[BreachExchange] Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm 'hack'

Destry Winant destry at riskbasedsecurity.com
Tue May 12 10:11:45 EDT 2020


https://www.theregister.co.uk/2020/05/12/papa_dont_breach/

Hackers are threatening to release 756GB of A-list celebs' contracts,
recording deals, and other personal info allegedly stolen from a New
York law firm.

The miscreants have seemingly got their hands on confidential
agreements, private correspondence, contact details, and other
information belonging to superstars, including Madonna, Christina
Aguilera, Sir Elton John, Run DMC, Bruce Springsteen, Barbra
Streisand, and Lady Gaga, and their representatives.

The data was swiped by the REvil, aka Sodinokibi, malware-slinging
gang best known for taking down Travelex, infosec biz Emsisoft's Brett
Callow told The Register.

A Tor-hidden website belonging to REvil, which lists dozens of
organizations compromised by the crew, includes screenshots of
folders, a non-disclosure agreement, Madonna's 2019-2020 tour
arrangements, and Aguilera's music rights as proof of its cyber-heist.

The gang claims to have hacked entertainment law firm Grubman Shire
Meiselas & Sacks, based in the Big Apple, and siphoned its documents.

Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents
after contractor refuses to pay

The law firm could not be reached for comment. We assume they were
otherwise occupied. Their website right now just shows its logo
whereas as recently as May 8, it listed its clients and staff.

"The documents purportedly include information about multiple music
and entertainment figures, including: Lady Gaga, Madonna, Nicki Minaj,
Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah
Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra,
Idina Menzel, HBO’s 'Last Week Tonight With John Oliver,' and Run DMC.
Facebook also is on the hackers’ hit list," reported showbiz industry
mag Variety, which was also tipped off by Emsisoft.

The law firm also represents big name personalities in TV, film, and
sport, and media and online giants, from Kate Upton and Robert De Niro
to Sony, Spotify, Vice, and EMI. It is assumed the swiped data was
partially leaked to encourage the lawyers to cough up a ransom demand
– or the rest of the information would spill onto the dark web. ®


More information about the BreachExchange mailing list