Snack Giant Mondelez Announces Data Breach Involving Sensitive Employee Information

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Oreo maker Mondelez in a recently published notification announced a data breach incident that exposed sensitive information of more than 50,000 past and present employees. The attack was on Bryan Cave’s network system, a law firm that provides legal services to Mondelez, one of the largest snack companies in the world.

The week-long attack was first noticed by Bryan Cave on February 23, 2023. It noticed unauthorized access to its network system, including the area where customer data is stored.

The attack which lasted until March 1, 2023, extracted data which included Mondelez employees’ personal information like names, addresses, marital status, social security number, employee identification number, date of birth, and gender. It also included Mondelez retirement and/or thrift plan information. There was no disclosure of any user-linked bank or credit card details.

On March 24, 2023, Mondelez was informed about the data breach. Based on the information provided by Brian Cave, the company was able to determine the list of affected employees by May 22, 2023. The June 15, notification was issued after a thorough investigation by Mondelez, in which it reiterated its claim that the incident did not affect its internal network system in any way.

Mondelez further stated that Bryan Cave had already taken the necessary security measures to mitigate the threat. The law firm had immediately launched an investigation and hired a third-party cybersecurity forensic firm to understand the scope of the attack and informed the designated law enforcement agency.

Mondelez also notified the concerned employees and urged them to monitor their banking and other financial transactions to avoid phishing and credential-stuffing attacks. The company also announced a 24-month access to Experian IdentityWorksSM Credit Plus 1B for affected employees.

In 1923, founded as Kraft Foods Inc., Mondelez International was established in 2012, when Kraft Foods was renamed as Mondelez. The US-based snacking company popular brands include Oreo, Tang, Dairy Milk, etc. With offices in more than 80 countries, the company employs around 91,000 people and earned a revenue of around $31.5 billion in 2022.

Over 100K Stolen ChatGPT Account Credentials Found on Dark Web Marketplaces

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Since June 2022, more than 101,000 compromised ChatGPT account information has found its way to illicit dark web marketplaces. The stolen credentials were found within the logs of information stealing malwares and were available for sale on illegal underground communities, Group-IB’s post stated.

The year-long research by Singapore-based cybersecurity company disclosed an alarming trend. Increasing use of the OpenAI platform by employees has led to a consistent increase in availability of stolen credentials, from 74 in June 2022 to 26,802 in May 2023.

‘’Many enterprises are integrating ChatGPT into their operational flow. Employees enter classified correspondences or use the bot to optimize proprietary code,” said Group-IB’s Dmitry Shestakov.

Among the regions, Asia Pacific saw the highest number of accounts (40.5%) compromised, followed by Middle East & Africa (24.6%). The investigation further revealed that the info-stealer most commonly used was Raccoon (78,348), followed by Vidar (12,948) and Redline (6,773).

Info-stealers are a type of malware that helps hackers extract sensitive information from the victim’s machine including data saved in web browsers, history, cookies, crypto wallet, social media platforms, emails as well as bank & credit card details. The extracted data is transferred to a Command and Control (C2) server managed by the threat actor who later trades it as logs on the dark web for a one-time fee or on a monthly subscription.

‘’Stealers work non-selectively. This type of malware infects as many computers as possible through phishing or other means in order to collect as much data as possible. Info stealers have emerged as a major source of compromised personal data due to their simplicity and effectiveness,’’ revealed the investigation.

To mitigate such risks, it’s essential to bolster security practices by regularly updating the password associated with various online accounts as well as implementing the 2-factor authentication.