Inside the Breach: Unmasking the Types of Data Breaches Targeting Tech Companies

6 minute read

May 2023

by cybergrx

Without question, technology has revolutionized how we do business today. But with great power comes great responsibility– and the technology industry is no exception. As we’ve seen time and time again, hackers and cybercriminals are constantly on the prowl, searching for vulnerabilities to exploit and data to steal. 

No tech company is immune to their attacks, and the headlines are filled with stories of significant data breach examples. In this piece, we’ll take a deep dive into some of the most recent and noteworthy breaches in the tech industry, exploring how they happened, plus offer data breach prevention tips to protect your tech organization from similar threats. So, buckle up and get ready to learn how to stay one step ahead of cybercriminals.

Five Technology Data Breach Examples

3CX

Our first data breach example made recent headlines– the 3CX incident. This communication software company was infected with malware after an employee downloaded a compromised version of the financial trading software, X_Trader, and malicious actors then infiltrated 3CX’s desktop applications. 

According to reports, 3CX first became aware they’d been hacked when customers started experiencing cybersecurity tool warnings for their software. Upon deeper investigation, the 3CX team discovered that malicious actors used the compromised software to infect their Windows and macOS build environments with malware. Then, they used their access to push trojanized software to the company’s customers. 

The significance of this incident: one software supply chain attack (X_Trader) led to another, the 3CX breach. The scope of the attack is not yet known, but it is feared it could have a similar SolarWinds domino effect, with an unforeseen number of downstream customers at risk of compromise.

Twilio

In 2022, messaging service Twilio was hit by two cyberattacks within three months. According to the company, malicious actors compromised the information of a “limited number” of customers. 

Attackers gained access via voice phishing or making fraudulent phone calls to employees — cybercriminals pretended to be the company’s IT department and asked users to verify their credentials. In the case of Twilio, this method was successful: The employee provided their account credentials, and hackers compromised customer data. 

Mailchimp

On January 11th, 2023, the marketing automation platform Mailchimp discovered the unauthorized use of a support and account administration tool. Investigations revealed a social engineering attack that targeted both Mailchimp employees and contractors. Once attackers obtained these credentials, they used them to access 133 Mailchimp accounts. 

Slack

With more than 18 million users worldwide, Salesforce-owned Slack remains a popular tool for workplace collaboration. However, on New Year’s Eve 2022, Slack announced a security breach that saw several of its externally hosted GitHub repositories accessed and downloaded by attackers.

According to Slack, the attack occurred after a limited number of employee tokens were stolen, which allowed access to the code repositories. 

Okta

Authentication, Identity, and Access Management (IAM) provider Okta also suffered a GitHub attack in late 2022. Unlike Slack, however, Okta had the source code of its Workforce Identity Cloud (WIC) application accessed and stolen. While the company said that no unauthorized access to critical Okta services occurred, it declined to provide any data on how the attack happened or who was responsible.

Types of Data Breaches and Common Attack Patterns

While attackers have many options for compromising company systems, there is a recurring theme in the types of data breaches and attack patterns bad actors use more frequently: phishing, zero-day exploits, and security misconfigurations. Here’s a look at each in more detail. 

Phishing

Phishing attacks rely on attackers convincing users to provide their credentials, which are then used to gain account access. The most common phishing vector is email — malicious actors send emails that demand immediate action from users, such as replying with credential details or supplying these details via spoofed websites. 

Phishing works because humans want to help. If attackers can convince users that emails come from a legitimate source, such as IT departments, third-party vendors, or management staff, employees are inclined to assist and may accidentally put networks at risk.

Zero-Day Exploits

Zero-day exploits are undetected vulnerabilities or weak points in network defenses. They may fly under the security radar for months or years until hackers discover and exploit them, leaving companies scrambling to take action. Consider the 2021 LinkedIn zero-day attack, affecting over 90% of the social business platform’s user base. To discover zero-day exploits, attackers often compromise networks and bide their time observing until they find a likely path to compromise. 

Security Misconfigurations

Security misconfigurations occur when protective processes and controls aren’t effectively implemented on devices, networks, or applications. One of the most common misconfigurations is using default usernames and passwords for connected devices such as routers or network controllers. For example, many devices have factory settings that set the username to “admin” and the password to “password” — or leave the password field blank. Forgetting to change these details leaves devices open to compromise. Also common is the use of public, unencrypted databases to store information. The danger here is data may be accidentally uploaded to these storage solutions, or companies may not realize that uploaded data contains sensitive information. 

Put simply, these patterns remain popular because they consistently deliver success. Phishing attacks look to circumvent IT-based defenses in favor of more straightforward human compromise, while zero-day exploits offer attackers the element of surprise. Misconfigurations, meanwhile, are problematic because IT teams may believe they’ve taken the proper steps to protect networks, only to discover that attackers have found unexpected loopholes.

What to Look for – Signals of an Impending Data Breach

While detecting every attack and preventing every compromise is impossible, businesses can significantly reduce their risk by knowing what to look for — and how to spot it — on their networks.

Common characteristics of phishing attacks include odd user behaviors such as high-volume downloads in a short period, or attempts by registered users to access different systems or solutions. To help reduce the risk of a successful phishing attack, enhance vendor credential management, conduct regular employee training, and test staff awareness with simulated attacks. Companies can also prevent hackers with stolen credentials from gaining access by implementing two- or multi-factor authentication for vendor accounts. 

Zero-day exploits may be harder to spot because companies lack prior knowledge about these threats. Here, robust network monitoring tools can help pinpoint odd behavior that may indicate an issue. For example, suppose intrusion detection tools notice large amounts of data being moved out of secure repositories or a significant uptick in resource calls to specific services. In that case, this may indicate a previously unknown threat vector. By watching for odd behavior, limiting the impact of a zero-day attack is possible.

For security misconfigurations, knowing what to look for may be more difficult. These misconfigurations often occur as a result of system familiarity. Consider an IT team with years of experience building and streamlining company network environments. While this experience provides a high level of expertise, it can also act as a blind spot when new services — such as cloud-based software or IoT device connections — are added to the network. The result is an assumption of security, which may lead to compromise. 

Third-Party Data Breach Prevention

What is the common thread across our data breach examples? Third parties.

In the case of Slack and Okta, for example, the use of the third-party service GitHub puts them at risk. Meanwhile, 3CX, Twilio, and Mailchimp’s positions as third-party providers for other companies put those organizations at risk.

The challenge? You can’t prepare for what you can’t see. And, when a third party has been breached, you don’t have time to go back and reference answers to your assessment questionnaire– you need real-time insights into your vulnerabilities immediately. To solve this dilemma, CyberGRX’s Portfolio Risk Findings leverages attested and predictive risk data, which can be applied to an industry framework, such as PCI DSS, HIPPA, or to a threat profile to understand which controls matter to that specific event and which vulnerabilities are most susceptible to being exploited. 

Watch more in this short video:

With Portfolio Risk Findings, you’re able to pinpoint your riskiest vendors and quickly identify your vulnerabilities so you can take action before a compromise of your network occurs. 

Summary

Technology firms aren’t immune to attacks. While zero risk is impossible, you can reduce the likelihood and impact of such incidents through effective data breach prevention measures. By implementing a comprehensive security strategy, identifying your third-party risks, and understanding the potential impact should a vendor experience a data breach, you’ll be better equipped to protect your organization’s data. 

To learn more about the third-party risk management solutions that CyberGRX offers, book a free demo today.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.