A threat actor named “grep” has claimed responsibility for an alleged data breach involving Capgemini, a leading multinational IT services and consulting company.
The breach was announced earlier this week via a post on BreachForums, where the actor shared details about the stolen data and offered downloads to forum users. The post highlights that 20 gigabytes of sensitive data, including databases, source code, private keys, credentials, and employee information, were compromised.
The leaked data includes logs related to T-Mobile's virtual machines, API keys, and internal project files, along with confidential company information. Samples provided by “grep” feature SQL entries listing employee credentials and user permissions, potentially exposing significant security vulnerabilities. Capgemini employees' names, emails, usernames, and hashed passwords were also listed in the breach, along with administrative permissions for various internal projects.
The entire data set was made available for the nominal price of 8 credits on BreachedForums, which corresponds to a small amount in real money, used by cybercriminals as a filter to ensure that only registered forum members can access it.
Capgemini, headquartered in Paris, is a global IT services giant with a revenue of €22.5 billion in 2023 and over 337,000 employees. The company offers a wide range of consulting, digital transformation, and outsourcing services. Its clients include some of the world's largest organizations, making any data breach a significant security concern. The inclusion of T-Mobile virtual machine logs in the breach hints at a potential risk to Capgemini's clients as well.
The breach raises serious concerns about the safety of Capgemini's infrastructure and the protection of client data. Although it is not yet clear how the breach was executed, the leak could expose Capgemini and its clients to cyberattacks and reputational damage.
It is important to note, however, that, as of writing this post, Capgemini has not officially confirmed the breach. CyberInsider has contacted the IT services company for a comment on the threat actor's claims, and we will update this post as soon as we hear back.
An element that adds some credibility to the data breach allegations is grep's participation in the “CyberNiggers” group, which has previously claimed responsibility for multiple data breaches that the victimized organizations later confirmed.
Latest Windows Update Fixes 4 Zero-Days, One Exploited for Six Years
Leave a Reply