The notorious threat actor, IntelBroker, allegedly claimed responsibility for leaking internal communications from Deloitte, a leading global auditing firm.
The breach reportedly occurred in September 2024, when an Apache Solr server was inadvertently exposed to the internet with default login credentials, allowing unauthorized access.
Deloitte, known for its extensive work in auditing and consulting, found itself vulnerable due to this oversight.
The compromised data includes email addresses, internal settings, and communications between intranet users.
IntelBroker, who is associated with the BreachForums community, shared proof of access to these sensitive communications on the platform.
BreachForums has been a hub for cybercriminals since its inception. It emerged as a successor to RaidForums, facilitating the trade of stolen data and hacking tools.
Despite law enforcement efforts leading to multiple site seizures, the site continues to resurface under different guises. IntelBroker is a prominent figure within this community and is known for orchestrating several high-profile breaches.
The breach was facilitated by exploiting an Apache Solr server that Deloitte had left unsecured.
Apache Solr is an enterprise search platform used by many organizations worldwide. Vulnerabilities in such systems can lead to severe security breaches if not properly managed.
As organizations continue to rely heavily on digital infrastructures, ensuring these systems are secure against unauthorized access is paramount.
Cyber Security News reached out to Deloitte, seeking more information about the claim.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial