Telefónica, Spain’s largest telecommunications company, has confirmed an unauthorized breach of its internal ticketing system. The company’s acknowledgment comes shortly after hackers leaked a portion of the stolen data on a public hacking forum.
The breach has raised concerns about cybersecurity vulnerabilities within major corporations, with Telefónica stating they are taking all necessary measures to secure their systems.
Breach Details and Telefónica’s Response
Telefónica, which operates in twelve countries and employs over 104,000 people, confirmed the incident via an email statement to BleepingComputer. The company disclosed that their internal Jira-based ticketing system, used for managing development and troubleshooting issues, was compromised using stolen employee credentials.
A spokesperson from Telefónica stated:
“We have become aware of an unauthorized access to an internal ticketing system which we use at Telefónica. We are currently investigating the extent of the incident and have taken the necessary steps to block any unauthorized access to the system.”
Hackers reportedly accessed the system on Thursday, obtaining approximately 2.3 GB of data, including documents, tickets, and various internal information. Telefónica responded swiftly, resetting passwords for the affected accounts and blocking further access by the attackers.
How Hackers Gained Access
According to one of the attackers, who goes by the alias Pryx, the breach stemmed from compromised employee credentials. The hacker claims the attack targeted a Jira server used by Telefónica for handling internal issues. The attackers exploited these credentials to gain access to sensitive data stored on the server.
The stolen information was subsequently leaked online, though it remains unclear whether the exposed data includes customer information. While some tickets were reportedly labeled as customer-related, they were linked to internal company email addresses (@telefonica.com), suggesting these tickets may have been opened by Telefónica staff on behalf of customers.
Interestingly, Pryx and their group did not attempt to extort Telefónica or contact the company before releasing the data. This unconventional behavior underscores the group’s intent to make a public statement rather than pursue financial gain.
Links to Hellcat Ransomware Group
The breach was claimed by a group of hackers using the aliases DNA, Grep, Pryx, and Rey. Three of these individuals—Grep, Pryx, and Rey—are reportedly affiliated with Hellcat, a recently launched ransomware group.
Hellcat has made headlines for other high-profile attacks, including a recent breach of Schneider Electric, where 40GB of data was stolen from their Jira server. The group’s involvement in multiple breaches indicates a focused strategy targeting Jira-based systems.
Implications for Telefónica and Cybersecurity at Large
Telefónica’s breach is the latest in a series of attacks targeting enterprise ticketing systems, which often contain sensitive internal information. The incident highlights the risks associated with employee credentials, which remain a significant vulnerability in corporate cybersecurity.
To mitigate such risks, experts recommend companies adopt stronger authentication measures, such as multi-factor authentication (MFA), and conduct regular security training for employees to identify phishing attempts and other threats.
This breach serves as a stark reminder that even the largest and most established corporations are not immune to cyberattacks. As hackers continue to evolve their methods, organizations must remain vigilant in protecting their digital infrastructure.
