Launching Leaky Weekly with Flare, Cybercrime Current Events Podcast

There’s so much to keep up with in the world of cybercrime…especially for security practitioners.

Leaky Weekly is a bi-weekly podcast hosted by security researcher Nick Ascoli as he dives into the most pressing stories on data leaks, cybercrime, and the dark web in the last week or so.

Tune in for current events every other week on Spotify with short and sweet episodes in about 15 minutes, on YouTube, or check out this article for the highlights.

*Important disclaimer: When a company is possibly the victim of a breach, that may not necessarily be the case for various reasons, such as if threat actors may not actually have the information they claim to. Security practitioners should be supportive of organizations/security teams addressing breaches and never shame them.*

AT&T Breach

Billions of text and call records stolen 

A threat actor reached out to a security researcher to share a sampling of the researcher’s call records. After the researcher confirmed that those were their call records, the threat actor reveals that they leveraged a Snowflake account that didn’t have MFA turned on, and accessed the information in that tenant.

This threat actor sent the information to a few people including a member of ShinyHunters, a threat actor group. 

The original security researcher informed Mandiant, which then notified AT&T, which then filed an SEC filing and claimed that the threat actor associated with the breach has been arrested. 

The original threat actor had been arrested but was actually arrested in relation to a T-Mobile breach, a few years ago. 

AT&T attempted to contact ShinyHunters through the original security researcher:

  1. AT&T paid ShinyHunters five bitcoins to delete the data (with the security researcher also receiving a cut).
  2. ShinyHunters sent AT&T a video deleting the data (though it’s possible they may have other copies).
  3. WIRED also gets a hold of this video.
  4. ShinyHunters told several news outlets that the original threat actor shared the data with multiple people, including a ShinyHunters member (so it’s possible there are multiple copies of this information out there). 

This is a developing story, and it’s unclear how many copies of this information may be floating around. There are many theories of how malicious actors can exploit this data as they include information such as cell tower local pings that can geolocate where a call took place.

AT&T Breach

Billions of text and call records stolen 

Automate Your Threat Exposure Management

Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.

A threat actor reached out to a security researcher to share a sampling of the researcher’s call records. After the researcher confirmed that those were their call records, the threat actor reveals that they leveraged a Snowflake account that didn’t have MFA turned on, and accessed the information in that tenant.

This threat actor sent the information to a few people including a member of ShinyHunters, a threat actor group. 

The original security researcher informed Mandiant, which then notified AT&T, which then filed an SEC filing and claimed that the threat actor associated with the breach has been arrested. 

The original threat actor had been arrested but was actually arrested in relation to a T-Mobile breach, a few years ago. 

AT&T attempted to contact ShinyHunters through the original security researcher:

  1. AT&T paid ShinyHunters five bitcoins to delete the data (with the security researcher also receiving a cut).
  2. ShinyHunters sent AT&T a video deleting the data (though it’s possible they may have other copies).
  3. WIRED also gets a hold of this video.
  4. ShinyHunters told several news outlets that the original threat actor shared the data with multiple people, including a ShinyHunters member (so it’s possible there are multiple copies of this information out there). 

This is a developing story, and it’s unclear how many copies of this information may be floating around. There are many theories of how malicious actors can exploit this data as they include information such as cell tower local pings that can geolocate where a call took place.

Screenshot of message from SiegedSec leader in their Telegram channel, announcing disbanding the group

Disney Hack

The hacktivist group NullBulge, which claims to protect artists’ rights, hacked into Disney’s internal Slack messages in a protest over AI-generated art. 

NullBulge claimed there were two prominent methods of hacking:

  • An insider supposedly gave the group access to Disney’s internal Slack. However, this insider cut off NullBulge’s access, and the group responded by doxxing this individual. 
  • The WIRED article mentions infostealers may have been involved. 

The leak revealed 1.1 terabytes of messages, unreleased projects, code, documentation, and more across 10,000 Slack channels. NullBulge posted this information on their blog. 

Screenshot of NullBulge’s blog with stolen information from Disney’s Slack

These are all developing stories that we covered very briefly, so check out cybersecurity news outlets to stay up-to-date. We couldn’t cover everything in the last few weeks or so, and we’ll look into new stories and developments in two weeks.

Brought to you by Flare, Threat Exposure Management solution that empowers organizations to proactively detect, prioritize, and mitigate types of exposures commonly exploited by threat actors. Sign up for our free trial here.

Share This Article

Related Content