Hacker Leaks Telefónica Data Allegedly Stolen in New Breach
A shocking development has emerged in the world of cybersecurity, as a hacker known by the handle "Rey" from the Hellcat Ransomware group claims to have stolen 106GB of data from Spanish telecommunications company Telefónica. The breach allegedly occurred on May 30 and is believed to have been carried out using a misconfiguration of Telefónica's internal Jira development and ticketing server.
The hacker, Rey, shared a sample and file tree of the allegedly stolen data with BleepingComputer, revealing that it includes sensitive information such as internal communications, purchase orders, customer records, employee data, and invoices to business clients in multiple countries. Some of the files include email addresses for employees in Spain, Germany, Peru, Argentina, and Chile, as well as invoices for business partners or customers in European countries.
The breach is significant not only because of the sheer amount of data involved but also due to the fact that it appears to be a new incident, rather than an old leak. The hacker claims that they had 12 hours of uninterrupted data exfiltration before defenders revoked access, and has been threatening to release the full archive unless Telefónica provides an official statement.
However, when BleepingComputer reached out to Telefónica for comment, the company denied any knowledge of the breach. The only response received from a Telefónica O2 employee was that the incident was an extortion attempt using outdated information from a previously known incident.
Rey, the hacker claiming responsibility for the attack, is a member of the Hellcat Ransomware group, which has been involved in several high-profile breaches in the past. The group has claimed compromises at Swiss global solutions provider Ascom, Jaguar Land Rover, Affinitiv Schneider Electric, and Orange Group.
The breach highlights the growing sophistication of cloud attacks, as well as the ease with which attackers can exploit vulnerabilities in corporate systems. According to Wiz's detections across thousands of organizations, some common techniques used by cloud-fluent threat actors include:
- Predictable password usage
- Weak multi-factor authentication
- Credentials stored insecurely
- Lack of regular software updates
- Misconfigured access controls
- Social engineering tactics
- Insufficient monitoring and logging
- Poor incident response planning
As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and take proactive measures to protect their systems from these types of attacks.