Table Of Content
SOCRadar's Response to the USDoD’s Claim of Scraping 330 Million EmailsWhat Exactly Happened in This Incident?Is There a Risk to SOCRadar’s Customers?Which Data Was Allegedly Leaked?How Did the Threat Actor Access the Data?Was There a Breach of SOCRadar’s Security Systems?Why is Cybersecurity Companies Like SOCRadar Targeted?What Measures Has SOCRadar Taken in Response?What Should SOCRadar’s Customers and Partners Do?What is SOCRadar’s Commitment Moving Forward?
Home
Resources
Blog
Aug 05, 2024
4 Mins Read
TL;DR
- The claim that the threat actor extracted the data from the SOCRadar platform is inaccurate and does not reflect the true source of the information.
- In reality, they acquired public Telegram channel names through the SOCRadar Platform, then proceeded to scrape publicly available data from these public Telegram channels.
- They manipulated this information to create the false impression that it originated from SOCRadar.
- We’ve compiled a comprehensive report with all pertinent details for our customers and partners. To access this report, contact us at [emailprotected].
What Exactly Happened in This Incident?
Recently, a threat actor identified as USDoD posted a claim on an online forum, alleging the breach and leak of over 330 million email addresses, supposedly attributed to SOCRadar. This prompted an immediate investigation by SOCRadar’s security team.
The investigation revealed that SOCRadar’s internal systems were not breached. The threat actor acquired a license from SOCRadar under a legitimate company name, providing access to the platform similar to any other customer. With this account, the actor could search for well-known domain names, collect Telegram channel names, and crawl these channels to harvest email addresses.
It is important to note that no technical vulnerabilities in the SOCRadar platform were exploited. The actor merely utilized functionalities inherent in the platform’s standard offerings, designed to gather information from publicly available sources. This incident highlights a significant issue in information ethics and security: distinguishing between legitimate use and potential misuse.
Is There a Risk to SOCRadar’s Customers?
Following an in-depth analysis of the situation, it has been determined that no access was granted to customer data or critical information. Our findings confirm no data breach involving our customers or SOCRadar’s internal systems.
While the collected data does not present an immediate risk, we maintain close contact with law enforcement and closely monitor the situation as it evolves.
Which Data Was Allegedly Leaked?
The threat actor used our platform to identify Telegram channel names and subsequently crawled these channels to collect email addresses. We have verified that these email addresses were sourced from publicly accessible channels.
How Did the Threat Actor Access the Data?
The threat actor purchased a Dark Web license using a legitimate company account, granting them access to SOCRadar’s platform like any other customer. While technically compliant with our Terms of Service, this method did not adhere to our intended use policies.
Was There a Breach of SOCRadar’s Security Systems?
Our comprehensive investigation concluded that SOCRadar’s security systems were not breached or vulnerabilities were exploited. The threat actor utilized our platform by the Terms of Service but in a manner that did not align with our intended use policies.
Why is Cybersecurity Companies Like SOCRadar Targeted?
Cybersecurity vendors, including KnowBe4, CrowdStrike, and SOCRadar, have recently faced increased attacks from threat actors. These companies are leaders in the fight against cyber threats and enhancing cybersecurity for organizations, making them prime targets for malicious actors seeking to exploit their resources.
What Measures Has SOCRadar Taken in Response?
In response to this incident, SOCRadar is conducting a comprehensive security review. This includes enhancing our monitoring systems to detect anomalies and reinforcing the security of our platform to prevent misuse of legitimate features that could lead to unauthorized actions.
What Should SOCRadar’s Customers and Partners Do?
Currently, no specific actions are required from our customers or partners.
What is SOCRadar’s Commitment Moving Forward?
SOCRadar remains committed to our clients’ security and privacy. We are taking proactive measures, including upgrading our monitoring and access controls, to prevent future misuse.
We also collaborate with law enforcement to ensure all necessary actions are taken. We value transparency and will keep our clients and the security community updated with any significant developments.
A detailed post-mortem analysis report has been prepared for SOCRadar customers and partners. Those wishing to access the report can request it by emailing [emailprotected].
Related Articles
August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation
Aug 14, 2024
Critical Vulnerabilities in Progress WhatsUp Gold, Jenkins Could Lead to RCE Attacks (CVE-2024-4885, CVE-2024-43044)
Aug 08, 2024
Unlocking the Future of Cybersecurity: SOCRadar’s Advanced AI Training Returns
Aug 08, 2024
SOCRadar Recognized in Gartner Report on Digital Risk Protection Services and External Attack Surface Management Again
Aug 07, 2024
Major Cyber Attacks in Review: July 2024
Aug 06, 2024
Subscribe to our newsletter and stay updated on the latest insights!