Hackers Leak Global Companies’ Data Center Login Details

Hackers have gained and released data center login credentials of more than 2,000 businesses, including Fortune 500 companies like Walmart, Apple, and Amazon. This allowed hackers to masquerade as authorized users on the customer support sites for these data centers.

According to the report from Resecurity, the initial breach occurred back in September 2021, affecting Shanghai-based GDS Holdings Ltd and Singapore-based ST Telemedia Global Data Centres.

After holding the login credentials for more than a year, hackers initially posted the data for sale on the dark web for $175,000. On Monday, the data dump was instead released in its entirety for free. Companies such as Goldman Sachs, Alibaba, Baidu, Huawei, PayPal, and thousands of others use these credentials to access customer support for their rented data center space and equipment.

Unauthorized access to these accounts presents a unique threat. A hacker could potentially give themselves free physical access to the servers housed within these data centers. From there, they could easily steal sensitive data or install malware.

ST Telemedia Global Data Centres and GDS Holdings Ltd. forced password changes for all of their clients in January. However, as the exposed data also included email addresses, it still offers valuable targets for phishing emails. This is because the employees behind these email addresses tend to have high-level access to sensitive areas of their company network.

Bloomberg followed up on the report by reaching out to the people over at Microsoft and was assured by a spokesperson that the company “regularly monitors for threats that could impact Microsoft and when potential threats are identified we take appropriate action to protect Microsoft and our customers”.

A similar response came from BMW, who assessed the situation and clarified that “the issue has a very limited impact on BMW businesses and has caused no damage to BMW customers and product related information.”

ST Telemedia Global Data Centres put up a statement criticizing Bloomberg’s coverage as “materially inaccurate and serve only to motivate future activities by threat actors within the critical digital infrastructure sector.” The Singapore-based data management company also clarified that “any purported stolen user credentials for our customer service portals do not pose risks for either our data center operations nor our customer IT systems and data.”