Join our brand new verified AMN Telegram channel and get important news uncensored!

Hackers obtain passwords for data centers; Apple, Walmart, and more impacted: Report

SolarWinds hackers. (Pop Nukoonrat/Dreamstime/TNS)
February 23, 2023

Hackers have reportedly broken into two of the largest data centers in Asia, gaining access to troves of data of international firms that have relied on their data storage services.

Customer support websites for the Shanghai, China-based GDS Holdings Ltd. and Singapore-based ST Telemedia Global Data Centres (STT GDC) were breached in recent hacking efforts, according to an analysis by the cybersecurity firm Resecurity, Inc. shared with Bloomberg.

Resecurity believes the hackers may have gained access to the emails and passwords of 2,000 GDS and STT GDC customers. The hacked information could impact global firms like Alibaba , Amazon, Apple, BMW AG, Goldman Sachs, Huawei Technologies, Microsoft Corp, and Walmart Inc, according to Resecurity and hundreds of pages of documents it shared with Bloomberg.

The hackers have logged into at least five firms, according to Resecurity. Those targeted firms included China’s main foreign exchange and debt trading platform and four unspecified Indian firms. It’s unclear what the hackers have done with other data they may have.

Both data storage firms told Resecurity that the stolen information would not impact their clients’ information technology (IT) systems or data. But Resecurity and executives at four of the affected U.S. companies believe the stolen credentials represent a real risk because the stolen data controls who can physically access IT equipment stored at the data centers.

“This is a nightmare waiting to happen,” said Michael Henry, former chief information officer for Digital Realty Trust Inc., a U.S. data center operator. Henry said if hackers can gain physical access to client’s servers, they can install malware or other equipment and “potentially disrupt communications and commerce on a massive scale.”

Many major firms are reliant on third party services to house their data and expand their business networks to other parts of the world. The vulnerability is particularly bad for firms doing business in China, where laws require them to partner with local data service providers.

Other companies who relied on these data storages included Ford, Mastercard, Morgan Stanley, Paypal, Porsche, Verizon, Wells Fargo and ByteDance — the firm behind the popular TikTok video sharing app whose data-collection practices have already raised U.S. national security concerns.

Exactly who is behind these hacking efforts and their motives remain unclear.