Hackers managed to access Apple and other large corporations’ data center logins, according to a cybersecurity firm. Furthermore, they had remote access to security cameras, and depending on their level of access, they might even have had physical access to servers.
Hackers acquired access to two third-party data center providers utilized by numerous large corporations, and from there they were able to collect data center logins for up to 2,000 additional organizations, including Apple, Amazon, BMW, Goldman Sachs, and Microsoft.
Data center logins of 2,000 major companies were maliciously obtained two years ago
Apple uses third-party data centers like Amazon Web Services in addition to having its own throughout the world. Two of the biggest data center operators in Asia, GDS Holdings and ST Telemedia Global Data Centers, are where Apple and other companies place servers. Both businesses provide colocation services, which let customers place their own servers in a facility they supply for the buildings and network equipment.
As reported by Bloomberg, hackers were able to breach both organizations’ networks, and from there they were able to obtain data center logins for the customer care systems of about 2,000 other businesses that have servers hosted there.
In an episode that underscores the vulnerability of global computer networks, hackers got ahold of login credentials for data centers in Asia used by some of the world’s biggest businesses, a potential bonanza for spying or sabotage, according to a cybersecurity research firm.
What the hackers did with the other logins, if anything, is unknown. According to the security company and hundreds of pages of documents reviewed by Bloomberg, the information included credentials in varying numbers for some of the largest corporations in the world, including Alibaba Group Holding Ltd., Amazon.com Inc., Apple Inc., BMW AG, Goldman Sachs Group Inc., Huawei Technologies Co., Microsoft Corp., and Walmart Inc.
The attack took place in 2021, but it was only recently made public. According to the research, client logins were still in use as of January of this year. By forcing password resets at that moment, both data center companies succeeded in keeping the hackers out.
An attacker physically accessing a company’s systems is the worst-case scenario because there is no telling what they could do at that point. According to the cybersecurity company Resecurity, this may have happened in this instance.
“This is a nightmare waiting to happen,” said Michael Henry, former chief information officer for Digital Realty Trust Inc., one of the biggest US data center operators, when told about the incidents by
Bloomberg. (Digital Realty Trust wasn’t affected by the incidents). The worst-case scenario for any data center operator is that attackers somehow get physical access to clients’ servers and install malicious code or additional equipment, Henry said. “If they can achieve that, they can potentially disrupt communications and commerce on a massive scale.”
The majority of the businesses that Bloomberg contacted declined to comment. Alibaba, Amazon, Huawei, and Walmart were included in this. Several attempts for comment from Apple were not answered.
Although they both acknowledged that there had been data center login breaches, both data center operators downplayed their seriousness.