Tokyo Olympics’ ticket booking credentials posted by hackers on the dark web

Tokyo Olympics’ ticket booking credentials posted by hackers on the dark web

Tokyo Olympics ticket booking credentials posted by hackers on the dark web

The Tokyo 2020 International Communications Team has termed false a report which stated that the Tokyo Olympics ticket portal leaked the user IDs and passwords of several fans, which were then posted on the dark web.

On Wednesday, Kyodo News quoted a government official to claim that user IDs and passwords stored in the Tokyo Olympics ticket portal were accessed by hackers who then posted the data on a dark web forum. The official told Kyodo News that the breach could enable malicious actors to obtain the names, addresses, and bank account details of ticket-bookers. The hackers, according to Kyodo News’ source, used the RedLine malware and other info-stealers to steal the data records.

The government official added that Tokyo Olympics organising body is presently investigating the data breach. The Tokyo 2020 International Communications Team, however, refuted the report altogether. In a statement to ZDNet, a spokesperson from the team said, “We are aware of the incident and, after checking the facts, we can confirm that this was not a leak from Tokyo 2020’s system.

“While we have been liaising with the government and other relevant organisations on a regular basis, we have already taken measures in the form of password resets to limit any damage for the very limited number of IDs detected in this case based on the information supplied by the government,” he added.

Based on the official’s statement, it is now clear that certain user IDs and passwords were certainly exposed to malicious actors and may have been misused, but the breach did not involve the compromise of a system operated by the organisers of Tokyo 2020.

“Any data breach is a big problem for the impacted organisation. Not only is their reputation at stake, but they also need to find out what happened, who is impacted, and notify them so that further issues can be avoided,” says Boris Cipot, a senior security engineer at Synopsys Software Integrity Group.

“It is known that login data, such as user ID and passwords, has been leaked. Although this data may not be considered critical by itself, it can be problematic if the attackers combine use this data to access users’ accounts. In this case, the exposed data extends to user names, passwords, financial data, etc.

“These types of credentials are often used for scamming the user to hand out further data, either with targeted or general phishing attacks. As there are officials amongst the ticket holders, there is the possibility of a targeted attack.

“It would be advisable for Olympic Games ticket holders to change their passwords across all other platforms they use, especially if they have reused the same password for multiple accounts. Another recommendation would be to avoid clicking links in emails, filling out forms, or opening attachments, especially from unknown or untrusted sources he added.

Also Read: Russia’s GRU targeted Tokyo Olympics officials, says UK govt

Copyright Lyonsdown Limited 2021

Top Articles

Top 6 Mobile App-Related Data Breaches

Smartphones are a prevalent feature in modern life. With more than three billion smartphone users around the world, who downloaded over 200 billion apps in 2019, it comes as no…

Cyber-security blind spots in PaaS and IaaS environments

Research finds that 100% of companies experienced a security incident, but continue to expand their footprint

Popping the hood on deep learning

Now that cyber-criminals have learned how to compromise machine learning defences, deep learning provides a way forward for security teams

Related Articles

[s2Member-Login login_redirect=”” /]