GOT(IT) #31: Coca-Cola employee data breach, Ticketfly hacked and ransomed, plus Steam code execution vulnerability

Lay-off procedures are more than just awkward situations, they can also be a risk to your company’s secrecy and data infrastructure.

In GOT(IT) #31 we see the importance of having proper data security protocols across all of your company’s infrastructure. We also learn that ransomware is very much alive, and that gaming isn’t an ‘all-secure’ environment, but a rather ‘not-exploited’ one.

Coca-Cola Ex-employee Stole 8,000 Worker’s Data

Coca Cola Employee Breach

Coca-Cola announced that they suffered from a data breach caused by an ex-employee who stole the data of around 8,000 workers in an HDD. The event was an odd one, since the company was notified by law enforcement authorities, who found the person in the possession of the hard drive.

The incident happened in September 2017, but due to the ongoing investigation, Coca-Cola held off the announcement until those concluded.

In their notice, the company stated that the breach may have provided Personally Identifiable Information (PII) of the affected workers, and thus identity monitoring services were offered for free for one year as prevention.

Usually, al cameras point to outside threats, but so-called ‘inside-jobs’ hurt the most. Lay-off protocols and proper branching of data privileges go a long way!

Some companies, like banking entities, forbid their ex-employees to work once the lay-off notice has been delivered, blocking access to all internal networks to prevent intentional damages. It may sound harsh, but it is a reality that any organization should watch out for. 


Hacker Held Ticketfly’s Data for Ransom, Site Offline

Ticketfly Hacked Ransom

The Eventbrite ticket platform, Ticketfly, has been offline for a week now, after a hacker breached the frontpage, stole its customer database, and held it for ransom. All of the service’s systems went offline as prevention during the investigation.

The event took place during the night of May 30th. It was then that users started reporting the image now present in the portal: the main character of ‘V for Vendetta’, notorious symbol of the Anonymous organization.

The hacker, who identified himself as IsHaKdZ, supposedly made CSV files available with user data, accesible through one of Ticketfly’s URL. But this was taken down as soon as it was made public. isHaKdZ revealed to CNET that he asked for 1 Bitcoin in ransom, or he’d release the portal’s data to the public.

The site remains down, and Ticketfly hasn’t given an update regarding the ransom. In the meantime, all of the portal’s activity remain silent, and users will need to contact each event’s venue locally to get information regarding tickets handled by the online service. 


Steam’s 10 Year old Code Execution Vulnerability Patched

A vulnerability in Valve’s Steam has been patched after flying under the radar for 10 years, basically most of Steam’s lifetime!

The gaming platform and online store was reviewed by security researcher Tom Court, who discovered a code-execution bug that could have potentially targeted the platform’s +15 million active user-base.

The issue came from one of Steam’s client libraries. The process which reassembled fragmented datagram delivered through UDP packets could be activated remotely to execute code by sending a modified UDP packet. This way, the attacker could trick the protocol’s registry and cause an exploitable heap corruption.

Even if the vulnerability has been reported and properly patched, its impact remains unknown. According to Court, Steam added ASLR exploit protections in July 2017, which means this bug could only cause the user’s client to crash, at the most, but that solution covered only a year of this bug’s 10-year-long lifespan!

Prior to that, users could have been easily targeted with malicious code, as demonstrated in the proof-of-concept video above.


So what’s the moral of the story? Try to end things in good terms, avoid paying BTC ransoms, and review old code & and protocols.

Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.