Saber Databases Expose Public Data on Employees’ Visas

This year, a group of hackers (at that time unknown) raided the database of Saber, a leading player in the tourism and reservation market. Then the incident led to a large-scale leak, which was not reported for some time.

More recently, attackers posted in the network sensitive information about Saber employees who are in the USA on a working visa.

Researchers found that behind the extortion campaign is a group called Dunghill. As you know, about 1.3 terabytes of data were stolen. The criminals put forward their requirements, but the company could not satisfy them, so part of the information was in the public domain.

Saber’s leadership found out about this from media messages and immediately issued an official statement, promising to conduct a thorough investigation. Inversed cybersecurity specialists have taken up the case.

In the hands of the hackers, there was information about the nationality of employees, their dates of birth, passport numbers, and visas. In addition, among the stolen data – records of ticket sales, passenger statistics, financial documents, and other information related to personnel.

Dunghill is not known now, but there are assumptions that the group uses Dark Angels Ransomware, an extortion software that can be considered a modernized version of the Babuk Ransomware program.

According to Malwarebytes, Dunghill used to attack servers of other organizations, including the developer of Incredible Technologies, a product company SYSCO, and GentEx car manufacturer. All these organizations once refused to fulfill the conditions of hackers, which also led to leaks.

/Reports, release notes, official announcements.