🎯Hackers broke into the European Commission's cloud storage by stealing a key that allowed them access. They took a lot of sensitive information, which could affect many people in Europe. The Commission is now working to fix the problem and protect against future attacks.
What Happened
The European Commission has confirmed a serious security breach involving its Amazon cloud infrastructure, which hosts the Europa.eu platform. The breach was discovered on March 24, and the Commission took immediate action to investigate and contain the incident. The breach was facilitated by a compromised API key linked to a supply chain attack on Aqua Security’s Trivy vulnerability scanner.
Who's Affected
According to a statement released on March 27, early findings suggest that sensitive data has indeed been taken from the cloud services used by the Commission. The Commission is notifying relevant EU entities that may be affected by this incident. The breach potentially impacts 71 clients of the Europa web hosting service, including 42 internal clients of the European Commission and at least 29 other Union entities.
What Data Was Exposed
Hackers, identified as the ShinyHunters group, claim to have compromised over 340 GB of data, which includes confidential documents, contracts, and personally identifiable information (PII) of employees. The stolen data consists of names, email addresses, and usernames, primarily from the EC’s websites. Additionally, around 2.22 GB of the data, or 51,992 files, represents automated notifications that may contain personal information. Screenshots allegedly shared by the group show access to mail servers, databases, and even internal administrative URLs.
Current Status
The Commission's internal systems reportedly remain unaffected, and they are continuing to monitor the situation while enhancing their cybersecurity capabilities. Upon learning of the compromise, the EC revoked the compromised account’s rights, deactivated and rotated the compromised credentials, and notified the relevant data protection bodies. This breach follows a previous incident disclosed in February, where the Commission's mobile device management platform was hacked, raising concerns about the security of EU institutions.
Future Measures
The Commission's recent cybersecurity proposals aim to bolster defenses against state-backed actors and cybercriminals targeting Europe’s critical infrastructure. The analysis of the databases linked to the hosted websites is currently underway, and given the volume and intricate nature of the data involved, this process requires considerable time.
This breach underscores the vulnerabilities associated with supply chain attacks, particularly in cloud environments. Organizations must prioritize securing API keys and regularly audit their software supply chains to mitigate such risks.
