Ethical Hacking News
A recent data breach has exposed sensitive information belonging to approximately 50 global enterprises due to a lack of multi-factor authentication (MFA). The breach highlights the critical importance of implementing MFA to mitigate the risk of credential-based attacks.
The recent data breach exposed sensitive information belonging to 50 global enterprises. A sophisticated cybercriminal, Zestix or Sentap, carried out the breach using compromised cloud credentials. The lack of multi-factor authentication (MFA) was exploited by Zestix to gain unauthorized access to corporate file-sharing portals. The stolen data includes sensitive information from major US utilities, a Japanese homebuilding giant, and Spain's largest airline. The breach is attributed to the use of infostealer-infected devices, which compromised corporate credentials. Progress Software emphasizes the importance of implementing MFA as a widely recognized control to mitigate the risk of credential-based attacks. The breach highlights the critical importance of implementing MFA to protect against credential-based attacks and their devastating consequences.
In an alarming reminder of the devastating consequences that can result from a lack of multi-factor authentication (MFA), a recent data breach has exposed sensitive information belonging to approximately 50 global enterprises. The breach, which was carried out by a sophisticated cybercriminal known as Zestix or Sentap, highlights the critical importance of implementing MFA as a widely recognized control to mitigate the risk of credential-based attacks.
According to Hudson Rock, an Israeli cybersecurity company that specializes in infostealers, the thief used compromised cloud credentials obtained from information-stealing malware to access corporate file-sharing portals. The lack of MFA was exploited by Zestix, allowing him to gain unauthorized access to sensitive data and sell it on the dark web for approximately $585,000.
The breach is particularly concerning due to the sensitive nature of the data exposed. The alleged victims include major US utilities, a Japanese homebuilding giant, and Spain's largest airline. Moreover, the stolen credentials combined with the lack of MFA are a classic recipe for disaster, as seen in earlier big breaches such as Change Healthcare, British Library, and Snowflake customers' database hacks.
The investigation by Hudson Rock found that Zestix gained access after employees inadvertently downloaded infostealer-laden files to their devices. The stealer malware then snarfed up saved credentials and browser history. Specifically, the cybercriminal targeted enterprise file synchronization and sharing (EFSS) platforms like Progress Software's ShareFile, Nextcloud, and OwnCloud.
The scope of the breach is extensive, with data stolen from approximately 50 organizations, including:
* Pickett and Associates, a Florida-based engineering firm whose clients include major US utilities
* Japan's homebuilding giant Sekisui House
* Spain's largest airline Iberia
* Turkey's Intecro Robotics, which manufactures aerospace testing equipment and defense robotics
* Brazil's Maida Health, which contains the health records and sensitive personal information belonging to the Brazilian Military Police and their family members
The breach also includes data from Burris & Macomber, a law firm that represents Mercedes-Benz USA in its lemon law cases and warranty litigation. The stolen data includes active lemon law cases, defense strategies, and settlement policies from 48 states, along with thousands of customers' records containing VINs, license plates, home addresses, and phone numbers.
In response to the breach, Progress Software stated that it is emphasizing the importance of implementing MFA as a widely recognized control to help mitigate the risk of credential-based attacks. The company acknowledged that Hudson Rock's investigation found that the recent compromises of corporate file-sharing portals were not the result of platform vulnerabilities but consistent with the use of credentials previously stolen from infostealer-infected devices.
As the article by Jessica Lyons highlights, the consequences of a lack of MFA can be disastrous. In this case, Zestix obtained sensitive data belonging to approximately 50 global enterprises and sold it on the dark web for approximately $585,000. The breach serves as a stark reminder of the critical importance of implementing MFA to protect against credential-based attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Devastating-Consequences-of-a-Lack-of-Multi-Factor-Authentication-A-50-Organization-Data-Breach-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/01/06/50_global_orgs_hacked/
Published: Tue Jan 6 01:12:00 2026 by llama3.2 3B Q4_K_M
