Yazılar

Qantas Confirms Customer Data Released by Hackers Months After Cyber Breach

/in /tarafından

Australia’s national airline, Qantas Airways, has confirmed that customer data stolen during a July cyberattack has now been released online by cybercriminals. The airline said it was one of several companies targeted globally in the breach, which compromised the personal information of millions of passengers.

In the July incident, Qantas revealed that over one million customers had sensitive data — including phone numbers, dates of birth, and home addresses — accessed by hackers. An additional four million customers had their names and email addresses stolen, marking one of the largest data breaches in Australia’s recent history.

Qantas said the data was stolen through a third-party platform and has since been published by the hacker group known as Scattered Lapsus$ Hunters after the company missed a ransom deadline. “With the help of specialist cybersecurity experts, we are investigating what data was part of the release,” Qantas said in a statement.

The airline also confirmed that an injunction remains in place to prevent the use or further distribution of the stolen information. The July attack is among the most serious since cyber incidents targeting telecom firm Optus and health insurer Medibank in 2022, which led to tighter cybersecurity laws in Australia.

Google says over 100 firms likely hit in Oracle-linked hacking campaign

/in /tarafından

Google warned that more than 100 companies may have been compromised in a massive cyberattack targeting Oracle’s E-Business Suite, a core system used by corporations to manage supply chains, customer data, and manufacturing operations.

In a statement released Thursday, Google said “mass amounts of customer data” were stolen in the attack, which may have begun three months ago. The company attributed the breach to the CL0P ransomware group, known for large-scale cyber intrusions exploiting third-party software vulnerabilities.

“This level of investment suggests the threat actor dedicated significant resources to pre-attack research,” Google’s cybersecurity division said. Analyst Austin Larsen added that while dozens of victims have been confirmed, “based on the scale of previous CL0P campaigns, it is likely there are over a hundred.”

The breach appears to have targeted Oracle’s E-Business Suite, used by corporations worldwide to manage sensitive operations including logistics, customer relations, and payments. Oracle has not publicly commented beyond acknowledging ongoing extortion attempts against some clients.

CL0P, which has previously claimed responsibility for major data thefts, told Reuters earlier this week that Oracle had “bugged up their core product.” The group is reportedly threatening to publish stolen data unless ransom demands are met.

Cyber experts say the scale of the attack could rival the MOVEit hack of 2023, underlining the growing risk of supply chain breaches that exploit trusted enterprise software systems.

Hacker Group Claims Theft of Nearly 1 Billion Salesforce Records; Company Denies Breach

/in /tarafından

A hacker collective calling itself “Scattered LAPSUS$ Hunters” claims to have stolen nearly 1 billion records linked to Salesforce, the global cloud software giant, by targeting companies that use its platform. The group—believed to be behind recent ransomware attacks on major U.K. retailers including Marks & Spencer, Co-op, and Jaguar Land Rover—told Reuters the stolen data contains personally identifiable information (PII).

Salesforce, however, firmly denied that its systems were compromised. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology,” a company spokesperson said.

One hacker, identifying themselves as “Shiny,” told Reuters that the group did not directly hack Salesforce infrastructure but instead exploited its customers through “vishing”—a voice-phishing technique where attackers impersonate employees in calls to IT help desks to gain system access.

The group published a leak site on the dark web on Friday listing around 40 allegedly hacked companies, though it remains unclear how many are Salesforce clients. Both Salesforce and the hackers declined to confirm whether any ransom demands had been made.

In a June report, Google’s Threat Intelligence Group (TAG)—which tracks the hackers as “UNC6040”—said the group had been highly effective at deceiving employees into installing modified versions of Salesforce’s Data Loader, a proprietary tool used to import large volumes of customer data.

Google researchers also noted that the attackers’ infrastructure overlaps with an amorphous cybercriminal network known as “The Com”, a loosely connected ecosystem infamous for social engineering, ransomware, and even violent activity.

The claims come amid an ongoing U.K. police investigation into the earlier wave of cyberattacks that disrupted retail operations nationwide. In July, authorities arrested four individuals under 21 suspected of involvement in the breaches.

While Salesforce’s denial suggests its core systems remain intact, the episode underscores a growing cybersecurity challenge: attackers are increasingly bypassing well-secured platforms by manipulating the humans who use them.

As digital ecosystems become ever more interconnected, the breach—real or exaggerated—illustrates how even the most secure cloud providers can be dragged into the fallout of their customers’ weakest link: trust.