Aftermath of MOVEit vulnerability: Data vigilante ‘Nam3L3ss’ leaks nearly 8 million employee records from industry giants like Amazon,…

Aftermath of MOVEit vulnerability: Data vigilante ‘Nam3L3ss’ leaks nearly 8 million employee records from industry giants like Amazon, 3M, HP, and Delta, exposing cybersecurity flaws across major firms.

A “Data Vigilante” using the alias Nam3L3ss has leaked millions of employee records from global industry giants, in connection with the widespread **MOVEit vulnerability**. For your information, the MOVEit flaw is a security vulnerability in the MOVEit file transfer software, which many organizations use to share sensitive data.

Nam3L3ss, who denies being a hacker, began leaking the data on Friday, November 8, 2024. So far, sensitive and non-sensitive records from 27 companies, totalling 7,952,414 employee records, have been exposed. This includes 2,861,111 records from Amazon employees, a breach acknowledged by the company.

“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon,” Amazon spokesperson Adam Montgomery told Hackread.com. “The only Amazon information involved was employee work contact information, for example, work email addresses, desk phone numbers, and building locations.”

****Data Analysis****

The Hackread.com research team conducted an in-depth analysis of each file leaked by Nam3L3ss, revealing that the data includes full names, email addresses, phone numbers, office addresses, residential addresses, company names, location coordinates, and more.

****List of Affected Companies and Employee Counts****

    3M: 48,630 employees
    
    HP: 104,119 employees
    
    Delta: 57,317 employees
    
    MetLife: 585,130 employees
    
    Amazon: 2,861,111 employees
    
    McDonald's: 3,295 employees
    
    Lenovo: 45,522 employees
    
    TIAA: 2,464,625 employees
    
    CalSTRS: 422,311 employees
    
    BT: 15,347 employees
    
    URBN: 17,553 employees
    
    Leidos: 52,610 employees
    
    UBS: 20,462 employees
    
    HSBC: 280,693 employees
    
    Firmenich: 13,248 employees
    
    U.S. Bank: 114,076 employees
    
    Canada Post: 69,860 employees
    
    Westinghouse: 18,193 employees
    
    Rush University: 15,853 employees
    
    Omnicom Group: 37,320 employees
    
    Charles Schwab: 49,356 employees
    
    City National Bank: 9,358 employees
    
    Applied Materials: 53,170 employees
    
    Cardinal Health: 407,437 employees
    
    Bristol-Myers Squibb: 37,497 employees
    
    TIAA (additional listing): 23,857 employees
    
    Fidelity Investments: 124,464 employees

List of targeted companies (Screenshot credit: Hackread.com)

****Nam3L3ss’s Manifesto: Motivation and Methodology****

In a post on Breach Forums, Nam3L3ss outlined their “manifesto” to explain who they are and why they’re leaking data. According to the post, they monitor misconfigured and unsecured cloud databases across various services, including AWS Buckets, Azure, Digital Ocean, Google, and FTP and MongoDB servers, to extract and make this data public.

Nam3L3ss also claims to monitor ransomware groups, analyze stolen data, clean it by removing duplicates and irrelevant information, and then release it online. For example, the leaked MetLife employee directory originated from MetLife, a global financial services firm that suffered a ransomware attack in 2023.

Nam3L3ss intro and Manifesto (Screenshot credit: Hackread.com)

The Cl0p ransomware gang exploited MOVEit extensively, targeting hundreds of organizations worldwide. They even **created clear web websites to leak** the stolen data in July 2024.

**Ferhat Dikbiyik**, chief research and intelligence officer at Black Kite, weighed in on the recent Amazon data breach, explaining, that Amazon’s recent data breach traced back to a third-party vendor’s use of the MOVEit tool, is another wake-up call for the supply chain’s hidden vulnerabilities.

“Amazon’s recent data breach traced back to a third-party vendor’s use of the MOVEit tool, is another wake-up call for the supply chain’s hidden vulnerabilities. The MOVEit flaw initially hit hundreds, but the shockwave extended across 2,700+ organizations as the ripple effects reached third and even fourth-party vendors,” Ferhat said.

“We’ve identified over 600 MOVEit servers that were likely caught in this “spray” attack—leaving a vast field of potential targets,” he explained. “CL0P ransomware, the group exploiting this flaw, named 270 victims within three months, and the count is still rising.”

“With 200 to 400 organizations speculated to have paid ransoms, the real impact stretches far beyond these numbers. This breach emphasizes that ransomware risk doesn’t stop at your company’s doorstep. In today’s ecosystem, exposure management must extend across the entire supply chain to truly defend against the next big attack.”

****Data Vigilante?****

Although the term Data Vigilante is debatable, Nam3L3ss expresses frustration with companies and government institutions for failing to secure their networks. By leaking this data, they aim to raise awareness about data security and encourage better cybersecurity practices.

****Implications of the Data Leak and Advice to Employees****

Although passwords and financial details weren’t included in the leaked files, the exposure poses significant risks to companies and employees. Threat actors, especially state-sponsored groups like **North Korea’s Lazarus Group**, are known to exploit such data to initiate phishing scams, steal cryptocurrency, and access financial information that could aid their **country’s economy**.

If you work for one of the affected companies, be on the lookout for phishing scams via email, SMS phishing (smishing), and voice phishing (vishing) attempts, as attackers may try to exploit this data for further scams.

1.  Hacker Leaks Thousands of Microsoft and Nokia Employee Details
2.  Hackers Calling Employees to Steal VPN Credentials from US Firms
3.  Hacker Leaks Data of 33K Accenture Employees in 3rd-Party Breach
4.  Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets
5.  Indian Ex-Employee Jailed for Wiping 180 Virtual Servers in Singapore

Data Vigilante Leaks 8 Million Employee Records from Amazon, HP and Others

A vulnerability in Microsoft Bookings can expose your organization to serious security risks. Learn how attackers can exploit…

A vulnerability in Microsoft Bookings can expose your organization to serious security risks. Learn how attackers can exploit this flaw to create convincing impersonations, launch phishing attacks, and compromise sensitive data.

Information security-oriented firm Cyberis has discovered a new vulnerability in Microsoft Bookings which allows attackers to create highly convincing impersonations of key personnel within an organization, purchase TLS certificates or transfer domain names/services relying on email verification such as Cloudflare, and hijack accounts.

For your information, Microsoft Bookings is a tool used for scheduling appointments. The issue lies in an otherwise harmless feature: Shared Booking Pages. By default, users with appropriate **Microsoft 365** licenses can create these pages. When a user creates a Shared Booking Page, it automatically generates a corresponding account within Entra, which is Microsoft’s identity and access management platform.

According to a **blog post** published by Cyberis’ director Geoff Jones, the issue lies in account creation is problematic due to several factors. Firstly, the default setting allows any user with an appropriate Microsoft 365 license to create Shared Booking Pages, bypassing standard security protocols, where administrators typically have the sole authority to create new accounts. 

Secondly, the system automatically generates email addresses based on the Booking Page name, often following a predictable format (e.g., “FirstnameLastname” becomes “FirstnameLastname@”). Attackers can exploit this predictability to create email addresses resembling legitimate users, enabling phishing and identity theft.

These accounts also have full email functionality, allowing them to send and receive emails both internally and externally, leading to malware distribution, phishing attacks, and compromising of sensitive information.

Jones further explains that these accounts are not readily visible in standard administrative tools like the Exchange Admin Center, which makes it difficult for administrators to detect and manage them. This hidden feature expands the organization’s attack surface, making it more vulnerable to account hijacking. 

Account hijacking can involve reusing former employee email addresses, creating Booking Pages with matching email addresses, resetting passwords for external services, or verifying domain ownership for SSL certificates.

As per Jones, attackers can exploit Bookings in Microsoft 365 to impersonate someone with higher authority by creating a shared booking page mimicking a high-profile target, such as the CEO, and generate a convincing email address. For instance, \[email protected\] becomes \[email protected\].

Additionally, they can create legitimate-looking emails, add a profile picture or signature identical to the target, and launch highly believable phishing attacks against other employees. They can bypass detection mechanisms and target individuals with more access to sensitive information within the organization.

The screenshot shows side-by-side authentic and impersonated emails (Credit: Cyberis)

The vulnerability extends beyond **impersonating existing employees**. Attackers can create Booking pages with email addresses matching those of former employees, potentially reset passwords and gain access to external services linked to the email address, and verify domain ownership by obtaining SSL certificates through email validation mechanisms.

To mitigate the risk of attackers exploiting Microsoft Booking’s vulnerabilities, organizations should identify hidden mailboxes, restrict booking access, monitor incoming accounts, review permissions, and secure high-value email addresses. These steps, combined with a proactive approach to security configuration, can reduce the risk of attackers exploiting Microsoft Booking’s vulnerabilities.

1.  Hackers Could Exploit Microsoft Teams on macOS to Steal Data
2.  Hacker Leaks Thousands of Microsoft and Nokia Employee Details
3.  Russian Midnight Blizzard Breached UK Home Office via Microsoft
4.  NAKIVO Backup Solution for MSPs: Data Protection for Microsoft 365
5.  ZDI Slams Microsoft for Not Crediting It in Last Week’s Patch Tuesday

Microsoft Bookings Flaw Enables Account Hijacking and Impersonation

The mobile device maker continues to investigate IntelBroker's claims of another high-profile data breach, with the cybercriminal group posting on BreachForums internal data allegedly stolen from Nokia through a third-party contractor.

Source: Nico El Nino via Alamy Stock Photo

Nokia is investigating an alleged cyberattack in which threat actors claim to have stolen sensitive internal data. However, the company says that so far there is no evidence that either its data or systems were affected by a breach.

Known threat actor IntelBroker on Tuesday posted what it claimed is Nokia's online internal data — including SSH keys, source code, and internal credentials — putting it up for sale on the BreachForums cybercrime site for $20,000, according to a published report on HackRead.

The group claimed to have obtained the data through a breach of a third-party contractor linked to Nokia’s internal tool development, though no customer data seems to have been affected by the breach, according to the report.

"Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia," a Nokia spokesperson tells Dark Reading. "Nokia takes this allegation seriously and we are investigating."

However, at this time, the company's investigation "has found no evidence that any of our systems or data being impacted," though Nokia continues "to closely monitor the situation," the spokesperson says.

**Group Known for High-Profile Data Heists**

Given that IntelBroker is a notorious threat actor that already has pulled off a series of high-profile data heists, the chance that Nokia eventually will find that its data has been stolen seems likely. The Serbian-based entity began operations in 2022 and is linked to data breaches that affected Apple, the US House of Representatives, Europol, General Electric, and DARPA (Defense Advanced Research Projects Agency).

If IntelBroker's claim turns out to be true, data stolen in the heist and then sold to a malicious actor or actors potentially could be used to engage in other cybercriminal activity against Nokia. For example, stolen using credentials to gain unauthorized access to Nokia systems and breach other sensitive data or propagate malware. Depending on the nature of the data, other organizations also could be at risk.

The incident also demonstrates yet another example of how organizations are exposed to security risks through third-parties that contract with the company, observes Jim Routh, chief trust officer at cybersecurity firm Saviynt. However, that the breach itself occurred through a third party is not a huge surprise, he tells Dark Reading via email.

**Mitigating Third-Party Risk**

In fact, numerous high-profile cyberattacks at global multinational organizations have been the result of breaches through third parties, including incidents that occurred at credit card company American Express, Spanish banking institution Santander, and US-based financial organization Bank of America.

However, Routh says that the alleged Nokia breach "represents a bit of a head-scratcher" because it involves the compromise of "third-party credentials for access to the software supply chain."

"The head-scratching comes from why a third party has access to Nokia source code," he notes. However, it's possible that attackers gained access through a software engineer contributing to an internal project, Routh adds, speculating that hackers exploited "credential management for access to the software build process."

One potential way that organizations can protect themselves from a similar incident, he says, is to improve identity management for cloud accounts with access to the software supply chain to avoid inadvertently exposing sensitive data to threat actors.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Nokia: No Evidence So Far That Hackers Breached Company Data

Hackers claim to have breached MIT Technology Review Magazine via a third-party contractor, leaking nearly 300,000 user records…

Hackers claim to have breached MIT Technology Review Magazine via a third-party contractor, leaking nearly 300,000 user records on Breach Forums. Data includes full names, email addresses, and activity details, posing risks for phishing and targeted scams.

In a new data breach disclosed today, the hacker known as Intel Broker claims to have stolen the personal data of 290,762 individuals from MIT’s _Technology Review_ website via a third-party contractor. The data, which could be the website’s newsletter subscribers list, was posted on Breach Forums, a popular cybercrime platform, earlier today.

Intel Broker, notorious for **recent attacks on high-profile organizations**, alleges that the data includes Personally Identifiable Information. Hackread.com analyzed the leaked data and can confirm it includes personal details, which, while not as sensitive as financial data, could be leveraged in phishing attempts or targeted scams. Here is what the hacker has leaked:

*   **Full names**
*   **Dates of activity**
*   **Educational details**
*   **Email addresses (3,924 – After removal of duplicates: 1,343)**

Screenshot from the leaked data (Credit: Hackread.com)

Though the leak does not appear to contain highly sensitive information like passwords, social security numbers or financial data, the compromised data is still a privacy risk, as it could be exploited for phishing scams or identity verification attacks.

It is worth noting that this is not the first time Intel Broker has targeted a technology publication. In June 2024, an affiliate of Intel Broker **breached the “Tech in Asia” news outlet**, leaking the personal data of 221,470 users.

MIT Technology Review, an esteemed publication from the Massachusetts Institute of Technology, is known for its analysis of emerging technologies and their impact on society. This data breach potentially exposes readers and contributors who engaged with the platform, a situation that may lead to reputational challenges for the publication, as well as privacy concerns for its user base.

**Recent Activity of Intel Broker**

The alleged breach of Technology Review comes on the heels of another claim by Intel Broker, who recently advertised the sale of **sensitive internal data from Nokia** on the same forum, allegedly obtained through a similar contractor vulnerability. In the Nokia case, the hacker reportedly set a price of $20,000 for access to the stolen data, which included SSH keys, source code, and login credentials.

**Privacy Implications and MIT’s Response**

With names, email addresses, and activity data accessible, cybercriminals may use this information to craft sophisticated schemes aimed at those connected with the platform. Hackread.com has reached out to MIT’s Technology Review for a response regarding the data breach. Updates will be provided as more information becomes available. Stay tuned.

1.  **US Microchip Giant Cyberattack Disrupts Operations**
2.  **Hacker IntelBroker Leaks Sensitive US DoD Documents**
3.  **IntelBroker Apple Breach: Steals Source Code for Internal Tools**
4.  **AMD Data Breach: IntelBroker Steals Employee and Product Info**
5.  **Europol Hacked: IntelBroker Claims Major Law Enforcement Breach**

Hackers Leak 300,000 MIT Technology Review Magazine User Records

Hackers claim to have breached Nokia through a third-party contractor, allegedly stealing SSH keys, source code, and internal…

Hackers claim to have breached Nokia through a third-party contractor, allegedly stealing SSH keys, source code, and internal credentials. The data is being sold for $20,000 on BreachForums, though no customer data was affected. Nokia has not yet commented on the claim.

A notorious hacker known as Intel Broker has announced a data breach involving the telecommunications giant Nokia. Posting on the infamous cybercrime forum BreachForums, Intel Broker claims to have gained unauthorized access to sensitive Nokia information through a third-party contractor linked to Nokia’s internal tool development.

The hacker claims that no customer information was accessed, but they have obtained **critical internal data** from Nokia’s systems, which they’re now selling for $20,000.

**Details of the Breach**

According to Intel Broker’s post, the stolen data includes SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials. All of these items could potentially enable further unauthorized access to internal systems or facilitate other types of cyber attacks. In an attempt to validate the breach, Intel Broker also shared a file tree, showcasing various files and folders apparently related to Nokia’s internal operations.

In an exclusive conversation with Hackread.com, Interl Broker said that the stolen data collection is up for sale for $20,000, and he is reaching out to prospective buyers on BreachForums. According to the post, only those with high-ranking status and sufficient reputation on the forum are being encouraged to inquire.

Intel Broker on Breach Forums (Screenshot: Hackread.com)

The hacker claims to have pulled this data from a contractor working closely with Nokia, rather than Nokia’s own systems directly. This method of breaching systems through third-party vendors has become **increasingly common**, as vendors are often granted extensive access to the companies they serve. Cybersecurity experts have long warned about this weak point, advising companies to ensure that security standards extend to their contractors and partners.

**Potential Impact**

While Intel Broker emphasizes that customer data is not included in the breach, the exposure of alleged Nokia’s internal data could still have widespread implications. With access to development environments, source code, and credentials, hackers could potentially tamper with Nokia’s tools or services, or exploit the vulnerabilities in these resources to compromise other systems.

Screenshot from the sample data that Hackread.com analysed

****Nokia’s Response****

At the time of reporting, there has been no official statement from Nokia on this alleged breach. However, Hackread.com has reached out to the company awaiting a response. Stay tuned.

****About Intel Broker****

Intel Broker who is also the owner of Breach Forums is known for high-profile data breaches. **In June 2024**, the hacker claimed to have breached Apple Inc., stealing source code for internal tools. The same hacker boasted about **breaching AMD** (Advanced Micro Devices, Inc.), and stealing employee and product information.

**In May 2024**, Intel Broker hacked Europol, a breach that the agency later confirmed. Some of the hacker’s previous data breaches are listed below:

*   **Tech in Asia**
*   **Space-Eyes**
*   **Home Depot**
*   **Facebook Marketplace**
*   **Staffing giant Robert Half**
*   **U.S. contractor Acuity Inc.**
*   **Los Angeles International Airport**
*   **Alleged breaches of HSBC and Barclays Bank**

Although the hacker’s origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the **T-Mobile data breaches**.

1.  **Hacker Leaks Thousands of Nokia Employee Details**
2.  **Nokia Taiwan Hacked, 100,000+ accounts leaked online**
3.  **Cisco Network Breach as Employee’s Google Account was Hacked  
    **

Hackers Claim Access to Nokia Internal Data, Selling for $20,000

NIST standardized three algorithms for post-quantum cryptography. What does that mean for the information and communications technology (ICT) industry?

Source: Cynthia Lee via Alamy Stock Photo

COMMENTARY

After a grueling eight years of testing, the National Institute of Standards and Technology (NIST) has finalized the first three algorithms that will form the backbone of the world's strategy to counter the potential threats of quantum computing.

Given that enterprising hackers are likely already harvesting and storing massive volumes of encrypted sensitive data for future exploitation, this is welcome news. We have the first post-quantum cryptography (PQC) algorithms to defend against the inevitable attacks on "Q-Day," when a cryptographically relevant quantum computer (CRQC) comes online.

Still, having these NIST-approved algorithms is just the first step. For the information and communications technology (ICT) industry, transitioning to a quantum-safe infrastructure is not a straightforward task; numerous challenges must be overcome. It requires a combination of engineering efforts, proactive assessment, evaluation of available technologies, and a careful approach to product development.

**The Post-Quantum Transition**

PQC algorithms are relatively new, and with no CRQC available to fully test, we cannot yet achieve 100% certainty of their success. Yet we know that any asymmetric cryptographic algorithm based on integer factorization, finite field discrete logarithms, or elliptic curve discrete logarithms will be vulnerable to attacks from a CRQC using Shor's algorithm. That means key agreement schemes (Diffie-Hellman or Elliptic Curve Diffie-Hellman), key transport (RSA encryption) mechanisms, and digital signatures must be replaced.

Conversely, symmetric-key cryptographic algorithms are generally not directly affected by quantum computing advancements and can continue to be used, with potentially straightforward increases to key size to stay ahead of quantum-boosted brute-forcing attacks.

**Hybrid Approach to Security**

The migration to PQC is unique in the history of modern digital cryptography in that neither traditional nor post-quantum algorithms are fully trusted to protect data for the required lifetimes. During the transition from traditional to post-quantum algorithms, we will need to use both algorithm types.

Defense and government institutions have already begun integrating these algorithms into the security protocols of specific applications and services due to the long-term sensitivity of their data. Private companies have also kicked off initiatives. For instance, Apple is using Kyber to create post-quantum encryption in iMessage, while Amazon is using Kyber in AWS.

Large-scale proliferation of PQC is coming, as global standards bodies, such as 3GPP and IETF, have already begun incorporating them into the security protocols of future standards releases. For instance, the IETF-designed Transport Layer Security (TLS) and Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) — two of the most widely used protocols across 3GPP networks— will both incorporate PQC.

This kind of standardization is key for industries like telecommunications and Internet services, where hundreds of different companies are providing the different hardware, device, and software components of a network. Like any security protocol, PQC must be implemented consistently across all exposed elements in the network chain because any link that isn't quantum-safe will become the focal point of any data harvesting attack.

Over the next few years, we will see more and more PQC-enhanced products enter the market. At first, they will likely use hybrid approaches to security, using both classical and post-quantum encryption schemes, as Apple and Amazon have done. But as quantum-security technologies advance and are further tested in the market, PQC will likely replace classical asymmetric encryption methods.

Because asymmetric algorithms are largely used for secure communications between organizations or endpoints that may not have previously interacted, a significant amount of coordination in the ecosystem is needed. Such transitions are some of the most complicated in the tech industry and will require staged migrations.

**Ready for Q-Day**

PQC isn't the only way to protect against a quantum attack, as quantum threats will only increase in sophistication. It's vital to deploy a defense-in-depth strategy — one that includes physics-based solutions like preshared keys with symmetric distribution and quantum key distribution (QKD) — but PQC will be a powerful security tool.

Attention to interoperability will be key here, as crypto agility will ease the migration to pure quantum-safe algorithms in the future. Some companies are already leaning toward open source rather than proprietary code, which can help to avoid a bumpy upgrade path in future for security products. As well, this crypto agility will ensure that technologies being designed now for inclusion in next-generation/6G products will also have backward-compatibility with 5G and other earlier standards.

Now that we have the essential first algorithms to build our arsenal against quantum computing threats, the next steps for the ICT industry will be critical. They must adopt hybrid solutions now to combat harvest-now-decrypt-later attacks; embrace crypto agility, interoperability, and rigorous testing; and deploy a defense-in-depth strategy. By following this strategy, we will be well on track to ensuring our long-term security and saving the world from potential disaster when Q-Day comes.

**About the Author**

Senior Research Scientist, Nokia

Aritra Banerjee is a Senior Research Scientist in Nokia Standards leading quantum-safe standardization efforts. His research interests span cryptography, quantum technologies, security, privacy-preserving technologies, and machine learning trends.

What Communications Companies Need to Know Before Q-Day

Dell faces its third data leak in a week as hacker “grep” continues targeting the tech giant. Sensitive…

Dell faces its third data leak in a week as hacker “grep” continues targeting the tech giant. Sensitive internal files, including project documents and MFA data, were exposed. Dell has yet to issue a formal response.

Dell has allegedly been hit with yet another data leak, marking the third such incident in a week. The threat actor, who goes by the alias “grep,” has claimed responsibility for the latest breach and continues to target the tech giant.

This time, the hacker has leaked approximately 500 MB of sensitive data, including internal documents, PDFs, images, internal device testing videos, and Multi-Factor Authentication (MFA) data, which if confirmed by Dell could further escalate concerns over the company’s data security.

According to information obtained by Hackread.com, the hacker shared details of the data leak, stating that Dell suffered a third breach that exposed internal files. The hacker revealed, “I knew Dell would fix their failure without confirming or denying my claims, for the same reason I had exfiltrated more data when I breached the internal employees, which was not leaked and waited for this exact moment.”

The leaked data includes access vectors and references to Chinese infrastructure, which, if not at a large scale, could still have some impact on the company’s operations.

The hacker on the breach forum boosted about the data leak and the leaked data was analysed by Hackread.com (Screenshot: Hackread.com)

**Leaked Data Includes Internal Tickets and Infrastructure Documents**

Among the leaked data is a CVS file titled “Ticket Summary – FY23,” which includes details of Dell’s internal ticketing system. Some of the entries shared in the leak include:

*   Incident reports on Agile access, VPN issues, proxy requirements for testing, and application migrations.
*   Ticket summaries that highlight VPN enhancements, DevOps software access requests, and network setups.

Additionally, the hacker shared a range of files and folders containing critical infrastructure information, such as:

*   “China Infra Compute.pdf”
*   “Global Project FY23.pdf” and “Global Project FY25.pdf”
*   “MFA Authentication – Cisco DUO.pdf”
*   Various project summaries and security-related documents.

The documents released by “grep” provide a snapshot of Dell’s internal operations and project infrastructure, revealing sensitive information that could pose security risks if exploited. Therefore, for security reasons; we are withholding specific details of the leaked files.

> 🚨Data Breach Update: Threat Actor Claims Third Breach of DELL
> 
> "Greg" is now claiming that DELL suffered a third data breach, this time compromising data such as "PDFs, images, videos, models, MFA data, along with their access vectors, including Chinese infrastructure."
> 
> In the… https://t.co/lTaOeC0IAL pic.twitter.com/8w3Fh9flo8
> 
> — HackManac (@H4ckManac) September 25, 2024

**Pattern of Breaches: A Coordinated Attack or Piecemeal Leaks?**

This third leak follows two previous data breaches conducted by the same hacker within a short time frame. **On September 19, 2024**, “grep” leaked data belonging to over 12,000 Dell employees, sparking an internal investigation. Just days later, **on September 22**, more sensitive internal files were released, allegedly compromised through Dell’s use of Atlassian tools.

In today’s data leak, the hacker clarified that all the data was stolen during a single breach, but he is strategically leaking it in parts. This statement eliminates speculation that Dell is facing repeated attacks, confirming instead that the data is being gradually released from one initial breach.

It is worth noting that Dell has yet to confirm the extent of the damage or whether the hacker gained access through a third-party vendor, as seen in other recent incidents. The hacker’s method aligns with his earlier attack, where he **leaked 12,000 Twilio records** from a compromised customer. Twilio confirmed to Hackread.com that it was a third-party breach, which resulted in the leak of only one Twilio customer’s data.

**Dell’s Response and Next Steps**

So far, Dell has not released a formal statement regarding today’s data leak. With three data leaks in just one week, concerns about Dell’s cybersecurity are growing. Hackread.com has reached out to Dell for comment, and this article will be updated as more information becomes available. Stay tuned!

1.  **Hacker Leaks Data of 33,000 Accenture Employees**
2.  **Acer Online Store Hacked; 34,000 Customers’ Data Stolen**
3.  **Hacker Leaks Thousands of Microsoft and Nokia Employee Data**
4.  **Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets**
5.  **Nissan Confirms Data Breach Affected 100K Customers, Employees**

Dell Hit by Third Data Leak in a Week Amid “grep” Cyberattacks

Another day, another claim of Dell data breach!

Hackers claim a second Dell data breach within a week, exposing sensitive internal files via compromised Atlassian tools. Allegedly, data from Jira, Jenkins, and Confluence was leaked. Dell is already investigating the first incident.

On September 19, 2024, _Hackread.com_ **published an exclusive report** detailing claims of a Dell data breach involving sensitive information related to 10,863 Dell employees. The same hacker behind the original breach is now claiming that Dell has been “breached again,” suggesting a larger ongoing issue.

The hacker, who operates under the alias “grep” on the infamous cybercrime platform Breach Forums, posted these claims on Sunday, September 22, 2024. In this post, “grep” revealed that Dell has suffered another significant breach, this time with the help of a fellow hacker known as “Chucky.” Together, they allegedly compromised Dell’s internal systems, exposing confidential data.

According to “grep,” the breach contains data related to Jira files, database tables, and schema migrations, amounting to a total of 3.5 GB of uncompressed data. The hackers claim to have gained access by compromising Dell’s Atlassian software suite, including Jenkins and Confluence, widely used tools for software development and collaboration.

Here’s the exact message shared by the hacker on the forum:

_Compromised data: Jira’s files, DB tables, schema migration, etc., totalling_ 3.5GB uncompressed. This time, it was breached by Chucky. Before Dell makes any claims, we both compromised your Atlassian and accessed Jenkins, Confluence, etc.  
GDPR said time is ticking, by the way, _xD._

The hacker on Breach Forum announcing his leak (Screenshot credit: Hackread.com)

In response to the first alleged breach, Dell told _Hackread.com_ that it was aware of the situation and had launched an investigation. However, as of now, the company has not addressed the latest breach claims.

The _Hackread.com_ research team has analyzed some of the files and determined that they likely contain sensitive information about Dell’s internal infrastructure. This includes system configurations, user credentials, security vulnerabilities, and development processes. If confirmed, this information could potentially be leveraged to target Dell’s systems on a much larger scale.

Further review of the leaked files suggests that they belong to a variety of enterprise tools and environments used by Dell, including Jira, database tables, schemas, and Atlassian tools such as Jenkins and Confluence. For security reasons, we are withholding specific details of the compromised files.

Screenshot from the leaked data Screenshot credit: Hackread.com)

_Hackread.com_ has reached out to Dell for a comment and will update this article as the story develops.

1.  **Hacker Leaks Data of 33,000 Accenture Employees**
2.  **Acer Online Store Hacked; 34,000 Customers’ Data Stolen**
3.  **Hacker Leaks Thousands of Microsoft and Nokia Employee Data**
4.  **Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets**
5.  **Nissan Confirms Data Breach Affected 100K Customers, Employees**

Hackers Claim Second Dell Data Breach in One Week

A hacker claims Dell suffered a “minor” breach, exposing over 10,000 employee records. The incident raises cybersecurity concerns…

A hacker claims Dell suffered a “minor” breach, exposing over 10,000 employee records. The incident raises cybersecurity concerns amid ongoing threats targeting businesses by tricking employees into phishing and phone call scams.

A hacker using the alias “grep” claims that the technology giant Dell has experienced a “minor” data breach, resulting in the theft of over ten thousand (10,863) employee records.

This information was revealed by the hacker on the notorious hacker and cybercrime platform Breach Forums, where the allegedly stolen data was leaked earlier today, September 19, 2024. The hacker also claims that the breach occurred earlier this month.

The hacker on Breach Forums (Screenshot: Hackread.com)

The Hackread.com research team managed to analyze the data, which revealed the leak contained the following information:

*   **Full names**
*   **Employee** **ID**: A unique identifier for the employee.
*   **Employee Active Status**: Indicates whether the employee is currently active
*   **Employee DNO**: This may represent a department number or another internal identifier.
*   **Internal Employee ID**: A unique internal identifier that seems to be a hashed or encoded value.

There are only two email addresses associated with the @Dell.com domain. However, the good news is that there are no plain text passwords or other personally identifiable information (PII) included.

Screenshot from the leaked data (Credit: Hackread.com)

The bad news is that the leaked information still presents a major cybersecurity threat to Dell. Here’s how:

Recently, cybercriminals and state-backed hackers have been targeting businesses and organizations **through their employees**. A notable attack was uncovered by cybersecurity firm GuidePoint, which affected over 130 U.S. organizations across various industries. **The campaign** employed social engineering tactics, with threat actors posing as IT support staff to call employees and trick them into revealing their VPN credentials.

Dell’s alleged “minor” breach could provide threat actors with additional details about the company’s employees, making them more susceptible to phishing attempts or phone scams, as mentioned above.

****Wouldn’t be the first time for Dell****

This is not the first time Dell has made headlines for cybersecurity-related issues. In May 2024, the Round Rock, Texas-based company **disclosed a data breach** after another hacker on a breach forum attempted to sell 49 million alleged customer records.

Although the company did not disclose the exact number of affected customers at that time, the compromised data included full names, physical addresses, Dell hardware and order information, including service tags, item descriptions, order dates, and related warranty information.

Hackread.com has reached out to Dell, and this article will be updated accordingly if the company responds. Stay tuned!

1.  **Hacker Leaks Data of 33,000 Accenture Employees**
2.  **Acer Online Store Hacked; 34,000 Customers’ Data Stolen**
3.  **Hacker Leaks Thousands of Microsoft and Nokia Employee Data**
4.  **Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets**
5.  **Nissan Confirms Data Breach Affected 100K Customers, Employees**

Hacker Claims “Minor” Data Breach at DELL; Leaks Over 10,000 Employee Details

One of Silicon Valley’s most influential lobbying arms joins privacy reformers in a fight against the Biden administration–backed expansion of a major US surveillance program.

A trade organization representing some of the world’s largest information technology companies—Google, Amazon, IBM, and Microsoft among them—say its members are voicing strong opposition to ongoing efforts by the Biden administration to dramatically expand a key US government surveillance authority.

The US Senate is poised to vote Thursday on legislation that would extend a global wiretap program authorized under the Foreign Intelligence Surveillance Act (FISA). Passed by the House of Representatives last week, a provision contained in the bill—known as the Reforming Intelligence and Securing America Act (RISAA)—threatens to significantly expand the scope of the spy program, helping the government to compel the assistance of whole new categories of businesses.

Legal experts argue the provision could enable the government to conscript virtually anyone with access to facilities or equipment housing communications data, forcing “delivery personnel, cleaning contractors, and utilities providers,” among others, to assist US spies in acquiring access to Americans’ emails, phone calls, and text messages—so long as one side of the communication is foreign.

A global tech trade association, the Information Technology Industry Council (ITI), is now urging Congress not to pass RISAA without removing a key provision “dramatically expanding the scope of entities and individuals covered” by the program, known as Section 702. Changes to the 702 program included in the House bill, ITI says, would only serve to send customers in the US and abroad fleeing to foreign competitors, convincing many that technology in the US is far too exposed to government surveillance.

The group’s membership includes several major equipment manufacturers, such as Ericsson, Nokia, and Broadcom, as well as large cloud storage providers like Google, Microsoft, IBM, and Salesforce. “ITI’s position is that the provision should be removed,” the group’s communications director, Janae Washington, tells WIRED. “Our positions are based on member consensus.”

The individual ITI member companies WIRED contacted for their comment on the legislation did not immediately respond or declined to comment.

The provision under fire stems from a ruling handed down by the US government’s secret surveillance court—the FISA court—that oversees the 702 program. The program is designed to target the communications of foreigners, including calls and emails to and from US citizens. To this aim, the federal statute specifies that the government may compel the assistance of businesses that fall into the category of what it calls “electronic communications service providers,” or ECSPs.

Companies like Google and AT&T have typically fallen into this category as direct providers of the services being wiretapped; however, the US government has also moved in recent years to interpret the term more broadly as part of an effort to expand the roster of entities whose assistance it’s allowed to compel.

The FISA court, in a decision backed by its own review body, pushed back against the expanded definition, telling the government that what constitutes an ECSP remains “open to reconsideration by the branches of government whose competence and constitutional authority extend to statutory revision.”

More concisely: The court reminded the government that only Congress has the power to rewrite the law.

The US Intelligence Community (IC) thus began a campaign to ensure that this year’s legislation reauthorizing the 702 program redefines “ECSP” to address what it calls a “collection gap resulting from recent court opinions.”

Internal emails obtained by WIRED show that members of the House Intelligence Committee served as intermediaries for the IC in its campaign to convince Congress to support the provision. An email circulated to House members in February by Michael Calcagni, the intel committee’s deputy staff director, for instance, informed lawmakers that the “collection gap” was both “serious and dangerous” and that “contrary to unsubstantiated assertions, it would not authorize or enable the Government to conduct surveillance of any American who connects to public WiFi at a Starbucks or McDonalds.”

One of the nation’s leading FISA experts, Marc Zwillinger, a private attorney who has twice appeared before the FISA Court of Review, began raising the alarm in December over the provision, pointing to text that would allow the government to compel the assistance of “any service provider” with access to “equipment that is being or may be used to transmit or store” communications, so long as one of the recipients is a foreigner reasonably believed to be overseas.

While rejecting Zwillinger’s analysis publicly, House intel members nevertheless attempted to quietly “narrow” the provision to clamp down on any criticism, excluding a handful of business types such as senior centers, hotels, and coffee shops. In a follow-up last week, Zwillinger and other attorneys who’ve made rare appearances before the FISA court characterized the intel committee’s improvements as “marginal,” saying the need for the exclusions only served to demonstrate the government is overreaching.

The provision, Zwillinger says, continues to ensnare owners and operators of facilities housing equipment used to store and carry data, “such as data centers and buildings owned by commercial landlords, who merely have access to communications equipment in their physical space.” The text could be interpreted to extend to “delivery personnel, cleaning contractors, and utility providers.” And while the new provision excludes businesses like coffee shops, those businesses typically rely on cloud computer services whose equipment remains subject to the 702 program’s expanded scope.

“Although the effects of this provision may be unintentional, its impacts would be very real,” ITI’s senior vice president of policy, John Miller, says. “The language in the provision vastly expands the US government’s warrantless surveillance capabilities, damaging the competitiveness of US technology companies large and small, and arguably imperiling the continued global free flow of data between the US and its allies.”

Should it become apparent to the world that America’s top IT companies—data centers, cloud providers, and security services alike—have been turned into a watering hole for the US Intelligence Community, many customers will “likely look to foreign competitors,” Miller says, companies whose technologies are viewed as less exposed to clandestine government requests.

“There is no greater responsibility of the US government than to provide for the security of the country,” he says, adding it was incumbent upon to craft legislation to address national security concerns “in a focused way.”

_Updated 4/17/2024, 6:30 pm ET: Added additional details clarifying ITI's position on RISAA._

Tag

#nokia