🎯Basically, a hacker claims to have leaked video footage from a company's security cameras.
What Happened
A Mexican IT services firm, Be Prime, is currently dealing with a significant cybersecurity incident. An attacker using the alias dylanmarly has claimed to leak screenshots of video surveillance footage from the company. The hacker posted these claims on a cybercrime forum, asserting they had accessed Be Prime's Cisco Meraki Vision panel, which could potentially allow them to view live feeds from client offices.
Who's Affected
Be Prime serves a variety of high-profile clients, including major players in the energy sector and national pharmacies. While the firm has confirmed the cyberattack, they maintain that client operations remain unaffected. However, the implications of the attack could be serious if sensitive data has indeed been compromised.
What Data Was Exposed
The attacker claims to have leaked 12.6 GB of data, which includes not just surveillance footage but potentially sensitive information belonging to Be Prime and its clients. The specifics of what data is included in this leak remain unclear, as Be Prime has not fully addressed these claims.
What You Should Do
If you are a client of Be Prime, it is crucial to monitor your accounts for any unusual activity. Be Prime has activated its containment and remediation protocols, but staying vigilant is essential. Clients should reach out to Be Prime directly for any concerns or clarifications regarding the incident.
Technical Details
The attacker alleges that the breach was facilitated by the lack of two-factor authentication on admin accounts, which allowed them to gain access to the Meraki API keys. This access purportedly enabled control over thousands of Be Prime's network devices, including security cameras. Be Prime has not confirmed these specific claims but has acknowledged the cyberattack.
Company Response
Be Prime has stated that they are working with Cisco Talos to remediate the situation. They emphasize their commitment to transparency and have activated a dedicated contact method for clients to address any questions regarding the breach. The firm has also warned against the dissemination of inaccurate information and is prepared to take legal action if necessary.
In conclusion, while Be Prime asserts that operations have not been impacted, the claims made by the attacker raise significant concerns about data security and client privacy. As investigations continue, both Be Prime and its clients must remain proactive in addressing potential vulnerabilities.
🔒 Pro insight: The breach underscores the critical need for implementing strong authentication measures to safeguard sensitive systems.
