Attackers managed to compromise a tobacco web platform in Romania. The British American Tobacco (BAT) is one of the most gigantic manufacturers of nicotine and tobacco products. It seems that everything happened due to a ransomware attack and data breach.
The data breach appeared at first on an Irish “unsecured Elastisearch server”. This stored around 352 GB of data. It seems that the hackers had managed to breach the data’s location.
The attackers used a ransom request in the form of a “readme” file wherein they had demanded a “Bitcoin payment”. The users should have paid in order to avoid their user data being deleted.
According to some sources, the cyber-researchers had discovered the data breach on a “server connected to the web platform YOUniverse.ro”. This is part of the Romanian promotional campaign for BAT.
The compromised data includes users’ “Personally Identifiable Information” (PII). Thus, the attackers stole name, gender, email address, phone number, date of birth, source IP and cigarette product preference. The platform aided Romanian smokers to win tickets to events and parties with local and international performing stars. According to specialists, it seems that the database remained unprotected for the last two months. This happened although the team tried a few times to solve the breach. Eventually, the specialists managed to stop the data breach, on November 27 2019.
The research team has been after the company’s local branch, the global company, the server’s host, Romania’s National Authority for Consumer Protection (ANPC) and the Certification Authority (CA) for some clarification. Still, the CA was the only organisation to came back to the team. Still, the journalists who follow the case of the tobacco web platform could not obtain any answer from the authorities.
Tobacco companies have to face a tough law in Romanian law. They have no right to advertise their products on TV or radio. Still, the law exempts certain sorts of promotional campaigns and event sponsorship. These are allowed if aimed at existing smokers over 18 years of age.
