Internet service provider Brightspeed confirmed that it’s investigating criminals’ claims that they stole more than a million customers’ records and have listed them for sale for three bitcoin, or about $276,370.
“We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees and authorities informed,” Brightspeed spokesperson Gene Rodriguez Miller told The Register, but declined to answer specific questions about the cyber crooks’ claims.
“We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats,” Rodriguez Miller said.
On Sunday night, a cybercrime crew called Crimson Collective said in its Telegram channel that it had, “in our hands,” more than one million residential users’ details including: customer/account master records containing names, emails, phone numbers, billing and service addresses; session and user IDs; payment history and methods linked to accounts including the last four digits of customers’ credit cards; order records and other information.
“If anyone has someone working at Brightspeed, tell them to read their mails fast!” the post seen by The Register said.
A day later, the crims published samples of the allegedly stolen files on the same channel.
While they wouldn’t say how they gained access to the broadband provider’s systems, a Crimson Collective spokesperson told The Register that it was a “sophisticated attack” that also allowed them to “disconnect every user from their mobile service.”
We can’t verify this claim, so take it for what it is.
The spokesperson also claimed that Brightspeed’s security team ignored the group’s emails sent before the breach was disclosed, and that the crew has since set a sale price of three bitcoin. If no one is interested in buying the dataset, Crimson Collective plans to dump all of the information online in a week.
Crimson Collective is a newish extortion crew that claimed to have broken into Red Hat’s private GitLab repositories in the fall, exfiltrating about 570 GB of compressed data, some of which Nissan later said affected around 21,000 of its customers.
Shortly after Red Hat confirmed the intrusion, Crimson Collective announced it had teamed up with the ShinyHunters-linked Scattered Lapsus$ Hunters collective to extort the IBM-owned biz. ®