According to a cybersecurity firm, hackers managed to access Apple and other large corporations data centre logins. Also, they had remote access to security cameras, and depending on their level of access, they may even have had physical access to servers. Hackers could steal customer support logins for Apple, Amazon, BMW, Goldman Sachs, Microsoft, and as many as 2,000 more organisations from two third-party data centre providers employed by many large businesses.
Apple uses third-party data centres like Amazon Web Services in addition to having its own across the world. Two of Asia’s biggest data centre operators, GDS Holdings and ST Telemedia Global Data Centers, are where Apple and other companies place servers. Both businesses provide colocation services, which let customers place their servers in a facility they supply for the buildings and network equipment.
Along with Apple several other companies like Alibaba Group Holding Ltd and Amazon’s data was breached
According to Bloomberg, hackers acquired login information for the customer support systems of almost 2,000 firms with servers housed there after successfully compromising networks utilised by both organisations. Hackers gained access to login information for data centres in Asia used by some of the largest companies in the world, a potential goldmine for surveillance or sabotage, according to a cybersecurity research group. This incident highlights the fragility of worldwide computer networks.
According to the security company and hundreds of pages of documents reviewed by Bloomberg, the information included credentials in varying numbers for some of the largest corporations in the world, including Alibaba Group Holding Ltd., Amazon.com Inc., Apple Inc., BMW AG, Goldman Sachs Group Inc., Huawei Technologies Co., Microsoft Corp., and Walmart Inc.
The attack took place in 2021, but it was just recently made public. According to the research, client logins were still in use in January of this year. By forcing password changes at that moment, both data centre providers kept the hackers out.
A few firms firms stated that they did not think client data was obtained
An attacker physically accessing a company’s systems is the worst-case scenario since there is no telling what they could do at that point. According to the cybersecurity company Resecurity, this may have happened in this scenario. As the customer-support websites regulate who is permitted to access the IT equipment located in the data centres physically, officials at four significant US-based corporations that were impacted stated that the stolen credentials constituted a unique and dangerous hazard.
The fact that the hackers could access security cameras at one organisation may have simplified physical entry. The majority of the businesses that Bloomberg contacted declined to comment. Alibaba, Amazon, Huawei, and Walmart were included in this. Several attempts for comment from Apple still need to be answered.
A few businesses claimed they did not think client data was obtained and that their operations were unaffected. The hack had “a very limited impact,” according to BMW. Although they acknowledged that there had been breaches, both data centre operators downplayed their importance.