Posted on July 22, 2021 at 8:36 PM
IDs and passwords of some Tokyo 2020 Olympic and Paralympic Games holders are believed to have been leaked online.
According to the report from a government official, who wants to stay anonymous, the Organizing Committee for the Tokyo Olympics has started investigating the situation.
However, a spokesperson from the Tokyo 2020 International Communications Team stated that the earlier information from the Japanese government official was not correct.
“[…] after checking the facts, we can confirm that this was not a leak from Tokyo 2020’s system,” the spokesperson noted.
The spokesperson added that the organizing committee had already taken measures to protect their systems by resetting passwords to limit the damage the attack may cause to the exposed IDs.
The leak was not large
While any data leak can have a heavy impact on the victimized organization, smaller leaks are less likely to cause many problems compared to massive breaches. In this situation, the spokesperson stated that the leak was not large.
As the name implies, the Tokyo 2020 Olympics was billed to take place last year, but the organizers had to shift it to July/August this year because of the Covid-19 pandemic. Threat actors generally take advantage of a major event like this to launch attacks and try to steal data.
The recent attack on the Olympics volunteers is a pointer that threat actors are always ready to launch attacks at any time.
The data breach seems to have been caused by someone accessing an unauthorized smartphone or computer, according to reports.
Last year, six Russian intelligence officers were arrested and charged in the U.S. for an alleged global computer hacking operation, including during the 2018 Winter Olympics Games in Pyeongchang.
Russian military intelligence linked in the previous attack
The U.S. authorities say the intelligence officers unleashed “Olympic Destroyer”, a corrupted software to disrupt the Opening Ceremony of Pyeongchang. 2028.
The Russian military intelligence service has been warned previously by the National Cyber Security Center NCSC. It was alleged that the accused carried out cyberattacks against sponsors, logistic services, and organizers of the Tokyo 2020 Olympics to sabotage or obstruct the event.
Presently, the Olympics is in full swing, but it’s being held without the presence of supporters to cheer their compatriots.
Organizers in Japan claimed the leak will not impact the games in any way, and they have set an extensive cybersecurity infrastructure against any further attempt.
Earlier today, the organizers held a program for 220 “ethical hackers”. The main goal of the program was to fight potential threat actors. But it seems the “black” hackers are not perturbed and are serious about causing commotion during the games.
The breach is news the organizers would have loved to avoid after revealing that fans will not be allowed for the games. Japan called a state of emergency this month due to the increased level of Covid-19 spread in the country. As a result, it affected those who want to travel to Tokyo as supporters.
Initially, the organizers were considering allowing about $10,000 domestic spectators to the event. But the multi-sport event will now be observed behind closed doors, with only television viewership possible for fans.
The FBI warns against DDoS attacks
The news is coming barely 24 hours after the FBI issued an advisory and urged organizers of the Tokyo 2020 Summer Olympics to beef up their security. The advisory warned the organizers that a wave of DDoS attacks could be launched to disrupt the event and possibly hold sensitive data hostage.
The FBI also warned that the threat actors could plan to disrupt private or public digital infrastructure that supports the Olympics.
Additionally, the actions of the threat actors could disrupt multiple functions, including security, ticketing, transit, hospitality, and the broadcasting environments. The FBI also stated that Japanese IT giant Fujitsu reported a data breach in May which exposed data from several of its government clients. These include the Japanese Ministry of Land, Transport, and Tourism, as well as the Tokyo 2020 Organizing Committee.
However, the FBI said it isn’t aware of any specific cyber threat on the Olympics, but advised partners to be very conscious and active in their security infrastructure.