Press ESC to close

Marijuana dispensary STIIIZY warns of leaked IDs after November data breach

Section Details
Threat Actors Everest cybercrime gang
Campaign Overview Data breach at STIIIZY, exposing customer IDs, passports, and personal information. The breach occurred between October 10, 2024, and November 10, 2024.
Target Regions (Victims) Customers who bought products from STIIIZY locations in San Francisco, Alameda, and Modesto, California.
Methodology Attackers compromised point-of-sale systems through weak credentials, unpatched vulnerabilities, and phishing, acquiring personal data.
Product Targeted STIIIZY’s point-of-sale system and customer data
Malware Reference Everest cybercrime gang’s extortion methods (not ransomware-based)
Tools Used Encrypted communication channels, unpatched vulnerabilities, phishing
Vulnerabilities Exploited Weak credentials, unpatched vulnerabilities
TTPs • Extorting victims rather than deploying ransomware.
• Targeting multiple industries (healthcare, government, infrastructure).
• Using secure communication for obfuscation.
Attribution Everest cybercrime gang
Recommendations • Strengthen point-of-sale system security.
• Implement better credential management practices.
• Regularly patch systems and educate employees on phishing.
Source The Record

Read full article: https://therecord.media/marijuana-dispensary-warns-of-data-breach

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: The Record

Published on: January 16, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *