Red Hot Cyber
Cybersecurity is about sharing.
Recognize the risk, combat it, share your experiences,
and encourage others to do better than you.
Luca Galuppi : 31 October 2024 08:32
Recently, the notorious Threat Actor, identified by the nickname 888 , claimed to have breached IBM systems and stolen personal data belonging to the company’s employees. The leak, dated October 2024, allegedly resulted in the compromise of approximately 17,500 rows of data.
At this time, we cannot confirm the veracity of the news, as the organization has not yet released any official press release on its website regarding the incident. Therefore, this article should be considered as ‘intelligence source’.
According to 888, the breach resulted in the data of approximately 17,500 individuals being compromised. The exfiltrated information is said to contain: names, mobile phone numbers, and international area codes, mostly associated with employees with the international prefix “+91,” suggesting that the incident primarily affected IBM personnel in India. While the extent of the attack appears to be concentrated in a specific geographic area, it is possible that the theft could extend to other regions, thus amplifying the potential impact of this alleged attack.
Prova Gratuitamente Business Log! L'Adaptive SOC italiano
Proteggi la tua azienda e ottimizza il tuo lavoro grazie al SOC di Business Log, il software leader per audit, log management e cybersicurezza realizzato in Italia. Business Log garantisce:
The data leak, disclosed through the popular site BreachForums, accuses IBM and its partners of a serious security vulnerability , fueling deep concerns about the protection of personal data.
At this time, we are unable to precisely confirm the accuracy of the reported information, as no official press release has been released on the website regarding the incident.
The reported incident once again highlights the vulnerability of large companies and the importance of protecting sensitive data managed by third parties, especially in a corporate context with distributed and global networks. This alleged attack is a further signal to companies: Cybersecurity is not just a cyber defense, but a real business strategy, critical to maintaining customer trust and ensuring employee privacy.
As usual, we always leave room for a statement from the company if they want to give us updates on the matter. We will be happy to publish this information with a specific article highlighting the issue.
RHC will monitor the development of the story in order to publish further news on the blog, if there are substantial developments. If there are people informed about the facts who want to provide information anonymously, they can use the encrypted email of the whistleblower.
Luca Galuppi