Although this took place in 2021, it has only recently become known that hackers exploited the identities of a number of of the world's largest international corporations in order to access the data center networks of the two largest operators in Asia, Shanghai GDS Holdings Ltd. and Singapore's ST Telemedia Global Data Centers.
Resecurity Inc., a cybersecurity research organization, claims that a hack affected some 2,000 customers of both data center operators in September 2021. A secret employee in China infiltrated GDS and STT GDC, as well as a number of Resecurity clients whose data had been hacked.
Resecurity alerted GDS and STT GDC again in January 2022 when it became clear that hackers had gained access to the accounts. Both data center operators said they responded promptly to Resecurity alerts and launched internal investigations. GDS acknowledged that it investigated and fixed the vulnerability in 2021.
The STT GDC noted that "no unauthorized access or data loss" was observed, adding that Resecurity's credentials are "an incomplete and obsolete list of user credentials for applications." "Any such data is now invalid and does not pose a security threat in the future," the operator said.
Hackers accessed the identities of several of the world's biggest companies, including Alibaba Group Holding Ltd., Amazon.com Inc., BMW AG, Goldman Sachs Group Inc., Huawei Technologies Co., Microsoft Corp., and Walmart Inc. Most affected companies contacted by Bloomberg News, including Alibaba, Amazon, Huawei, and STT GDC, said that none of their clients were injured.
According to Bloomberg News reports, hackers obtained the email addresses and passwords of more than 3,000 individuals in the GDS database, including GDS' own employees and customers, and more than 1,000 individuals from STT GDC. The hackers also stole the credentials of more than 30,000 surveillance cameras from the GDS network, most of which were accessible using simple passwords such as "admin" or "admin12345."
Resecurity claims that the hackers had access to the credentials for more than a year before selling them on the dark web for $175,000 last month. And last Monday, a hacker group posted the stolen data on the dark web for free.
If you notice an error, click the mouse and touch CTRL + ENTER. | Can you write better? We are always interested in new authors.
