A Twitter post on Thursday reported a “huge data leak” from Altice Portugal repositories. to what pass It was discovered that the issue has already begun to be analyzed internally by Altice specialists, but the operator does not deny or confirm the existence of a data leak and only guarantees that “all processes and systems” are “running in an “ideal normal condition”.
Altice Portugal is the target of hundreds of cyber attacks on a daily basis, due to its size and the sector it operates in. This type of attack is known to occur frequently, both in the telecom sector and in many other sectors, says the telecom operator.
“At this time, nothing unusual in relation to what was described above has been verified,” the company adds in its response to pass.
Given that Altice Portugal was the target of a similar attack in 2020, there are doubts about whether the data will be recent or revert to other events – this is one of the questions now being raised among experts and observers.
the pass A well-respected source determines that the data leak will concern outside suppliers and will not have information about Altice customers or employees. The same source says that passwords It will be encrypted in the file released on Twitter.
The alert was featured on Twitter by Yad Sofiane El Tahri who appears on this social network as an enthusiast in cyber security issues. In the tweet Published by Tahiri, it is guaranteed that the alleged cyber attack will resort to techniques known as SQL injection, which take advantage of legacy databases to exploit vulnerabilities that allow large amounts of information to be extracted from the Internet.
Images posted on Twitter indicate that the alleged attack will focus on repositories with data from specialists in Altice Portugal. The images show references to phone numbers, taxpayer numbers, and passwords that Altice workers will eventually use.
It is also possible to see references to 2021 and 2022, but it cannot be confirmed whether these are recent or not.
Although questioned pass, the operator did not say whether or not there was a leak of customer data.
In the cybersecurity community, SQL injection attacks are outdated. After the first big wave of attacks in the early decades of the century, security companies and IT departments began to take action and eliminate most of these attacks – but some databases remained unsecured because notably they contained legacy modules not protected by specific filtering or traffic monitoring Internet traffic (firewalls).
“If in the application development cycle they do not run static and dynamic tests to discover these vulnerabilities, then it is likely that the applications will later go into production with bugs It is very high,” he said, anonymously, one of the specialists monitoring this case.
Text: Hugo Seneca
Photo: Getty Images
“Writer. Analyst. Avid travel maven. Devoted twitter guru. Unapologetic pop culture expert. General zombie enthusiast.”