IdeaLab confirms data stolen in ransomware attack last year

IdeaLab confirms data stolen in ransomware attack last year

IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information.

Although the organization does not describe the type of attack, the Hunters International ransomware group has claimed the breach and leaked the stolen data on the dark web.

IdeaLab is a California-based technology startup incubator that since 1996 has launched over 150 companies, including GoTo.com, CitySeach, eToys, Authy, Pet.net, Heliogen, and Energy Vault.

Being one of the longest-running and influential venture capital firms in the U.S., the company has generated considerable economic impact, job creation, and investment value.

On October 7, 2024, IdeaLab detected suspicious activity on its network. Upon investigation, it was determined that threat actors had gained unauthorized access to its systems three days earlier.

The company contracted third-party services to help with the investigation, which finished on June 26 this year.

The results confirmed that data had been stolen from its systems, impacting current and former employees, current and former support service contractors, and their dependents.

In the sample notification shared with authorities, IdeaLab did not describe all the information exposed in the incident, saying only that the hackers accessed only names in combination with various other types of data.

On October 23, 2024, likely after a failed extortion attempt, Hunters International disclosed the data stolen from IdeaLab.

IdeaLab's data leaked on the Hunters International website
IdeaLab data leaked on the Hunters International website
Source: BleepingComputer

The leak contains 137,000 files totaling 262.8 GB in size. At the time of writing, the download link no longer works, but it’s very likely that multiple threat actors downloaded the files earlier.

Earlier today, the threat actor announced that they’re shutting down Hunters International and deleted all company entries and files from its extortion portal. The hackers offered to share free decryption keys for all their victims.

However, this may be part of a rebrand attempt, as researchers at cybersecurity company Group-IB in April said the threat actor launched a new, extortion-only operation called World Leaks.

To protect against the risks that arise from this incident, the notification recipients are offered free-of-charge coverage for a 24-month credit protection, identity theft, and dark web monitoring services through IDX. Impacted individuals are given until October 1 to enroll.

Tines Needle

While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques.

Drawing from Wiz’s detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.


Source link