15 March 2023

Rubrik says hackers stole data via GoAnywhere zero-day flaw


Rubrik says hackers stole data via GoAnywhere zero-day flaw

US-based cloud data management and data security company Rubrik has confirmed that its data was stolen using a zero-day vulnerability in the Fortra GoAnywhere secure file transfer protocol.

GoAnywhere MFT is a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files securely.

Tracked as CVE-2023-0669, the vulnerability resides in the administrative web interface and could be exploited by a remote attacker to achieve remote code execution via a malicious request. Fortra released an emergency patch to address the flaw back in February 2023, warning that the bug was being actively exploited by threat actors.

Rubrik said in a statement that the company was one of the victims of a large-scale campaign against GoAnywhere MFT devices across the globe using CVE-2023-0669.

“We detected unauthorized access to a limited amount of information in one of our non-production IT testing environments as a result of the GoAnywhere vulnerability. Importantly, based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorized access did NOT include any data we secure on behalf of our customers via any Rubrik products,” Rubrik CISO Michael Mestrovichon said.

The affected data includes Rubrik internal sales information such as certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors. Sensitive personal data such as social security numbers, financial account numbers, or payment card numbers is said to have not been impacted in the breach.

The data breach disclosure comes after the Clop ransomware gang added Rubrik to its list of victims, sharing samples of stolen files that contain what appears to be internal Rubrik data, such as names, email addresses, and locations of employees. On its data leak site the gang stated that the data would soon be publicly released.

Earlier this month, fintech banking platform Hatch Bank disclosed a data breach after hackers stole the personal information of almost 140,000 customers using the GoAnywhere bug.

Back to the list

Latest Posts

Cyber security week in review: March 24, 2023

Cyber security week in review: March 24, 2023

The world in brief: BreachForums data breach site shut down, Bitcoin ATM maker General Bytes suffers a $1.5M hack, and more.
24 March 2023
Lionsgate streaming platform exposed data of 37M users

Lionsgate streaming platform exposed data of 37M users

Researchers discovered an unprotected ElasticSearch instance that contained about 20GB of data.
23 March 2023
New stealthy NUIT attack allows to remotely control Siri, Alexa and other smart voice assistants

New stealthy NUIT attack allows to remotely control Siri, Alexa and other smart voice assistants

The technique involves the use of inaudible sounds embedded in regular audio and video files to send malicious commands.
22 March 2023