Threat Actor: WebSpid3rs | WebSpid3rs
Victim: Moonton/ByteDance | Moonton/ByteDance
Price: $300,000
Exfiltrated Data Type: Game source code, IP and password data, employee credentials, domain controller dumps, server and network configurations, cloud and customer data, documentation and frameworks, server configurations and codes, client and customer data, other critical data
Key Points :
- Data breach involving Moonton/ByteDance
- Threat actor WebSpid3rs leaked mid-level data and demanded payment
- Crimson from WebSpid3rs is selling a comprehensive set of data for $300,000
A Massive Data Breach at Moonton/ByteDance
Manila, Philippines – On June 2, our team received multiple reports of a data breach involving ByteDance. Since the initial report, the team has activated its threat intelligence, continuously monitoring deep web forums and marketplaces for any activity related to this breach.
The threat actors, WebSpid3rs, leaked mid-level data on June 2 and threatened to release more sensitive information if their demands were not met within 48 hours.
During the initial investigation, Deep Web Konek obtained the following files shared by the threat actors as a preview of their attack:
- ChatServer Source Code
- RankServer Source Code
- Sendmail Tool: This file includes the email addresses of over 45,000 clients.
- LDAP Dump: A text file containing all emails and passwords of ByteDance’s Moonton company.
Manila, Philippines – On June 2, our team received multiple reports of a data breach involving ByteDance. Since the initial report, the team has activated its threat intelligence, continuously monitoring deep web forums and marketplaces for any activity related to this breach.
The threat actors, WebSpid3rs, leaked mid-level data on June 2 and threatened to release more sensitive information if their demands were not met within 48 hours.
During the initial investigation, Deep Web Konek obtained the following files shared by the threat actors as a preview of their attack:
- ChatServer Source Code
- RankServer Source Code
- Sendmail Tool: This file includes the email addresses of over 45,000 clients.
- LDAP Dump: A text file containing all emails and passwords of ByteDance’s Moonton company.
On June 27, we detected that a threat actor identified as Crimson, from the group WebSpid3rs, announced an update on the data breach involving Moonton, the developer behind the popular game “Mobile Legends: Bang Bang.” Crimson is reportedly selling a comprehensive set of data for $300,000, which includes:
- Game Source Code: Entire source code for “Mobile Legends: Bang Bang.”
- IP and Password Data: Information for 1,600 hosts, along with passwords.
- Employee Credentials: 600 emails and passwords of Moonton employees.
- Domain Controller Dumps: 2 LDAP dumps containing sensitive details such as emails, names, passwords, and permissions.
- Server and Network Configurations: Source codes for proxy servers, data gathering servers, firewalls, and network configurations.
- Cloud and Customer Data: IBM Cloud information, including secret and customer service details.
- Documentation and Frameworks: 60 universal documents and Moonton’s background logic framework.
- Server Configurations and Codes: Multiple servers’ source codes, configurations, and more.
- Client and Customer Data: 60,000 client emails.
- Other Critical Data: Various scripts, monitoring logs, and tools, along with payment secrets, service whitelists, and more than 40,000 service configurations.
Since our initial report, we have reached out to Moonton and ByteDance, but there has been no official statement regarding this breach.
Source: https://kukublanph.data.blog/2024/06/30/a-massive-data-breach-at-moonton-bytedance/