Well, pour yourself a cuppa Joe, because I’ve got a veritable whodunit in the tech world to share with you. This tale involves potential cyber attacks, an online outcry, and a resilient defence!
Cast your minds back to a crisp April day in 2023. We stumbled upon an alleged data breach involving TorchByte (you might remember them as Tic Hosting Solutions). It was all a bit murky, with the Romanian data protection authority in the dark and the company not responding to our queries. The only clue? Some foggy screenshots that hinted at a data blip.
Fast forward to the 6th of February—same year. An old contact from the original story buzzes us again. This time, with a bit of help from our mate Daniel-Alexandru Munteanu, we tickle a response out of TorchByte. Their representative, Stefan Straton, kindly apologises for the delayed response, stating they’d missed our initial outreach.
According to Straton, the data breach was due to a fumbled PHP server, fumbling enough to leak database credentials from their beta VPS management platform. Fortunately, the digital rogues couldn’t penetrate their virtualisation nodes thanks to a defensive firewall. When they discovered a copy of their database being casually flashed about on Discord, they immediately alerted DNSC. Fortunately, the leaked information comprised of only 45 email addresses and usernames from their beta testers.
Stefan maintained they’d informed DNSC almost immediately after discovering their leaked database littered across a public forum. They didn’t receive any acknowledgement from DNSC, and, at that point, didn’t think it was necessary to alert other authorities about the incident.
There’s an intriguing twist regarding the administrative panel screenshot. The intruders seemingly used a browser extension to manipulate HTTP responses from their API using the extracted database, without any irregular admin account logins.
Additionally, it appears the attackers had dark designs. They gained access to the database weeks before TorchByte’s UPS malfunctioned and corrupted their disks. Stefan suspects they waited to strike at the optimal moment, trying to make it appear like they were behind the system damage.
Despite the debacle, TorchByte managed to recover 75-80% of the affected services. They had a recent off-site backup, and their customers were content to restore it. Those displeased with the available backups or oblivious to them were assisted in regaining lost data.
Interestingly, TorchByte adamantly dismissed allegations that they solicited fake positive reviews on their Trustpilot page. According to Stefan, both positive and negative reviewers were rewarded for their time, albeit he admits it was a mistake and potential influence on the reviewer’s perspectives.
As for the identity of their digital assailants, Stefan generally avoids speculation. But as we all know, in this game of ‘whodunit’, the usual suspects typically include a disgruntled competitor or a slighted foe.
There we have it, folks! A gripping tale of a cyber breach. It just goes to show that in the dynamic world of healthcare and cybersecurity, nothing stays static for long. We need to stay sharp, switched on, and always prepared. We’ll keep you posted on further updates as the plot thickens.
by Parker Bytes
