June 21, 2024

More MOVEit Hack Victims Revealed, Tens of Millions Could Follow

The biggest hack of 2023 is far from over. Months after MOVEit, a popular file-transfer software, suffered a series of high-profile cyberattacks, more victims are coming out about having their information compromised.

However, this might not be the full picture – it’s estimated that the coming months might reveal tens of millions more victims.

The MOVEit hack is more than just a cyberattack campaign. It is a series of related cyberattacks that still continue to claim more victims long after the vulnerability in the file-transfer software was reportedly patched.

Over 60 Million Victims and Counting

The hack took place in May after the “Clop” data extortion gang managed to carry out the mass exploitation of vulnerabilities in MOVEit systems.

Data belonging to a vast array of businesses and government organizations were compromised in the MOVEit hack. These included the likes of Shell, British Airways, and the United States Department of Energy.

On October 2, Progress Software released fixes for two more critical-rated vulnerabilities in the software.

According to the latest reports by security vendor Emsisoft, the number of known victim organizations has already crossed the 2,000 mark. As many as 62,054,613 individuals have been affected already, and many more are likely to follow.

Progress Software, the company behind MOVEit, patched out the vulnerability exploited by the hackers near the end of May.

While the adoption of the patch finally brought the attacks to a halt, the “Clop” cybercriminal gang had already carried out a massive heist of sensitive information. The actual extent of the devastating campaign continues to come into view months after it occurred.

Ontario’s government birth registry, BORN Ontario, revealed last week that it was the victim of a MOVEit-related attack earlier this year. Hackers have reportedly stolen sensitive personal data from 3.4 million people, which include 2 million babies, expectant parents, and people seeking fertility care. As stated by BORN Ontario, the compromised information spans over a decade, dating from January 2010 to May 2023.

I don’t think we’re done hearing about this by any means. We’re going to keep seeing that rolling disclosure over probably the next few months.Emily Austin, a senior researcher and security research manager at Censys

She also added that the affected companies are carrying out investigations of their own and notifying affected customers.

A Software Supply Chain Security Crisis

As pointed out by Austin, two versions of the MOVEit service were vulnerable – MOVEit Cloud, the cloud service, and MOVEit transfer, the local version of the software run by organizations on their premises.

The issue, however, is that not all the victim organizations were directly using MOVEit.

In 2020, Clop exploited flaws in Accellion networking equipment to launch a massive data extortion campaign.

Rather, they had contracted a vendor or collaborated with a third party that uses the file transfer service, rendering their data vulnerable. Hackers stole whatever data they could access on compromised MOVEit systems, which in some cases included information from several organizations.

MOVEit and similar centralized data repositories have turned into attractive targets for cybercrime groups like Clop. Earlier this year, the gang claimed to have breached more than 100 organizations by exploiting the GoAnywhere file transfer tool.

However, Clop claims to hold zero information on government, city, or police services. “We are only financially motivated”, the gang wrote in a post on its dark web leak site, adding that it would do the polite thing” and delete all government-related data.

TikTok Coin Hack: A Comprehensive Overview
Le changement de jeu ultime : Les pièces gratuites sur TikTok
Expert Recommendations: Coin Master Free Spin Hack
The Science of Avacoins Farming in Avakin Life
Free TikTok Coins: The Game Changer
Comprendre les générateurs de pièces TikTok : Mythes vs réalité
Mastering the Art of Earning Free Coins in LivU Video Chat
Earn Free Spins in Coin Master Like a Pro
Avakin Life Avacoins Farming Techniques: Unveiled
Free Credits in Bingo Blitz: The Ultimate Game Changer
Coin Master Spins Farming: Tips for Success
genshin impact codes for free primogems mora in january 2023
ZEPETO Zems Farming: What Every User Should Know
match masters free boosters match masters daily gifts
Free TikTok Coins: Your Path to Fame
Free Gems in Brawl Stars: The Future of Brawl Gaming
how to get free gems in dragon city 2023 dontruko
hack family island cheats gift codes resources speedup rubies
TikTok Coin Generators: Fact vs. Fiction
Desbloquea Monedas Gratis en TikTok: Tu Guía Definitiva
Maximize Your TikTok Earnings with Free Coins
TikTok Coin Hacks: The Complete Guide
Obtenez des pièces TikTok gratuitement en quelques étapes simples
Free TikTok Coins: The Game Changer
Free TikTok Coins: Insider Secrets
Guadagnare Monete Gratis su TikTok: Sfide e Ricompense
Maximize Your LivU Video Chat Experience with Free Coins
The Ultimate Game Changer: Free Spins in Coin Master
Free Avacoins in Avakin Life: The Key to Virtual Luxury
The Art of Earning Credits in Bingo Blitz

Leave a Reply

Your email address will not be published. Required fields are marked *