Posted on July 15, 2020 at 11:06 AM
Data of 2000,000 Users from Citrix Hacked and Offered for Sale
Lax security measures are allowing hackers to infiltrate systems and steal very important information and data from systems and servers. Just yesterday, a hacker was reportedly selling data files of more than 142 million MGM customers. Today, a hacker is selling stolen data of about two million users from Citrix.
Citrix Systems is a software firm with several locations in multiple countries. As a big software company, its customers include large corporations, government, and military organizations.
The hacker is putting up the alleged stolen data of 2 million users for sale and offering the entire data for $20,000.
Leaked data does not contain passwords
The hacked data contains information such as full names of the user, physical address details, company name, email addresses, as well as phone numbers. However, it does not contain passwords. Although the hacked data doesn’t contain any details about passwords, other information may be relevant for the buyer to carry out social engineering attacks and phishing campaigns.
However, it has not been confirmed yet whether the stolen data was from Citrus or whether it was part of the data from last year’s breach on Citrix. In March last year, California-based Software Company suffered a data breach as an Iranian group hacked about 6 TB of data from the company’s database.
A new hacking incident
UnderTheBreach released a screenshot on its Twitter handle which showed someone engaging in conversation with the hacker on the hacking incident.
Actor claiming he hacked https://t.co/WIVfa2c5B6 (@citrix) and is now selling a database containing information on 2,000,000 users.
— Under the Breach (@UnderTheBreach) July 14, 2020
Asking price: $20,000.
cc: @fjserna pic.twitter.com/p0tdNuJDVo
In the screenshot, the user was asking the hacker to show proof of the hack. In response, the hacker sent two screenshots to the user as confirmation of the breach.
But the actual breach has not been verified by security researchers, although there are some clues into the incident.
When the Citric server was exposed last year, the company didn’t know the extent of details stolen.
The data could be part of the breach that occurred last year, although that has not been confirmed too.
But in February, Citrix informed the public that the 2019 data breach began in late 2018, as the hackers stayed undetected in the company’s system for five months. Citrix said it wasn’t aware of the breach until after six months.
Breach suffered last year
In a letter sent to the Attorney general in California, Citrix said the hacker had “intermittent access” to its network. According to the software firm, the hacking group infiltrated the company’s server on October 13, 2018, until March 8, last year, just two days after the FBI informed Citrix about the breach.
Shortly after the Citrix discovered the 2019 breach, the firm released a statement indicating that the hackers only stole business documents. Later, Citrix said the breach data may have included names, some financial information, and Social Security numbers of the users.
In a later update in April, the company revealed that the attack was possibly a result of password spraying common among attackers for breaching servers and systems. Citrix said the accounts mostly affected are those that have not used the two-factor authentication to protect their account.
But what is not clear is whether the data of 2 million users offered for sale is part of the 2019 breach. There will be surely updates on the situation as details about the files offered on the darknet are known.
Staying protected
Security researchers have always advised users how they can protect their data and details even if their accounts were part of a deal. The first step is to change all the user’s login details to make sure the stolen data is useless. Another approach is to avoid releasing sensitive information online, especially when registering with a company. Taking drastic security measures will help to protect users against hackers and other third parties.
