Share this article on:
Coca-Cola may have been the victim of a cyber attack after hackers claim to have stolen 161GB of the beverage company’s data, but experts are sceptical about the claims.
Coca-Cola is investigating claims of a breach into its systems by hacking gang Stormous, which has published a statement online declaring it has infiltrated the soft drinks giant’s online infrastructure, lifting 161GB of data. Analysts have urged caution, saying the group has a reputation for making bogus statements.
According to TechRadar, Coca-Cola disclosed this week that it is investigating a possible breach by Stormous after the gang posted to its Telegram channel that it had broken into one of the organisation’s servers and managed to lift 161GB of data. Stormous is demanding 16 million bitcoins from Coca-Cola for the data, while also apparently offering the data for sale on the dark web for $64,000.
“We are aware of this matter and are investigating to determine the validity of the claim,” Coca-Cola communications vice president Scott Leith said in response to the claims.
Coca-Cola data breach: According to Stormous
In its blog post, Stormous wrote that it had hacked Coca-Cola’s servers and acquired a large amount of data.
It has not provided any details on the type of data but has demanded that the company contact it to discuss returning the information in exchange for a fee.
The claim followed a poll that the gang had posted the week before, tantalising its followers with a choice of who it could breach. Coca-Cola won with 72 per cent of the votes.
“Since it was a vote on giant beverage company Coca-Cola we hacked some of their servers,” Stormous wrote.
The group added it was opening a store on the dark web where it would be selling information from the Coca-Cola hack, as well as data stolen from other targets.
Last month, Stormous released a statement claiming to have lifted data from the network of the Ministry of Foreign Affairs of Ukraine, including phone numbers, emails, passwords, and card numbers from the ministry's database. However, this data was already widely available on the dark web, according to a report by security company SOCRadar.
What’s the story behind Stormous?
Stormous first came to prominence in March with its alleged hack on Epic Games, the company behind Fortnite.
It claimed it had discovered a vulnerability in the company’s internal network, where it stole nearly 200Gb of data, including the information of nearly 33 million users. But though it said it would leak the data onto the dark web, no information was forthcoming after the initial threats.
This behaviour makes security researchers sceptical about the Coca-Cola hack.
Speaking with TechRadar, Etay Maor, senior director of security strategy at security company Cato Networks, outlined that the history of this group is questionable at best.
“With the Ukrainian Ministry, the data was already out there and the one with Epic Games was never proved.”
This sort of hack is known as “scavenging”, Maor explained, adding that the group wouldn’t be the first ones to do these kinds of scavenger hunts where they take stuff that’s already out there.
According to Chris Morgan, senior cyber threat intelligence analyst at security company Digital Shadows, this technique is not uncommon.
“Some researchers have suggested that many of their attacks are either a scam or the group is exaggerating their claims.
“This is not uncommon for cyber criminal groups, who often embellish the details of their activity in order to coerce victims into paying a ransom,” Morgan said.
Morgan adds that it’s possible Stormous has been engaging in scavenging, but there is currently a lack of evidence to prove this.
The gang’s reputation and the magnitude of their latest alleged victim means it is likely the Coca-Cola hack claims are false, argues Allan Liska, cyber security incident response team lead at Recorded Future.
“There is a lot of scepticism around Stormous and this attack in particular.
“In the grand scheme of things, 161GB of data is not a lot for a group that supposedly had access to Coca-Cola’s corporate network and was able to exfiltrate data unfettered.”
Liska added that Stormous is known as “a bit of a clown show” but warns that it doesn’t mean the group didn’t successfully pull off the attack – it is possible.
“But I think many researchers are going to need additional verification before taking this group at their word,” Liska concluded.
[Related: ‘Hack DHS’ bug bounty program uncovered 27 ‘critical’ vulnerabilities]