SOCRadar's Response to the USDoD’s Claim of Scraping 330 Million Emails - SOCRadar® Cyber Intelligence Inc. (2024)

TL;DR

What Exactly Happened in This Incident?

Recently, a threat actor identified as USDoD posted a claim on an online forum, alleging the breach and leak of over 330 million email addresses, supposedly attributed to SOCRadar. This prompted an immediate investigation by SOCRadar’s security team.

The investigation revealed that SOCRadar’s internal systems were not breached. The threat actor acquired a license from SOCRadar under a legitimate company name, providing access to the platform similar to any other customer. With this account, the actor could search for well-known domain names, collect Telegram channel names, and crawl these channels to harvest email addresses.

It is important to note that no technical vulnerabilities in the SOCRadar platform were exploited. The actor merely utilized functionalities inherent in the platform’s standard offerings, designed to gather information from publicly available sources. This incident highlights a significant issue in information ethics and security: distinguishing between legitimate use and potential misuse.

Is There a Risk to SOCRadar’s Customers?

Following an in-depth analysis of the situation, it has been determined that no access was granted to customer data or critical information. Our findings confirm no data breach involving our customers or SOCRadar’s internal systems.

While the collected data does not present an immediate risk, we maintain close contact with law enforcement and closely monitor the situation as it evolves.

Which Data Was Allegedly Leaked?

How Did the Threat Actor Access the Data?

The threat actor purchased a Dark Web license using a legitimate company account, granting them access to SOCRadar’s platform like any other customer. While technically compliant with our Terms of Service, this method did not adhere to our intended use policies.

Was There a Breach of SOCRadar’s Security Systems?

Our comprehensive investigation concluded that SOCRadar’s security systems were not breached or vulnerabilities were exploited. The threat actor utilized our platform by the Terms of Service but in a manner that did not align with our intended use policies.

Why is Cybersecurity Companies Like SOCRadar Targeted?

Cybersecurity vendors, including KnowBe4, CrowdStrike, and SOCRadar, have recently faced increased attacks from threat actors. These companies are leaders in the fight against cyber threats and enhancing cybersecurity for organizations, making them prime targets for malicious actors seeking to exploit their resources.

What Measures Has SOCRadar Taken in Response?

In response to this incident, SOCRadar is conducting a comprehensive security review. This includes enhancing our monitoring systems to detect anomalies and reinforcing the security of our platform to prevent misuse of legitimate features that could lead to unauthorized actions.

What Should SOCRadar’s Customers and Partners Do?

Currently, no specific actions are required from our customers or partners.

What is SOCRadar’s Commitment Moving Forward?

SOCRadar remains committed to our clients’ security and privacy. We are taking proactive measures, including upgrading our monitoring and access controls, to prevent future misuse.

We also collaborate with law enforcement to ensure all necessary actions are taken. We value transparency and will keep our clients and the security community updated with any significant developments.

A detailed post-mortem analysis report has been prepared for SOCRadar customers and partners. Those wishing to access the report can request it by emailing [emailprotected].

Subscribe to our newsletter and stay updated on the latest insights!