[TheRecord] Hackers stole Puma source code, no customer data, company says

Hackers have stolen information from sportswear maker Puma and are currently trying to extort the German company into paying a ransom demand, threatening to release the stolen files on a dark web portal specialized in the leaking and selling of stolen information.

The entry advertising the Puma data was added on the site more than two weeks ago, at the end of August, The Record has learned.

“It was a PUMA source code for an internal application, which was leaked,” Robert-Jan Bartunek, head for Puma’s corporate communications, told The Record last week.

“No consumer or employee data was affected,” Bartunek added.

Image: The Record

The hackers claim to be in possession of more than 1 GB of Puma data.

To prove their claims, the threat actors leaked some sample files, which, based on their structure, suggest the attackers might have been obtained Puma’s data from a Git source code repository.

Image: The Record

The data is currently listed on a dark web portal named Marketo. Launched in April this year, the site operates in a simplistic fashion.

At first, site administrators list upcoming victims and then add some sort of proof (usually a small downloadable archive) that they breached their network.

If the victimized company does not cooperate with the hackers, their data is leaked on the site, either as a free download or for exclusive VIP members.

The site claims to list data provided by multiple hacking groups and that it does not work with ransomware gangs.

“Right now, I can say that Puma haven’t contacted us yet,” the administrator of the dark web leak portal told The Record in a conversation last week.

“The rest of the data would be released if Puma will decline the negotiations,” they added.

Other names listed on the site currently include the likes of Siemens Gamesa, Kawasaki, Fujitsu, and more than 20 others. In a statement to ZDNet‘s Jonathan Greig, Fujitsu said last week that the data listed on Marketo was not connected to a cyberattack on its network, suggesting it might have been obtained from a third party.

The post Hackers stole Puma source code, no customer data, company says appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Mirai-Based ‘Manga’ Botnet Targets Recent TP-Link Vulnerability

All posts, Security Week

A newly discovered variant of the Mirai-based Manga botnet is targeting a vulnerability in TP-Link routers that was addressed last month. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] China’s personal data protection law kicks in today

All posts, ZDNet

Passed in August, the Personal Information Protection Law takes effect on November 1, spelling out rules around data collection, use, and storage, as well as what international companies must do when they transfer data out of the country. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SecurityWeek] Creating an Effective Threat Hunting Program with Limited Resources

All posts, Security Week

Developing various data sets for threat hunting engagements will further mature your program and help uncover the unknown read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.