Hacker group ShinyHunters was able to infiltrate MSG’s client and talent database with an old-fashioned social engineering trick called vishing, according to a new report from 404 Media. Much like regular phishing, vishing (voice phishing) is a fancy term for calling someone up and tricking them into revealing sensitive information. This type of attack is nothing new, but it has become more common and dangerous due to new technology and AI. According to 404 Media, it was a low-level employee who fell prey to the group’s attack, granting them access to Microsoft Entra, which MSG uses to manage identity and network access.
On June 12, ShinyHunters—the same group responsible for the Canvas ransomware attack—demanded a ransom from MSG and threatened to leak more than 26 million records. Less than a week later, the group published internal emails, corporate information, and personal information about celebrities and customers, according to 404 Media, which first reported on the breach.
A data engineer for DataBreach.com, a website that helps people investigate and respond to data breaches, told The New York Times that the breach included 9.8 million emails, 9,500 dates of birth, close to 5 million street addresses and full names and phone numbers of customers...
