Cybercriminals have stolen data from two of the largest data centres in Asia — GDS Holdings Ltd. and ST Telemedia Global Data Centres — which includes credentials for several Fortune 500 companies, including Apple, Amazon, BMW, Huawei, Microsoft, Walmart, Goldman Sachs and Alibaba Group.
According to cybersecurity research firm Resecurity, the attackers got a hold of the login credentials of GDS and STT GDC and got information like “credentials, e-mail, cellphone, and ID card references” of about 2000 of their clients. The cybercriminals have likely accessed the customer portals of 10 different organisations using the stolen credentials, and several are based in India.
Among the organisations affected in India, the attackers were able to access accounts of the National Internet Exchange of India, MyLink Services, Skymax Broadband Services and Logix InfoSecurity. Bharti Airtel’s login credentials were also leaked; however, there is no indication that their portals were accessed. China’s Foreign Exchange Trade System account was also accessed by cybercriminals.
The login credentials could allow the attackers to impersonate authorised users on the customer service websites of the aforementioned companies. Even without a password or an invalid one, the attackers could still send targeted phishing emails to people within the company or the customers.
The cybercriminals had access to the login credentials for a year before posting them for sale for $175,000, as reported by Bloomberg.
The researchers spotted the data for sale on BreachForum, which has gained popularity since law enforcement took down RaidForum. While one of the posts selling the data stolen from STT GDC is still live, the one with the GDS database seems to have been taken down.
GDS has also acknowledged that its customer-support website was hacked in 2021, and the vulnerability has since been fixed. The cybercriminals obtained emails and passwords for over 3000 GDS employees and customers and over 1000 from STT GDC.
Moreover, the cybercriminals also gained access to credentials of over 30,000 surveillance cameras on GDS’ network with easy-to-crack generic passwords like “admin”.
The number of login credentials obtained by the hackers for customer-support websites of the Fortune 500 companies mentioned above is as follows.
- Alibaba: 201
- Amazon: 99
- Microsoft: 32
- Baidu: 16
- Bank of America: 15
- Bank of China: 7
- Apple: 4
- Goldman Sachs: 3
It’s important to note that even a single working login credential is enough to access a company’s account on its customer service portal.
Other companies whose login credentials were leaked include Bharti Airtel, Bloomberg, ByteDance, Ford Motors, Globe Telecom, Mastercard, Morgan Stanley, Paypal, Porsche, SoftBank, Telstra, Tencent, Verizon and Wells Fargo.
“The application targeted by hackers is limited in scope and information to non-critical service functions, such as making ticketing requests, scheduling physical delivery of equipment and reviewing maintenance reports,” GDS told Bloomberg. “Requests made through the application typically require offline follow-up and confirmation. Given the basic nature of the application, the breach did not result in any threat to our customers’ IT operations”
Shanghai-based GDS and Singapore-based STT GDC are two of the biggest data centres in Asia. The parent company of STT GDC, Singapore Technologies Telemedia Pte, also holds a 40% stake in GDS.
STT GDC said that there was no unauthorised access and no data was stolen as a result and the credentials obtained by the researchers are “partial and outdated” pulled from their “customer ticketing applications”.
In the News: Over 15,000 malicious packages found in NPM