Tokyo Olympics’ ticket booking credentials posted by hackers on the dark web

Tokyo Olympics’ ticket booking credentials posted by hackers on the dark web

Tokyo Olympics ticket booking credentials posted by hackers on the dark web

The Tokyo 2020 International Communications Team has termed false a report which stated that the Tokyo Olympics ticket portal leaked the user IDs and passwords of several fans, which were then posted on the dark web.

On Wednesday, Kyodo News quoted a government official to claim that user IDs and passwords stored in the Tokyo Olympics ticket portal were accessed by hackers who then posted the data on a dark web forum. The official told Kyodo News that the breach could enable malicious actors to obtain the names, addresses, and bank account details of ticket-bookers. The hackers, according to Kyodo News’ source, used the RedLine malware and other info-stealers to steal the data records.

The government official added that Tokyo Olympics organising body is presently investigating the data breach. The Tokyo 2020 International Communications Team, however, refuted the report altogether. In a statement to ZDNet, a spokesperson from the team said, “We are aware of the incident and, after checking the facts, we can confirm that this was not a leak from Tokyo 2020’s system.

“While we have been liaising with the government and other relevant organisations on a regular basis, we have already taken measures in the form of password resets to limit any damage for the very limited number of IDs detected in this case based on the information supplied by the government,” he added.

Based on the official’s statement, it is now clear that certain user IDs and passwords were certainly exposed to malicious actors and may have been misused, but the breach did not involve the compromise of a system operated by the organisers of Tokyo 2020.

“Any data breach is a big problem for the impacted organisation. Not only is their reputation at stake, but they also need to find out what happened, who is impacted, and notify them so that further issues can be avoided,” says Boris Cipot, a senior security engineer at Synopsys Software Integrity Group.

“It is known that login data, such as user ID and passwords, has been leaked. Although this data may not be considered critical by itself, it can be problematic if the attackers combine use this data to access users’ accounts. In this case, the exposed data extends to user names, passwords, financial data, etc.

“These types of credentials are often used for scamming the user to hand out further data, either with targeted or general phishing attacks. As there are officials amongst the ticket holders, there is the possibility of a targeted attack.

“It would be advisable for Olympic Games ticket holders to change their passwords across all other platforms they use, especially if they have reused the same password for multiple accounts. Another recommendation would be to avoid clicking links in emails, filling out forms, or opening attachments, especially from unknown or untrusted sources he added.

Also Read: Russia’s GRU targeted Tokyo Olympics officials, says UK govt

Copyright Lyonsdown Limited 2021

Top Articles

Windows has been the most popular ransomware target, report finds

Windows is being threated by ransomware attacks from different regions, like Irael, South Korea, Vietnam and China being the pack leaders.

The expert view: keeping the hackers at bay

It is important to assess risk appetite, carry out due diligence on third parties and rank them according to risk.

Legitimate Ways to Make Money with Cryptocurrency

There is always a that numerous cryptocurrency are actually scams. But, there are methods you can use to make money with cryptocurrencies.

Related Articles

[s2Member-Login login_redirect=”” /]