Charter Communications Confirms Data Breach
Charter Communications, one of the largest broadband providers in the United States, has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. The company serves tens of millions of residential and business customers through its Spectrum brand.
In a statement, Charter said it is alerting authorities about the incident and that no sensitive personal customer information was stolen. However, the ShinyHunters group claims to have stolen 40 million records containing customer names, email addresses, addresses, phone numbers, phone type, plan information, and some customer proprietary network information (CPNI) data.
ShinyHunters Extortion Threat
The ShinyHunters group claimed to have breached Charter on April 1 through a voice phishing (vishing) attack that compromised an employee's Microsoft Entra account. The threat actors used this access to export millions of customer records from the company's Salesforce instance.
According to the threat actor, the stolen records contain customer support ticket data, in addition to the aforementioned personal information. Charter was contacted again about the threat actor's claims, but the company referred back to its original statement.
ShinyHunters' Social Engineering Campaigns
ShinyHunters has been conducting widespread social engineering campaigns that target employees and business process outsourcing (BPO) agents' Microsoft Entra, Okta, and Google single sign-on (SSO) accounts. After gaining access to a corporate SSO account, the threat actors steal data from connected software-as-a-service (SaaS) applications such as Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and many others.
This stolen data is then used to extort the company by threatening to leak the data if a ransom is not paid. Salesforce has been a popular target of the extortion gang, with the threat actors breaching numerous integration companies to steal OAuth tokens that can then be used to access Salesforce instances.
Recent Attacks by ShinyHunters
More recently, ShinyHunters conducted multiple attacks against the education technology firm Instructure, resulting in Canvas outages and the theft of data from tens of millions of students. Instructure said it ultimately reached an 'agreement' with the extortion gang, meaning it likely paid a ransom to prevent the public release of the stolen data.
The incident highlights the importance of protecting against social engineering attacks and the need for companies to have robust security protocols in place to prevent such breaches. Charter's confirmation of the data breach serves as a reminder of the ongoing threat posed by extortion groups like ShinyHunters.
- Charter Communications confirmed a data breach after ShinyHunters extortion threat
- The breach affects millions of customer records, including personal information and CPNI data
- ShinyHunters used a voice phishing attack to compromise an employee's Microsoft Entra account
- The threat actors stole data from Charter's Salesforce instance and used it to extort the company
- ShinyHunters has been conducting social engineering campaigns targeting employees and BPO agents' SSO accounts
As the threat landscape continues to evolve, companies must remain vigilant and take proactive steps to protect against such attacks. This includes implementing robust security protocols, conducting regular security audits, and educating employees on the risks of social engineering attacks.
The incident serves as a reminder of the importance of protecting against social engineering attacks and the need for companies to have robust security protocols in place to prevent such breaches.
Charter's confirmation of the data breach is a significant development in the ongoing saga of cyber attacks and extortion threats. As the situation continues to unfold, it remains to be seen what further actions will be taken by the company and law enforcement agencies to address the breach and prevent similar incidents in the future.
Conclusion
In conclusion, the Charter data breach is a significant incident that highlights the ongoing threat posed by extortion groups like ShinyHunters. The breach serves as a reminder of the importance of protecting against social engineering attacks and the need for companies to have robust security protocols in place to prevent such breaches.
As the threat landscape continues to evolve, companies must remain vigilant and take proactive steps to protect against such attacks. This includes implementing robust security protocols, conducting regular security audits, and educating employees on the risks of social engineering attacks.
By taking these steps, companies can reduce the risk of a data breach and protect their customers' personal information. The Charter data breach is a significant incident that serves as a reminder of the importance of cybersecurity and the need for companies to prioritize the protection of their customers' data.
Source: BleepingComputer