Logins for Apple data centers and others found online

Hackers have been busy

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Unknown hackers have reportedly managed to steal login information for data centers used by some of the world’s biggest tech and banking companies, researchers have claimed.

Cybersecurity researchers from Resecurity recently reported how a threat actor breached GDS Holdings and ST Telemedia Global Data Centers - two of the largest third-party data center companies in Asia. Between them, these providers cover some of the world’s biggest brands, includingApple,Amazon, BMW, Goldman Sachs, and others.

In total, roughly 2,000 companies were at risk.

Devastating consequences

Devastating consequences

In the breach, the hackers obtained customer support logins for Apple and other firms, were able to access internet-connected security cameras and could have even used the stolen data to gain physical access to the servers (as customer support usually has access to these things).

Although the incident happened two years ago, Resecurity noted it has only just been reported, with the threat actors apparently using the compromised login credentials until January 2023, when the two data center firms finally reset them and locked the attackers out.

While any compromise is damaging, physical access to the endpoints was particularly concerning. Speaking to9to5Mac, Malcolm Harkins, former chief security and privacy offer ofIntel, said this type of compromise could have “devastating consequences.”

Apple’s PC and mobile chips suffer from world-first data theft exploit>Apple releases security fix for iPhone and Mac zero-day flaw, so update now>These are the best firewalls today

As for the surveillance cameras, more than 30,000 were compromised, it was said. Most of them had weak, or factory defaultpasswords, such as “admin” or “admin12345”, it was said.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

So far, most of the affected companies have no comment. According to Bloomberg, a few did reach out to media inquiries and said that the incident did not impact their operations (yet). BMW said the incident had “a very limited impact.”

Both GDS Holdings and ST Telemedia tried to minimize the importance of the breach, the media said.

Via:9To5Mac

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats