Login credentials of Singapore data centre clients put up on forum

SINGAPORE – The purported login credentials of about 1,200 people representing various organisations that use the services of ST Telemedia’s data centre operator were put up free on a hackers’ forum on Monday.

The data was reportedly stolen from STT Global Data Centres (STT GDC) in 2021, but the company said it had not noticed any data loss or impact to its customer service portals since then.

Cyber-security research firm Resecurity, which reported the breach, said the credentials could have been used by hackers to disguise themselves as authorised users on the portals, but STT GDC said the stolen credentials, which were partial and outdated, were no longer valid and had not been so for some time.

The data breach was reported on Tuesday by Bloomberg, citing Resecurity’s report. It said hackers had obtained e-mail addresses and passwords for the customer-support websites of two of the largest data centre operators in Asia, STT GDC and Shanghai-based GDS Holdings.

Checks by The Straits Times found that the stolen credentials belonged to 1,210 people from various organisations, including Amazon, Alibaba, Morgan Stanley and StarHub.

The passwords put up on the forum had been hashed, or scrambled for security purposes, but this could be reversed.

In a statement put up on its website on Tuesday, STT GDC said: “We can say with complete certainty that any threat to our customer service portals has no bearing whatsoever on the physical security of our data centres.”

Headquartered in Singapore, STT GDC rents space in its data centres to clients who install and manage their own information technology (IT) equipment.

Backed by Singapore’s investment company, Temasek, STT GDC has data centres spanning several countries, including Indonesia, Japan, South Korea and Britain.

Its customer service portals are cloud-based and hosted with third parties, and “do not contain any personal or business critical data”, the company said.

It added that it was first notified of a purported list of login credentials for one of its IT systems – a customer service ticketing tool – circulating on the Dark Web in September 2021.

STT GDC said it immediately responded, conducting internal investigations and commissioning two independent external cyber-security providers.

It said it did not detect any unauthorised access or data loss related to the system, which remains secure to this day.

Besides implementing multi-factor authentication, it also forced password resets for its clients to better protect their security.

In response to The Straits Times’ queries, a spokesman said that any purported credentials still circulating on the Dark Web were now out of date, with the vulnerability in question patched that same year.

However, he declined to specify the vulnerability detected “as a matter of security principle”.

“More recently, in January 2023, we received notification of further threats to customer service portals in our India and Thailand regions.

“Our relevant teams have conducted detailed reviews of these notifications, and our investigations to date indicate that there has been no data loss or impact to any of these customer service portals,” the company said.

The Cyber Security Agency of Singapore said it was aware of the incident and has reached out to STT GDC to offer its assistance if necessary.

Related Articles

Back to top button