SOCRadar® Cyber Intelligence Inc. | SOCRadar’s Response to the USDoD’s Claim of Scraping 330 Million Emails
Home

Resources

Blog
Aug 05, 2024
4 Mins Read

SOCRadar’s Response to the USDoD’s Claim of Scraping 330 Million Emails

TL;DR

  1. The claim that the threat actor extracted the data from the SOCRadar platform is inaccurate and does not reflect the true source of the information.
  2. ​In reality, they acquired public Telegram channel names through the SOCRadar Platform, then proceeded to scrape publicly available data from these  public Telegram channels.
  3. They manipulated this information to create the false impression that it originated from SOCRadar.
  4. We’ve compiled a comprehensive report with all pertinent details for our customers and partners. To access this report, contact us at [email protected].

What Exactly Happened in This Incident?

Recently, a threat actor identified as USDoD posted a claim on an online forum, alleging the breach and leak of over 330 million email addresses, supposedly attributed to SOCRadar. This prompted an immediate investigation by SOCRadar’s security team.

The investigation revealed that SOCRadar’s internal systems were not breached. The threat actor acquired a license from SOCRadar under a legitimate company name, providing access to the platform similar to any other customer. With this account, the actor could search for well-known domain names, collect Telegram channel names, and crawl these channels to harvest email addresses.

It is important to note that no technical vulnerabilities in the SOCRadar platform were exploited. The actor merely utilized functionalities inherent in the platform’s standard offerings, designed to gather information from publicly available sources. This incident highlights a significant issue in information ethics and security: distinguishing between legitimate use and potential misuse.

Is There a Risk to SOCRadar’s Customers?

Following an in-depth analysis of the situation, it has been determined that no access was granted to customer data or critical information. Our findings confirm no data breach involving our customers or SOCRadar’s internal systems.

While the collected data does not present an immediate risk, we maintain close contact with law enforcement and closely monitor the situation as it evolves.

Which Data Was Allegedly Leaked?

The threat actor used our platform to identify Telegram channel names and subsequently crawled these channels to collect email addresses. We have verified that these email addresses were sourced from publicly accessible channels.

How Did the Threat Actor Access the Data?

The threat actor purchased a Dark Web license using a legitimate company account, granting them access to SOCRadar’s platform like any other customer. While technically compliant with our Terms of Service, this method did not adhere to our intended use policies.

Was There a Breach of SOCRadar’s Security Systems?

Our comprehensive investigation concluded that SOCRadar’s security systems were not breached or vulnerabilities were exploited. The threat actor utilized our platform by the Terms of Service but in a manner that did not align with our intended use policies.

Why is Cybersecurity Companies Like SOCRadar Targeted?

Cybersecurity vendors, including KnowBe4, CrowdStrike, and SOCRadar, have recently faced increased attacks from threat actors. These companies are leaders in the fight against cyber threats and enhancing cybersecurity for organizations, making them prime targets for malicious actors seeking to exploit their resources.

What Measures Has SOCRadar Taken in Response?

In response to this incident, SOCRadar is conducting a comprehensive security review. This includes enhancing our monitoring systems to detect anomalies and reinforcing the security of our platform to prevent misuse of legitimate features that could lead to unauthorized actions.

What Should SOCRadar’s Customers and Partners Do?

Currently, no specific actions are required from our customers or partners.

What is SOCRadar’s Commitment Moving Forward?

SOCRadar remains committed to our clients’ security and privacy. We are taking proactive measures, including upgrading our monitoring and access controls, to prevent future misuse. 

We also collaborate with law enforcement to ensure all necessary actions are taken. We value transparency and will keep our clients and the security community updated with any significant developments.

A detailed post-mortem analysis report has been prepared for SOCRadar customers and partners. Those wishing to access the report can request it by emailing [email protected].