Cylance verifies the authenticity of data available for purchase on the dark web

Threat Actor: Sp1d3r | Sp1d3r
Victim: Cylance | Cylance
Price: $750,000
Exfiltrated Data Type: Customer and employee emails, customer/prospect email and PII, products used by organizations, sales prospect list with activity status, Cylance partners list, and users list.

Additional Information:

  • The stolen data includes 34 million customer and employee emails, customer/prospect email and PII, products used by organizations, sales prospect list with activity status, Cylance partners list, and users list.
  • BlackBerry is aware of the potential data breach and is investigating the alleged incident.
  • No current Cylance customers are impacted, and no sensitive information is involved.
  • The stolen data appears to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio.
  • Cylance is not a Snowflake customer, so the data was not obtained from the cloud data platform Snowflake.

A threat actor, that goes online with the moniker Sp1d3r, is selling the stolen data for $750,000. The data includes 34 million customer and employee emails, customer / prospect email and PII, products used by organizations, sales prospect list with activity status, Cylance partners list and users list.

BlackBerry told several media outlets that it’s aware of the potential data breach and is investigating the alleged incident.

The company states that data was stolen from a third-party platform and appears to be old.

“Based on our initial reviews of the data in question, no current Cylance customers are impacted, and no sensitive information is involved,” BlackBerry told SecurityWeek. “The data in question was accessed from a third-party platform unrelated to BlackBerry and appears to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio.”

“We continue to monitor this situation closely and will take all necessary precautions to maintain the integrity of our products and systems and the trust of our customers,” it added

While several experts believe attackers may have obtained the data from the cloud data platform Snowflake, Cylance pointed out that it is currently not a Snowflake customer.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)



Original Source: https://securityaffairs.com/164441/data-breach/cylance-data-sale.html