OurMine has claimed another victim, lifting roughly 3.12TB worth of internal files from Vevo and posting them online.
The majority of the files taken from the music video giant include benign data including weekly music charts, pre-planned social media content and various details about the artists under the record companies' management, according to Gizmodo, which first reported the leak. However, some files were more sensitive, though, such as one which reveals the alarm code for the company's offices.
OurMine has made a name for itself by breaking into bigwigs’ social media accounts, including Google CEO Sundar Pichai, Facebook founder Mark Zuckerberg and Uber CEO Travis Kalanick. Its efforts, it said, are meant to alert users to the security flaws in their habits and systems. It has also targeted organizations, including the New York Times and Buzzfeed, and it also has taken down WikiLeaks a few times.
“Another large company has had data stolen, and it’s the attackers that are bringing it to light,” Terry Ray, CTO at *** Imperva *** www.imperva.com said via email. “While we don’t know the specifics yet, it is common that companies become aware of a breach only once the data has been shared beyond the attacker, this was further highlighted in a Verizon Data Breach Report a few years back. However, there are also cases, like one at a defense contractor, also a couple of years ago, where the victim knew the data was being stolen but had to let it go while they determined that no further hidden holes existed, before shutting of the data leak in an effort to prevent a rush volume of additional data loss. They too lost over a terabyte of data.”
He added, "In this new case, the attackers claim to have 3.12 terabytes of data from Vevo—and we don’t know how long they have been accessing the Vevo systems or what additional data—financial, email, employee info —the attackers may have in addition to the weekly music charts etc. Since most organizations will get hacked at one point or another, organizations should ask themselves what is their sensitive data, where is their sensitive data and try to invest in protecting it. Businesses can invest in solutions that help them pinpoint critical anomalies that indicate misuse of enterprise data stored in databases and file servers, and that also helps them to quickly quarantine risky users to prevent and contain data breaches proactively.”