Nestlé says it leaked its own test data, not Anonymous

Have a break, don't have any more KitKat, junk food giant also tells Russia

Nestlé, which is to stop selling KitKats and other brands in Russia, says corporate data leaked online this week by Anonymous was not stolen nor all that useful.

The hacktivist group boasted it had obtained and dumped on the internet 10GB of the multinational's records, including emails, passwords, and customer information, leading some to assume it was stolen during a network intrusion. However, Nestlé told The Register the data is not real or sensitive, wasn't stolen, and was accidentally leaked by itself via one of its own websites.

"This claim of a cyber-attack against Nestlé and subsequent data leak has no foundation," a spokesperson for the biz told us.

"It relates to a case from February this year, when some randomized and predominantly publicly available test data of a B2B nature was unintentionally made accessible online for a short period of time on a single business test website. We quickly investigated and no further action was deemed necessary. Cyber security is one of our top priorities. We continuously monitor the IT landscape and take all actions needed to ensure we stay cybersecurity-resilient."

That 10GB of data is actually a 6MB download that unpacks to less than 100MB of plain-text SQL database dumps. These primarily list what's said to be purchase orders from stores and Nestlé partners. A lot of the data appears to be made-up, complete with addresses, or uses publicly available information, such as the street addresses of shops and other vendors. There are a handful of real-looking email addresses in there, mainly ones, and one or two from what appears to be an IT supplier for the multinational.

It does seem to be, as Nestlé said, test data rather than a full-blown internal leak.

Separately, in a statement posted to its website on Wednesday, Nestlé voiced its support for Ukraine and its 5,800 employees who work in the country. The biz said it was mostly cutting ties with Russia amid President Putin's invasion of his neighboring nation.

"As the war rages in Ukraine, our activities in Russia will focus on providing essential food, such as infant food and medical/hospital nutrition — not on making a profit," Nestlé said. Any profit it does generate will be donated to humanitarian relief efforts, the company added.

"Going forward, we are suspending renowned Nestlé brands such as KitKat and Nesquik, among others," the statement continued. "We have already halted non-essential imports and exports into and out of Russia, stopped all advertising, and suspended all capital investment in the country."

The global food-equivalent giant's stance on Russia came a few days after Anonymous called on "all companies" to halt sales and operations in the nation "Pull out of Russia! We give you 48 hours to reflect and withdraw from Russia or else you will be under our target!" the group tweeted, along with an image showing logos of more than 40 brands including Nestlé, Burger King, Cloudflare, and Citrix.

Some logos on the list, including Bridgestone Tires and Halliburton reportedly heeded the warning.  

And on Monday, Anonymous claimed to make good on its threats against Nestlé with a data dump:

Though as we've seen, it's pretty much fake.

Is pro-Ukraine mischief ok?

As Russian aggression against Ukraine continues, hacktivists and cyber-criminals on both sides have sought to derail websites and networks, depending on where the gangs' and developers' loyalties lie.

Russia-based ransomware group Conti, for example, after pledging its loyalty to the Kremlin, suffered a massive security breach of its own at the hands of a Ukrainian techie. 

And last week, the developer of JavaScript library node-ipc deliberately introduced a critical security vulnerability that, for Russian and Belarusian netizens, would destroy their computers' files by overwriting them with a heart emoji.

The programmer, Brandon Nozaki Miller, aka RIAEvangelist on GitHub, later revised his code to instead save a message of calling for peace, not war, on users' desktops, and claimed the stunt was a "non-violent protest against Russia's aggression."

This and other cyber incidents have sparked a debate about whether Ukrainians and others who oppose the Russian war are justified in launching cyberattacks and online mischief against the invading country. 

A poll of "security experts" conducted by The Washington Post found 47 percent of respondents said launching offensive hacks against the Russian government is justified, while 53 percent said they aren't.

The publication quoted Michael Daniel, who led the Obama administration's cyber team and now serves as president of the Cyber Threat Alliance, as saying: "When a country faces an existential threat like what Russia poses to Ukraine, cyber volunteers are justified in launching offensive cyber operations against the attacking government, just like volunteers are justified in taking up physical arms to resist attackers." ®

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Info on 1.5m people stolen from US bank in cyberattack
    Time to rethink that cybersecurity strategy?

    A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.

    In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021. The organization's sysadmins, however, said they hadn't fully figured out whose data had been stolen, and what had been taken, until now. On June 2, they concluded criminals "accessed and/or acquired" files containing personal information on 1,547,169 people.

    "Flagstar experienced a cyber incident that involved unauthorized access to our network," the bank said in a statement emailed to The Register.

    Continue reading
  • Halfords suffers a puncture in the customer details department
    I like driving in my car, hope my data's not gone far

    UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.

    Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars.

    In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference].

    Continue reading
  • Elasticsearch server with no password or encryption leaks a million records
    POS and online ordering vendor StoreHub offered free Asian info takeaways

    Researchers at security product recommendation service Safety Detectives claim they’ve found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub.

    Safety Detectives’ report states it found a StoreHub sever that stored unencrypted data and was not password protected. The security company’s researchers were therefore able to waltz in and access 1.7 billion records describing the affairs of nearly a million people, in a trove totalling over a terabyte.

    StoreHub’s wares offer point of sale and online ordering, and the vendor therefore stores data about businesses that run its product and individual buyers’ activities.

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading

Biting the hand that feeds IT © 1998–2022