More Data Leaks as part of OpOlympicHacking

In our recent whitepaper, we demonstrated eight cybersecurity considerations around Rio 2016. The paper lays out hacktivism and cybercrime threats that organizations can expect to see throughout the competition. Since we published the paper, we’ve observed further activity as part of OpOlympicHacking.

Last week, a post was added to Pastebin, which included entries from a database table alleged to have been breached from the website of a consulting firm based in Sao Paolo, Brazil that specializes in international trade, government affairs and investment projects.

The post also contained a link to a Twitter account associated with the hacktivist campaign OpOlympicHacking, though there was no announcement on this account that the company had been targeted.

The exposed data appeared to consist of eight sets of usernames and corresponding clear text passwords. Online searches did not indicate that the data had been posted to publicly available sources prior to the post being made. While we could not confirm whether the credentials alleged to have been stolen from this website were genuine, some of the emails appeared to be legitimate due to some of them appearing on the respective company websites and social media profiles.

The source of the data or how it was acquired was not confirmed; however, if a compromise did take place, we assess there to be a realistic possibility it was obtained as a result of an SQL injection attack. This is based on the appearance of database table names in the Pastebin post and the frequent use of SQL injection tools by hacktivist actors. The targeting of this organization was assessed as consistent with previous activity associated with this campaign.

This is not a new tactic. Back in February, as part of OpOlympicHacking, we detected claims of successful data leakage, in one instance against a multinational energy corporation that has been embroiled in multiple corruption scandals in Brazil, as well as claims of successful distributed denial of service attacks. This appears to be a continuation of this trend and, with under a week to go until the opening ceremony, hit is highly likely that further targeting as part of this campaign will be conducted in the near future.

Download our whitepaper, “Eight cybersecurity considerations around Rio 2016”, to learn more about the threats facing organizations at the upcoming games.

Previous Post
Overexposure – photos as the missing link
Overexposure – photos as the missing link

You have heard it all before ­– recycling passwords for multiple services can be catastrophic. One service ...

Next Post
Gambling with Security in Vegas: Not Your Best Bet
Gambling with Security in Vegas: Not Your Best Bet

With BSides Las Vegas, Black Hat, and DEF CON around the corner, security is likely at the forefront of man...


Join 150k subscribers and get the latest news & threat intel in your inbox.

First Name
Last Name
State- optional
Job Title
Thank you!
Error - something went wrong!