One of Brazil’s largest online stores named Fast Shop has undergone an extortion cyber attack leading to disruption of the network and temporary close down of the online store. Extorsion cyber attack is usually coupled with demand for money in return for resuming connectivity. The attackers usually gain access to the organization’s system through vulnerabilities.
Brazil’s Fast Shop or Ben-vindo is an online retailer that sells various products online from electronic gadgets to home appliances. The retailer has the biggest networking market with 89 physical locations and millions of web visitors on a monthly basis.
According to Fast Shop’s spoke person the attack didn’t happen in their physical stores but rather on the company’s main website. The extorsion attack happened in a little dramatic way since the threat actor announced that they have performed a data breach on the Twitter handle of Fast Shop. The threat actor claims to extort Fast Shop for 72 hours after getting an access point into the company’s database on AWS, Azure, GitLab, and IBM cloud. They have also managed to steal the company’s site source code, and sensitive user and corporate data.
— Fast Shop (@fastshop) June 23, 2022
The threat actor used company details to blackmail Fast Shop for paying Ransome and threatened to leak breached data to the public. Reportedly, Fast Shop acted fast and quickly gained momentum to remove the threat actor from their site. They also gained control over the Twitter handle and removed the message posted by the threat actor. They also confirmed the extortion attack on Twitter giving details on the type of cyber attack.
Tec Mundo who is a news reporter at infosec and a Twitter user Felipe Payao saved screenshots of Fast Shop’s replies where they confirmed the attack giving out details to the public.
Fast Shop foi supostamente atacada ciberneticamente e sofre extorsão.
Serviços de nuvem como AWS, Azure, GitLab e IBM teriam sido acessados. Os dados recolhidos envolvem informações de funcionários e clientes, além de códigos-fonte. pic.twitter.com/VCr8baKHQN
— Felipe Payão (@felipepayao) June 23, 2022
