar.
In an e-mail to BleepingComputer at present, Telefónica confirmed its ticketing system was breached and are investigating the incident.
“We now have develop into conscious of an unauthorized entry to an inner ticketing system which we use at Telefónica,” Telefónica instructed BleepingComputer
“We’re presently investigating the extent of the incident and have taken the mandatory steps to dam any unauthorized entry to the system.”
This affirmation comes after a Telefónica Jira database was leaked on a hacking discussion board, with the breach claimed by 4 folks utilizing the aliases, DNA, Grep, Pryx, and Rey.
Supply: BleepingComputer
One of many attackers, Pryx, instructed BleepingComputer that the “inner ticketing system” is an inner Jira growth and ticketing server, utilized by the corporate to report and resolve inner points.
BleepingComputer was instructed that the system was breached yesterday utilizing compromised worker credentials, with Telefónica blocking their entry at present after performing password resets on impacted accounts.
Utilizing the compromised worker accounts, the menace actors say they had been capable of scrape roughly 2.3 GB of paperwork, tickets, and numerous knowledge. Whereas a few of this knowledge was labeled as clients, BleepingComputer was instructed the tickets had been opened with @telefonica.com e-mail addresses, so could have been tickets opened on behalf of shoppers.
Pryx says they didn’t contact the corporate or try and extort them earlier than leaking the info on-line.
Three folks behind this assault, Grep, Pryx, and Rey, are additionally members of a not too long ago launched ransomware operation often called Hellcat Ransomware.
Hellcat is answerable for a current breach of Schneider Electrical, the place 40GB of information was stolen from the corporate’s JIRA server.
