Late July, hackers have posted details alleged stolen from a system belonging to Adi Peretz, a Senior Threat Intelligence Analyst at security firm FireEye/Mandiant.
The leaked archive is a 337MB PST file containing the expert’s emails. Leaked archive also includes images of its accounts, including One Drive, Live, LinkedIn, geo-tracking of personal devices for at least a year, billing records and PayPal receipts.
“In addition to that are images detailing the compromise of their One Drive account, Live account, LinkedIn account, geo-tracking of personal devices for at least a year, billing records and PayPal receipts, credentials for an engineering portal at FireEye, WebEx and JIRA portals, as well as Live and Amazon accounts. There are also records related to an alleged customer, Bank Hapoalim, and internal documentation and presentations, including one for the IDF (Israel Defense Forces) from 2016.” reported Salted Hash.
The security firm has denied any intrusion in its systems, while the hackers who published the alleged Mandiant Internal Leaks claimed it was part of the ongoing campaign #OpLeakTheAnalyst.
Today FireEye provides an update on the event following its investigation into allegations made earlier this week that FireEye had been breached. As background, on July 31,
According to the security firm, the hackers did not hack the company network or the Adi Peretz’s personal or corporate computers.
The login credentials used by Peretz were exposed in the past in numerous data breaches, including LinkedIn.
The experts discovered that the attackers started using the stolen credentials to access several of the Victim’s personal online accounts (LinkedIn, Hotmail and OneDrive accounts) in September 2016.
The documents publicly released were obtained from the Victim’s personal online accounts and many of them were already available online.
Below the list of conclusions published by FireEye in a blog post.
FireEye highlighted that the Victim supports a small number of customers, only two of them were impacted by the leak.
Below the actions conducted by FireEye:
The investigation is still ongoing.
(Security Affairs – FireEye, OpLeakTheAnalyst)