American retailer Dick’s Sporting Goods has apparently been pwned by hackers who have forced the company to take down their email, phone system, and lock employees accounts as a result. Here’s the details from Bleeping Computer:
According to a filing with the U.S. Securities and Exchange Commission (SEC), the company has hired outside cybersecurity experts to help contain the security breach and assess the cyberattack’s impact.
“On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information,” the retailer giant said.
“Immediately upon detecting the incident, the Company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate, and contain the threat.”
According to a source who requested anonymity to speak freely, the company has provided few details about the breach and is telling employees not to discuss it publicly or put anything in writing.
The same source told BleepingComputer that email systems had been shut down, likely to isolate the attack, and all employees had been locked out of their accounts. IT staff is now manually validating employees’ identities on camera before they can regain access to internal systems.
What that implies is that the threat actors used an employee account or accounts to gain access. And the account or accounts in question had enough power to let the threat actor do damage. That shows the need for companies to implement either MFA solutions or passwordless solutions as either would make it difficult to impossible for a threat actor to pull something like this off. I say that because I am going to guess that Dick’s did not have either of those implemented, which is why we’re talking about that today. Perhaps they should be considering such a solution, after they get back online of course.
Related
This entry was posted on August 30, 2024 at 9:12 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Dick’s Sporting Goods Pwned By Hackers
American retailer Dick’s Sporting Goods has apparently been pwned by hackers who have forced the company to take down their email, phone system, and lock employees accounts as a result. Here’s the details from Bleeping Computer:
According to a filing with the U.S. Securities and Exchange Commission (SEC), the company has hired outside cybersecurity experts to help contain the security breach and assess the cyberattack’s impact.
“On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information,” the retailer giant said.
“Immediately upon detecting the incident, the Company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate, and contain the threat.”
According to a source who requested anonymity to speak freely, the company has provided few details about the breach and is telling employees not to discuss it publicly or put anything in writing.
The same source told BleepingComputer that email systems had been shut down, likely to isolate the attack, and all employees had been locked out of their accounts. IT staff is now manually validating employees’ identities on camera before they can regain access to internal systems.
What that implies is that the threat actors used an employee account or accounts to gain access. And the account or accounts in question had enough power to let the threat actor do damage. That shows the need for companies to implement either MFA solutions or passwordless solutions as either would make it difficult to impossible for a threat actor to pull something like this off. I say that because I am going to guess that Dick’s did not have either of those implemented, which is why we’re talking about that today. Perhaps they should be considering such a solution, after they get back online of course.
Share this:
Like this:
Related
This entry was posted on August 30, 2024 at 9:12 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.