A hacking group’s claim to have successfully stolen data from Coca-Cola’s network after an audience voted for them to do so has spooked the soft drinks company.
Coca-Cola has confirmed it is investigating the claim – made by cybercriminal collective “Stormous” – but there is little evidence at present to confirm or deny whether any data has in fact been stolen.
Regardless of whether the breach turns out to be a reality, the story still highlights the need for companies of all sizes to install cybersecurity tools and take advantage of the fact that VPN and antivirus software companies now often offer data breach alert features and protection against ransomware.
Telegram Audience Votes Determine Victim
As if it was some sort of dystopian game show, reports suggest that the decision to target Coca-Cola’s network infrastructure was arrived at after a poll was conducted on Telegram.
“We will give you five targets” the message on the Stormous’ channel reads, “you will choose one and we will attack it”. Coca-Cola gained 72% of the overall vote, with toy company Mattel coming a distant second with just 9%.
The other available options in the poll were Danaher, education tech company Blackboard, toy maker Mattel, and General Electric subsidiary GE Aviation.
Some sources have speculated that the options provided signify that the group has an anti-western stance. This could prove to be a good guess, however, it's worth noting that Stormous threw their support behind the Russian government after the invasion of Ukraine and that Mattel, GE, Danaher, and Coca-Cola have all sent some sort of financial donation to the war torn country. The group’s true origins or base are hard to determine, though, with many of their messages written in Arabic.
The group threatened a ‘Denial Attack’ and pledged it would be “leaking the source code of their software” in the initial poll post.
What Does the Hacking Group Claim to Have Stolen?
The Stormous gang has claimed to have stolen around 161GB after a successful breach of Coca-Cola’s servers – and have set up a dark website to sell it on. That data has now been listed online and can be purchased for 1.65 Bitcoin (Roughly $64-68,000) from the group.
The hacking group in question has done this before, and recently too – namely to Fortnite creators Epic Games – although there was also a lack of hard, undeniable evidence that it was definitely Epic’s data that was listed.
According to CISO Advisor, many of the files have names that suggest they include financial data, account information, and passwords.
Protecting Your Business from Data Breaches
It's a tragic fact of digital life that data breaches – and subsequent data theft and leaks – are becoming more common, not less common. The financial ramifications of falling victim to one can, for many businesses, prove to be financially fatal.
The only silver lining is that protecting yourself and your business has never been cheaper. For example, Surfshark recently releaseed Surfshark One, which includes basic antivirus protection and a data breach alert tool – for just $1.49 on top of a Surfshark VPN subscription.
The data breach alert tool will scan the deepest depths of the dark web to see if anyone compromised data has been posted, like the information similar to what Stormous posted about Coca-Cola, but referencing your personal email address or company information. A considerable number of the world's best VPNs offer this sort of provision now – NordVPN has a very similar tool called Dark Web Monitor available via the NordVPN app.
On top of this, a lot of the best antivirus software currently available offers both data breach alert tools and protection against things like ransomware and phishing. If your business has any kind of online presence, it's vital you act now to save yourself later.