In the last days, A group of attackers carried out a cyber attack against Telefónica, the renowned telecommunications operator, which resulted in the leak of 2,3 GB of internal dataThis data belongs to the Jira ticketing system, a tool used by employees to manage incidents and technical support requests within the company.
A group of cybercriminals using the aliases DNA, Grep, Pryx and Rey carried out the attack and leaked the information on a hacking forum. The cybercriminals have put the stolen data up for sale through a token system that buyers must acquire using cryptocurrency.
What data has been compromised?
This is not the first time that Telefónica has been attacked, but if it is One of the most talked about due to the leak of data from clientsThe stolen information includes: 236.493 customer data lines, 469.724 internal ticket records and over 5.000 internal documents in various formats such as CSV, PDF, DOCX and PPTX.
However, Telefónica has assured that Residential customer data is not compromised, as the leaked information is restricted to internal company use. The company confirmed in statements to several media outlets that The attackers used an employee's online credentials to perform unauthorized access.Since the incident began, immediate steps have been taken to block unauthorized access and reset passwords for affected accounts.
Actions undertaken by Telefónica
In an official statement, Telefónica has indicated that it is still investigating the scope of the incident. According to the company: From the outset, the necessary measures have been taken to block any unauthorized access to the system and ensure the security of the information.
In addition, Telefónica has stressed that its priority is to protect both the data of its employees like those of their Clients.
This is not the first time that the operator has faced cybersecurity problems. In May of last year, another leak was reported that affected 120.000 users and employees, which shows that large companies are not exempt from the risks associated with cybercrime.
The modus operandi of hackers
The attackers behind this leak, identified as DNA, Grep, Pryx and Rey, have been linked to other similar attacks, including one on Schneider Electric in which they compromised 40 GB of informationIn this case, as with Telefónica, they used compromised employee credentials to access internal systems, which highlights the importance of strengthen security measures in large companies.
Selling data using cryptocurrencies and tokens is a recurring strategy of these groups, who seek to obtain economic benefits before companies can implement solutions or legal actions to mitigate the damage.
Implications of the leak
The incident has highlighted the Need to improve cybersecurity infrastructures in the business sector. Although Telefónica has managed to contain the damage and ensure that the data of its residential customers has not been compromised, the scale of the attack leaves open questions about the effectiveness of its prevention and response systems.
The attack also underscores the risks associated with the management of credentials by employees. The use of strong passwords and the implementation of advanced authentication systems, such as two-factor authentication, could have partially mitigated the consequences of this cyberattack.
For now, the Telefónica leak is still being investigated to determine the full scope of the leak and to assess whether there are additional measures that can be implemented to prevent future attacks. This case is reminiscent of the Importance of protecting cybersecurity in an increasingly digitalized world, where companies manage massive amounts of data that, if not properly protected, can fall into the wrong hands.