More than 8,200 databases have been stolen by a hacker named NightLion from the backend servers of U.S. based cyber security firm Night Lion Security that offers data leak monitoring services to companies.
The theft of thousands of databases from Night Lion Security's backend servers was announced by the hacker himself in an email addressed to several cyber security reporters earlier today. The email contained a link to a dark web portal that contained details of the intrusion into Night Lion Security's servers.
NightLion claimed that the 8,225 databases were taken from the cyber security firm's DataViper, a data leak monitoring service after the hacker gained access to DataViper's backend. The dark web site contains proof of the hacker's access to the server as well as 482 downloadable JSON files taken from the breached servers.
According to ZDNet who analysed the hacker's email and the dark web portal, the hacker spent up to three months inside DataViper servers and is now selling fifty of the biggest stolen databases on the Empire dark web marketplace.
Hacker only accessed an old dev server belonging to the cyber security firm
Vinny Troia, a well-known cyber security researcher who runs Night Lion Security, told ZDNet that the DataViper server that the hacker gained access to was a test instance, that data stored in the stolen databases indexed to DataViper had been public for many years, and some of the data had been obtained from the same communities of hackers to which hacker NightLion belongs.
"When people think they are above the law, they get sloppy. So much so they forget to look at their own historical mistakes. I literally detailed an entire scenario in my book where I allowed them to gain access to my web server in order to get their IPs. They haven't learned. All they had access to was a dev environment," said Troia.
"Much like the grey Microsoft hack which they recently took credit for, all they had was some source code that turned out to be nothing special, but they hyped it anyway hoping to get people's attention. These are the actions of scared little boys pushed up against a wall facing the loss of their freedom," he added.
Troia also went public on Twitter, questioning the timing of the "hack". "I can’t imagine who would want to discredit me only 3 days before I give a talk linking them to 40% of all non CC breaches since 2017.
"Re the ”sale” of data, a little research will show that most of these items are old /were turned into @troyhunt months ago. All the data either came from #GnosticPlayers, @sh_corp or NSFW, who happen to all be the same group. For those interested to know how, see you Wed!
"For anyone looking for a public statement about Data Viper. This “hack" only proves that i have struck a nerve and my talk next week is spot on. As for anything "stolen”, nothing was. All that was accessed was an old dev server. Databases? Nope," he added.
Organisations must segment and isolate sensitive data to prevent breaches
Commenting on the "revenge attack" targeting Night Lion Security, Jamie Akhtar, CEO and co-founder of CyberSmart, says that organisations should ensure they are only storing the data they need and have effective controls in place to prevent compromise including the most common issues with outdated applications and operating systems.
"We would expect this from a cyber security firm but breaches can happen through a single user error. Additionally, segmentation and isolation should be in place wherever possible rather than creating a single data lake, and more modern approaches such as resource-based authorisation should be adopted," he adds.