What will happen to the data of clients of Gloria Jeans and other Russian companies that got into the network

For a hacker attack on the client data of Gloria Jeans, Bukvoed, Auchan, etc. that got into the network, already compromised (hacked) accounts of employees of companies or their contractors could be used, the CEO of FACCT (former Group- IB in Russia and the CIS) Valery Baulin.

“Often, attackers look at databases for sale or free of charge with already hacked accounts and use them to access, for example, a company website to get customer databases,” he said. The stolen data could be used for phishing attacks or phone scams, the expert pointed out.

Within a few days, the attackers posted the user data of several offline and online stores online. Phones and e-mails of customers, presumably, the Bukvoed online bookstore, the Leroy Merlin hardware store, the Eat Home recipes website, and the Tvoe clothing store, were exposed to the public, Data Leakage & research company reported on June 8. Breach Intelligence (DLBI), which specializes in data breach intelligence and dark web monitoring.

Earlier it was reported about the leak of the database of Auchan, Tvoi Dom and Gloria Jeans stores, as well as Askona and Book24. The leak could have occurred through the 1C-Bitrix database management system, DLBI suggested. The uploaded customer data of Gloria Jeans contains 3.16 million unique email addresses and 2.36 million unique phone numbers, they say.

Gloria Jeans data breach of over 3 million customers confirmed. “According to preliminary information, these parts of users were stolen during technical work related to the site,” the company said on June 8. Gloria Jeans clarified that they are taking additional security measures to protect customer data.

1C-Bitrix said that one of the reasons for the problems with the cybersecurity of companies is the lack of scheduled regular updates of the entire critical infrastructure of a web project. The company claims that all vulnerabilities were eliminated a few months ago. Free upgrades have been released and customers have been informed, reported in 1C-Bitrix to Kommersant.

Attackers can use partially stolen data to clarify the context of phishing attacks, Yevgeny Rodygin, director of information security and special projects at IVA Technologies, told Vedomosti. Phishing emails include leaked data that, from the point of view of the client of these services, is known only to the services. And this, says Rodygin, increases the confidence in such attacks among users and, accordingly, increases their effectiveness. Further, the obtained data complements the already known merged databases, expanding information about specific individuals, which helps attackers to better analyze the targets of attacks.

“If we are talking only about phones and e-mail, this can be used to update the database of scammers and spammers. But much bigger problems for clients can arise if, along with phones, scammers get access to first and last names, passport data, bank cards, ”says Konstantin Ankilov, managing partner of TMT Consulting.

According to FACCT, the number of hacker attacks on commercial companies and government organizations in order to steal their data is constantly growing. In five months of 2023, the number of leaks (91 cases) increased by 12% compared to the same period last year. In 2023, repeated leaks from those who have already been subjected to data theft earlier were recorded, a FACCT representative noted

As a rule, data leaks are associated with a negligent attitude to information security issues and the active actions of intruders, says Rodygin. “In some cases, such incidents do not cause any damage to company owners, and accordingly there is no interest in security issues. But to avoid a leak, you need to take these threats seriously as well. And take a comprehensive approach to the security of information systems,” he notes.

Companies, regardless of size, need to regularly conduct security audits, Baulin said. According to him, IT solutions help to secure data as much as possible, which quickly analyze cyber risks in real time, for example, whether company data is posted on shadow resources, whether there are open ports, vulnerabilities and other factors.

“In our experience, more than half of incidents result from vulnerabilities at the perimeter of company networks and can be prevented. For example, a misconfiguration of the company’s servers or a vulnerability in the code can lead to a leak,” Baulin said.

Technical work on the site is a regular task, Ankilov says about the Gloria Jeans data leak situation. “If the data theft really happened at this stage, then not only customer data, but also other valuable commercial information could be stolen. It also introduced discord in business processes,” he notes.

In order to secure your data, you need to protect your account as much as possible. Two-factor authentication is required to enter the service – it will stop intruders with a username and password, FACCT advises

The incident is a reason for companies to revise their security policy in two directions – in IT security and in the personnel service, Ankilov believes. To minimize the human factor, it is necessary to “decrease the capacity” so that the bases can be “physically” taken out or forwarded, he said. But so far the situation is such that a very wide range of employees in most companies has access to the customer database, the expert noted.