A company spokesperson said on Thursday this needed to be validated by Nitro.
This claim and numerous others made by Cyble — all of which are detailed below — were put to Nitro and a response sought. A company spokesperson responded: "Nitro is not in a position to provide further comment while the investigation is ongoing. We are continuing to communicate with our customers and will provide updates via the Nitro security page as more details become available."
iTWire reported the breach on Tuesday and followed up with a second story after Nitro issued an update about the incident on Wednesday.
The Cyble spokesperson said its personnel had informed Nitro about the breach, after having discovered it on 20 October. Nitro issued an ASX announcement on 21 October, describing the breach as "an isolated security incident".
|
"We have credible intelligence that the actual documents may have been dumped as part of the cyber attack," the Cyble spokesperson said, adding that while the perpetrators had claimed they had gained significant access to Nitro's cloud Infrastructure, the validity of the claim and the extent of it needed to be investigated.
Asked whether ransomware was involved, the Cyble spokesperson said it was unaware whether this was the case.
"The breach itself is massive and based upon their current statements, and there is a misalignment – millions of their document databases have been compromised. We validate the user accounts database through their forum users – on which they allow email address as username (not a great practice!)," the spokesperson said.
Another point made by the spokesperson was that the metadata in the document database (i.e. name field) could give cyber criminals insights about who might have access to sensitive documents, such as those related to mergers and acquisitions, in an organisation.
"The leaked information has been acquired by Cyble and indexed on amibreached.com where users can ascertain if their information is exposed," the spokesperson added.
Cyble, which was founded in Melbourne in 2019, is now based in Atlanta, Georgia, and provides a third-party cyber risk intelligence platform. It also has operations in Singapore and says it has customers in the US, Europe, Australia and other parts of Asia.