Malware

Breaking the Silence: Cylance Confirms Data Breach Tied to a “Third-Party” Platform



Picture this: you’re sitting in a coffee shop, minding your own business, when suddenly, the door bursts open and someone yells, “There’s a thief among us!” Everyone freezes, and you can feel the tension in the air. Now, imagine that the coffee shop is the world of cybersecurity, and the thief is a data breach. This is what happened recently when Cylance, a leading cybersecurity company, confirmed a data breach linked to a “third-party” platform. Let’s dive into the details, and more importantly, what this means for you and the future of cybersecurity.



What Happened at Cylance?



According to Cylance, the breach occurred on an unnamed third-party platform, and they acted quickly to contain the situation. The company stated that no Cylance systems or products were compromised, but the exact extent of the breach is still under investigation. They’re working closely with law enforcement agencies and third-party cybersecurity experts to determine the full extent of the damage.



To be clear, this is not a small issue. Cylance is one of the leading cybersecurity companies in the world, boasting a client base that includes Fortune 100 companies and government agencies. The fact that a breach occurred on their watch raises some serious questions about the state of security in the digital age.



An Eye-Opening Reality



This data breach serves as a stark reminder that even the experts aren’t immune to the risks of cybercrime. The reality is, cybercriminals are becoming more sophisticated and relentless in their efforts to infiltrate networks and steal sensitive data. In fact, since the beginning of the COVID-19 pandemic, there has been a 600% increase in cybercrime, according to the United Nations.



As the world becomes more interconnected through technology, the stakes are higher than ever. A single breach can have far-reaching consequences, from financial ruin to the erosion of trust in the companies and institutions we rely on daily. In other words, the coffee shop thief doesn’t just steal your wallet; they can topple the entire house of cards.



What Can You Do to Protect Yourself?



First and foremost, it’s essential to stay informed about the latest cybersecurity threats and best practices for safeguarding your digital assets. Knowledge is power, and staying one step ahead of the cybercriminals is crucial in this high-stakes game of cat and mouse.



Additionally, investing in comprehensive cybersecurity solutions for your home and business is a smart move. This includes antivirus software, firewalls, and secure password management tools. Remember, prevention is always better than cure.



Stay Informed and Stay Safe



As the Cylance data breach unfolds, we’ll keep you updated with the latest information and insights. Our mission is to help you navigate the complex, ever-changing landscape of cybersecurity, and empower you to protect your digital world.



Don’t let the coffee shop thief catch you off guard. Reach out to us, stay informed, and together, we’ll weather this storm and emerge stronger and more resilient than ever.

Protecting Your Data: Lessons from the Cylance Data Breach

Hey there, my friend! What could be more important than keeping our personal data safe in today’s world? I’m sure you’ve heard about data breaches in the news, and you might be thinking, “How can I protect my data?”. Well, you’re in the right place! Let me tell you a story about the recent Cylance data breach and what we can learn from it.

What Happened in the Cylance Data Breach?

First things first, let’s understand what happened. Cylance, a cybersecurity company, recently confirmed a data breach affecting their users. Now, you might be thinking, “A cybersecurity company was hacked? How ironic!” Yes, it is. But here’s the catch: the breach wasn’t due to their own security systems. It was linked to a third-party platform they used. This is a crucial lesson for all of us.

Why Should We Care?

Great question! We should care because data breaches can cause serious harm. Personal information can be used for identity theft, financial fraud, and more. In fact, 16.7 million Americans were victims of identity theft in 2017, with losses totaling $16.8 billion! That’s a lot of people and money, right?

What Can We Learn from the Cylance Data Breach?

Now that we know why we should care, let’s learn some lessons from the Cylance data breach. Here are three takeaways:

  1. Third-Party Platforms Matter: In this case, the breach wasn’t due to Cylance’s own security but a third-party platform they used. So, when choosing services, make sure they have strong security measures in place.
  2. Stay Informed: Keep yourself updated on the latest cybersecurity news and trends. Staying informed can help you make better decisions to protect your data.
  3. Use a Multi-Layered Approach: Don’t rely on a single security measure. Instead, use a combination of tools and techniques to safeguard your data. This includes strong passwords, two-factor authentication, and regular software updates.

How Can You Protect Your Data?

Now that you’ve learned some lessons, let’s talk about how you can protect your data. Here are some tips:

  • Choose your service providers wisely: Make sure the companies you trust with your data have strong security measures in place.
  • Never reuse passwords: Using the same password for multiple accounts makes it easier for hackers to access your data. Use a unique, strong password for each account.
  • Enable two-factor authentication: This adds an extra layer of security to your accounts and makes it harder for hackers to break in.
  • Keep your software updated: Regularly update your devices and software to ensure you’re protected against the latest threats.

Remember, Knowledge is Power!

As we wrap up, remember that protecting your data is an ongoing process. The more you know, the better equipped you’ll be to keep your data safe. I hope you found this information helpful, and I encourage you to continue learning about cybersecurity. So, what are you waiting for? Contact us and keep coming back to learn more about how you can protect your data!

Published

on

Cybersecurity company Cylance recently confirmed the legitimacy of data being sold on a hacking forum, explaining that it is old data stolen from a “third-party platform.”

A cybercriminal known as Sp1d3r is selling this stolen data for $750,000, as first discovered by Dark Web Informer.

This data allegedly includes a substantial amount of information, such as 34,000,000 customer and employee emails and personally identifiable information belonging to Cylance customers, partners, and employees.

However, researchers have informed us that the leaked samples appear to be old marketing data used by Cylance.

BlackBerry Cylance told us that they are aware of and investigating the cybercriminal’s claims, but no “BlackBerry data and systems related to [..] customers, products, and operations have been compromised.”

“Based on our initial reviews of the data in question, no current Cylance customers are impacted, and no sensitive information is involved,” the company added.

“The data in question was accessed from a third-party platform unrelated to BlackBerry and appears to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio.”

Cylance data for sale (Dark Web Informer)

​Links to Snowflake attacks

While the company has yet to reply to a follow-up request for more details regarding the name of the third-party platform that was breached to steal what it claims to be old data, the same cybercriminal is also selling 3TB of data from automotive aftermarket parts provider Advance Auto Parts, stolen after breaching the company’s Snowflake account.

We found a link to a Snowflake web management console located at https://cylance.snowflakecomputing.com/ that appears to be linked to Cylance. However, a BlackBerry spokesperson told us that the dashboard is “old and invalid” and “BlackBerry Cylance is not a Snowflake customer.”

Recent breaches at Santander, Ticketmaster, and QuoteWizard/Lendingtree have also been linked to Snowflake attacks. Ticketmaster’s parent company, Live Nation, also confirmed that a data breach had affected the ticketing firm after its Snowflake account was compromised on May 20.

In a joint advisory with CrowdStrike and Mandiant, Snowflake said that attackers had used stolen customer credentials to target accounts without multi-factor authentication protection.

Today, Mandiant published a report linking the Snowflake attacks to a financially motivated cybercriminal group it tracks as UNC5537. The group gained access to Snowflake customer accounts using customer credentials stolen in infostealer malware infections from as far back as 2020.

Mandiant has been tracking UNC5537 since May 2024. The financially motivated cybercriminal group has targeted hundreds of organizations worldwide, extorting victims for financial gain.

UNC5537 Snowflake attack timeline (Mandiant)

While Mandiant has not shared much information about UNC5537, we have learned that they are part of a larger community of cybercriminals who frequent the same websites, Telegram, and Discord servers, where they commonly collaborate on attacks.​

“The impacted accounts were not configured with multi-factor authentication enabled, meaning successful authentication only required a valid username and password,” Mandiant said.

“Credentials identified in infostealer malware output were still valid, in some cases years after they were stolen, and had not been rotated or updated. The impacted Snowflake customer instances did not have network allow lists in place to only allow access from trusted locations.”

Mandiant says it has identified hundreds of customer Snowflake credentials exposed in Vidar, RisePro, Redline, Racoon Stealer, Lumm, and Metastealer infostealer malware attacks since at least 2020.

To date, Snowflake and Mandiant have notified around 165 organizations potentially exposed to these ongoing attacks.

Update June 11, 07:13 EDT: Added BlackBerry statement saying Cylance is not a Snowflake customer.

Don’t let your organization be the next target

As an expert in cybersecurity, our mission is to help protect you and your organization from cyber threats. With the increasing sophistication of cybercriminals and the prevalence of data breaches, it’s more important than ever to stay informed and take proactive steps to protect your valuable data.

Stay ahead of the game by regularly visiting our website for the latest cybersecurity news and advice. If you have any questions or concerns, don’t hesitate to contact us. Together, we can work to make the digital world a safer place for everyone.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version