Sizmek reviews account breach that enable attackers to modify existing ads and offers
- The credential of the affected user account is being sold on the dark web for a price starting from $800.
- Following the discovery, Sizmek has forced a password reset on all internal employee accounts.
Sizmek, an American online advertising platform is investigating a security incident in which hackers have gained access to one of the firm’s user account. The credential of the affected user account is being sold on the dark web for a price starting from $800.
What is the matter - Security research Brian Krebs discovered that the compromised account has been put up for sale on a Russian-language cybercrime forum. The account can allow the attackers to modify ads and analytics of big-name advertisers such as Gannett and Fox Broadcasting. The bidding of the stolen account starts at $800.
What is the impact - If threat actors buy access to these type of accounts, they can use it as a platform to add new users to the ad system and infect both the existing ads and offers. They can do this by injecting malicious scripts into the HTML code of ads that run on popular sites.
Citing further on threat actors’ nefarious activities, Kreb said, “They could hijack referral commissions destined for others and otherwise siphon ad profits from the system.”
George Pappachen, Sizmek’s general counsel, confirmed the breach and said that the account that is being resold on the dark web is a regular user account for Sizmek Advertising Suite (SAS).
“Or someone who is looking to sabotage our systems in a bigger way or allow malicious code to enter our systems,” George Pappachen, added.
What actions were taken - Following the discovery of the breach, Sizmek has forced a password reset on all internal employee accounts. In addition, the company is also working on deleting details of ex-employees, partners and vendors whose accounts may have been hijacked, from the SAS user database.
“We’re now doing some level of screening to see if there’s been any kind of intrusion we can detect. It seemed like [the screenshots were accounts from] past employees. I think there were even a couple of vendors that had access to the system previously,” Pappachen explained.
The company performed an extensive review in order to confirm that no unauthorized logins or accounts appeared in its systems. It is also monitoring for signals of irregular or unusual activities its platforms, Computer Business Review reported.