"ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment. On Friday, the criminals leaked data allegedly stolen from market-intel broker Crunchbase, streaming platform SoundCloud, and financial-tech firm Betterment, and confirmed to The Register that they gained access to two of the three - Crunchbase and Betterment - by voice-phishing Okta single-sign-on codes."
"SoundCloud in December confirmed it had been breached and the crooks accessed data belonging to about 20 percent of its users, which translates to about 28 million people, based on the company's publicly available customer count. When asked about ShinyHunters' claims, a SoundCloud spokesperson told us that the streaming platform is "aware that a threat actor group has published data online allegedly taken from our organization," and directed users to a January 13 blog update for more information."
ShinyHunters claims to have executed an Okta voice-phishing campaign that allowed the group to gain access to Crunchbase and Betterment. The group leaked data allegedly stolen from Crunchbase, SoundCloud, and Betterment, stating that Crunchbase and Betterment were accessed via voice-phished Okta single-sign-on codes. SoundCloud confirmed a December breach affecting roughly 20 percent of users, about 28 million people, and said its security team with third-party experts is reviewing published data. ShinyHunters said they did not use Okta credentials to access SoundCloud and asserted involvement in additional intrusions. Reported dumps contain millions of PII records.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]