Rogers Communications data allegedly sold on a hacker forum | Cybernews
Rogers Communications data allegedly sold on a hacker forum
Updated on: 07 April 2023
Vilius Petkauskas
Vilius Petkauskas
Senior Journalist
Rogers Communications breach
Image by Shutterstock.
Rogers’ leak includes data from the company’s active directory, including information on customers, the attackers claim. The company confirmed the leak, saying some of Rogers’ employees “business contact information” was exposed.
Attackers posted an ad on a mostly Russian-speaking hacker forum, alleging the database for sale belongs to Rogers Communications, a Canadian media behemoth providing wireless, cable, and internet services.
The ad supposedly includes three Rogers’ Active Directory (AD) databases: users, groups, and devices. Organizations use AD to connect users with network resources. Typically, AD includes critical data on the company’s environment, for example, what users can do and what devices operate within the system.
Roger data breach
Rogers' data posted on a cybercrime forum. Image by Cybernews.
Rogers confirmed some some of the company's data was leaked on the dark web. However, the company's spokesperson maintained that only employee data was exposed and no customer details were included in the leaked database.
“Through proactive monitoring, we identified that business contact information, such as work email addresses and phone numbers, for Rogers employees was posted on the dark web. No personal details, including banking information, social insurance numbers or passwords, were accessed or posted. Our investigation also indicates no customer information was accessed or posted,” Rogers told Cybernews.
Data samples of the three AD databases included in the ad, and seen by Cybernews, contain customer names and surnames, phone numbers, email addresses, locations, company names, account launch date, user device operating systems, user roles, device security status, and other sensitive data points.
While the sampled attackers provided don’t include employee data, the Cybernews researcher team believes the AD could also host information on the company’s employees that use Rogers’ network resources, as this type of data is usually included in AD databases.
Threat actors put a $14,000 price tag on the three databases mentioned in the ad. The ad doesn’t specify the size of the database or the number of the company’s users it exposed.
AD leaks are especially concerning as the information stored there allows outsiders to understand who controls access to the system. Attackers could leverage the data for unauthorized access and subsequent lateral movement within the system. It also can be challenging for security teams to trace all the breached areas with the affected system.
Last year, Rogers experienced a severe outage that lasted for 19 hours and pushed 12 million customers offline. The loss of connectivity prompted the Canadian Radio-television and Telecommunications Commission (CRTC) to launch an inquiry, saying, “Events of this magnitude paralyzing portions of our country’s economy and jeopardizing the safety of Canadians are simply unacceptable.”
Weeks later, a hacker using the pseudonym Rektengle said he hacked Rogers days before the outage to help the company secure the perimeter. The attacker supposedly reported the bug to Rogers on July 7 – a day before the blackout – via a Facebook message. The company claims the outage was caused by a “network system failure following a maintenance update to our core network.”
According to Forbes, Roger Communications generated a revenue of $11.8 billion in 2022 and enjoyed a profit of $1.3 billion.
Updated on: 07 April 2023
Vilius Petkauskas
Vilius Petkauskas
Senior Journalist
Rogers Communications breach
Image by Shutterstock.
Rogers’ leak includes data from the company’s active directory, including information on customers, the attackers claim. The company confirmed the leak, saying some of Rogers’ employees “business contact information” was exposed.
Attackers posted an ad on a mostly Russian-speaking hacker forum, alleging the database for sale belongs to Rogers Communications, a Canadian media behemoth providing wireless, cable, and internet services.
The ad supposedly includes three Rogers’ Active Directory (AD) databases: users, groups, and devices. Organizations use AD to connect users with network resources. Typically, AD includes critical data on the company’s environment, for example, what users can do and what devices operate within the system.
Roger data breach
Rogers' data posted on a cybercrime forum. Image by Cybernews.
Rogers confirmed some some of the company's data was leaked on the dark web. However, the company's spokesperson maintained that only employee data was exposed and no customer details were included in the leaked database.
“Through proactive monitoring, we identified that business contact information, such as work email addresses and phone numbers, for Rogers employees was posted on the dark web. No personal details, including banking information, social insurance numbers or passwords, were accessed or posted. Our investigation also indicates no customer information was accessed or posted,” Rogers told Cybernews.
Data samples of the three AD databases included in the ad, and seen by Cybernews, contain customer names and surnames, phone numbers, email addresses, locations, company names, account launch date, user device operating systems, user roles, device security status, and other sensitive data points.
While the sampled attackers provided don’t include employee data, the Cybernews researcher team believes the AD could also host information on the company’s employees that use Rogers’ network resources, as this type of data is usually included in AD databases.
Threat actors put a $14,000 price tag on the three databases mentioned in the ad. The ad doesn’t specify the size of the database or the number of the company’s users it exposed.
AD leaks are especially concerning as the information stored there allows outsiders to understand who controls access to the system. Attackers could leverage the data for unauthorized access and subsequent lateral movement within the system. It also can be challenging for security teams to trace all the breached areas with the affected system.
Last year, Rogers experienced a severe outage that lasted for 19 hours and pushed 12 million customers offline. The loss of connectivity prompted the Canadian Radio-television and Telecommunications Commission (CRTC) to launch an inquiry, saying, “Events of this magnitude paralyzing portions of our country’s economy and jeopardizing the safety of Canadians are simply unacceptable.”
Weeks later, a hacker using the pseudonym Rektengle said he hacked Rogers days before the outage to help the company secure the perimeter. The attacker supposedly reported the bug to Rogers on July 7 – a day before the blackout – via a Facebook message. The company claims the outage was caused by a “network system failure following a maintenance update to our core network.”
According to Forbes, Roger Communications generated a revenue of $11.8 billion in 2022 and enjoyed a profit of $1.3 billion.
