A cybersecurity company has revealed that hackers obtained data center logins for Apple and other major companies. They were also able to access surveillance cameras remotely, and the privileges they had could even have allowed physical access to servers.
Hackers gained access to two third-party data center companies used by many major companies, and from there were able to obtain customer support logins for Apple, Amazon, BMW, Goldman Sachs, Microsoft, and as many as 2,000 other companies …
Background
Although Apple has its own data centers around the world, it also makes extensive use of third-party ones like Amazon Web Services.
In Asia, Apple and others host servers on two of the continent’s largest data center operators, GDS Holdings and ST Telemedia Global Data Centers. Both companies offer what are known as colocation services, where they provide the building and the network infrastructure, and client companies can then install their own servers.
Data center logins for Apple and others
Bloomberg reports that hackers managed to compromise systems used by both companies, and from there were able to access login credentials for the customer support systems of around 2,000 of the companies who have servers hosted there.
In an episode that underscores the vulnerability of global computer networks, hackers got ahold of login credentials for data centers in Asia used by some of the world’s biggest businesses, a potential bonanza for spying or sabotage, according to a cybersecurity research firm […]
The information included credentials in varying numbers for some of the world’s biggest companies, including Alibaba Group Holding Ltd., Amazon.com Inc., Apple Inc., BMW AG, Goldman Sachs Group Inc., Huawei Technologies Co., Microsoft Corp. , and Walmart Inc., according to the security firm and hundreds of pages of documents that Bloomberg reviewed.
The attack happened back in 2021, but has only been revealed now. The report says that the customer logins were still being used as recently as January of this year. At that point, both data center companies forced password resets, which finally locked out the hackers.
Could have allowed physical access to servers
The real nightmare scenario for any company is an attacker managing to gain physical access to their servers, as there is then no limit to what they could do.
Cybersecurity firm Resecurity says that this could have happened in this case.
Resecurity and executives at four major US-based companies that were affected said the stolen credentials represented an unusual and serious danger, primarily because the customer-support websites control who is allowed to physically access the IT equipment housed in the data centers […]
The physical security of IT equipment in third-party data centers and the systems for controlling access to it represent vulnerabilities that are often overlooked by corporate security departments, said Malcolm Harkins, former chief security and privacy offer of Intel Corp. Any tampering of data center equipment “could have devastating consequences,” Harkins said.
Physical access may have been made easier by the fact that the hackers were able to access surveillance cameras at one of the companies.
The hackers also stole credentials for GDS’s network of more than 30,000 surveillance cameras, most of which relied on simple passwords such as “admin” or “admin12345,” the documents show.
Most of the companies contacted by Bloomberg declined to comment. This included Alibaba, Amazon, Huawei, and Walmart. Apple didn’t respond to multiple requests for comment.
A few companies said that they do not believe customer data was accessed, and that they can see no impact on their business. BMW said that the attack had “a very limited impact.”
Both data center operators admitted that the breaches had occurred, but of course played down the severity.
FTC: We use income earning auto affiliate links. More.
