[BreachExchange] 1GB of Puma Data is Now Accessible on Marketo

Wed Sep 15 08:26:42 EDT 2021

https://www.ehackingnews.com/2021/09/1gb-of-puma-data-is-now-accessible-on.html

Hackers have stolen data from Puma, a German sportswear firm, and are now
attempting to extort money from the corporation by threatening to expose
the stolen files on a dark web page specialized in the leaking and selling
of stolen data. The Puma data was posted on the site more than two weeks
ago, near the end of August.

The publication claims that the threat actors took more than 1 GB of
private information, which would be sold to the highest bidder on an
unlawful marketplace, according to Security Affairs analysts. This
operation appears to be devoted only to the theft and sale of private
information, ruling out the possibility that it is a ransomware offshoot.

To back up their claims, the threat actors released some sample files that,
based on their structure, suggest the attackers got Puma's data from a Git
source code repository. The information is now available on Marketo, a dark
web platform. The platform, which was launched in April of this year, is
quite simple to use.

Users can register on the marketplace, and there is a section for victim
and press inquiries. Victims are given a link to a private chat room where
they can negotiate. Marketo includes an overview of the company,
screenshots of allegedly stolen data, and a link to a "evidence pack," also
known as a proof, in each of the individual postings. They utilise a blind
bidding mechanism to auction sensitive data in the form of a silent
auction. Users place bids depending on how much they believe the data is
worth.

Site administrators first compile a list of potential victims, then provide
proof (typically in the form of a small downloadable archive) that their
network has been infiltrated. If the victimised firm refuses to cooperate
with the hackers, their data is exposed on the web, either for free or for
VIP members only. The website claims to compile data from a variety of
hacking groups but does not cooperate with ransomware gangs.

“Right now, I can say that Puma haven’t contacted us yet,” the
administrator of the dark web leak portal told The Record in a conversation
last week. “The rest of the data would be released if Puma will decline the
negotiations,” they added.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210915/e8d544a8/attachment.html>