Skip to main content

Data center logins for Apple and others obtained by hackers; could have facilitated physical access

A cybersecurity company has revealed that hackers obtained data center logins for Apple and other major companies. They were also able to access surveillance cameras remotely, and the privileges they had could even have allowed physical access to servers.

Hackers gained access to two third-party data center companies used by many major companies, and from there were able to obtain customer support logins for Apple, Amazon, BMW, Goldman Sachs, Microsoft, and as many as 2,000 other companies …

Background

Although Apple has its own data centers around the world, it also makes extensive use of third-party ones like Amazon Web Services.

In Asia, Apple and others host servers on two of the continent’s largest data center operators, GDS Holdings and ST Telemedia Global Data Centers. Both companies offer what are known as colocation services, where they provide the building and the network infrastructure, and client companies can then install their own servers.

Data center logins for Apple and others

Bloomberg reports that hackers managed to compromise systems used by both companies, and from there were able to access login credentials for the customer support systems of around 2,000 of the companies who have servers hosted there.

In an episode that underscores the vulnerability of global computer networks, hackers got ahold of login credentials for data centers in Asia used by some of the world’s biggest businesses, a potential bonanza for spying or sabotage, according to a cybersecurity research firm […]

The information included credentials in varying numbers for some of the world’s biggest companies, including Alibaba Group Holding Ltd., Amazon.com Inc., Apple Inc., BMW AG, Goldman Sachs Group Inc., Huawei Technologies Co., Microsoft Corp. , and Walmart Inc., according to the security firm and hundreds of pages of documents that Bloomberg reviewed.

The attack happened back in 2021, but has only been revealed now. The report says that the customer logins were still being used as recently as January of this year. At that point, both data center companies forced password resets, which finally locked out the hackers.

Could have allowed physical access to servers

The real nightmare scenario for any company is an attacker managing to gain physical access to their servers, as there is then no limit to what they could do.

Cybersecurity firm Resecurity says that this could have happened in this case.

Resecurity and executives at four major US-based companies that were affected said the stolen credentials represented an unusual and serious danger, primarily because the customer-support websites control who is allowed to physically access the IT equipment housed in the data centers […]

The physical security of IT equipment in third-party data centers and the systems for controlling access to it represent vulnerabilities that are often overlooked by corporate security departments, said Malcolm Harkins, former chief security and privacy offer of Intel Corp. Any tampering of data center equipment “could have devastating consequences,” Harkins said. 

Physical access may have been made easier by the fact that the hackers were able to access surveillance cameras at one of the companies.

The hackers also stole credentials for GDS’s network of more than 30,000 surveillance cameras, most of which relied on simple passwords such as “admin” or “admin12345,” the documents show. 

No comment from Apple and most other companies

Most of the companies contacted by Bloomberg declined to comment. This included Alibaba, Amazon, Huawei, and Walmart. Apple didn’t respond to multiple requests for comment.

Update: Amazon told us ““We can confirm that we have investigated and there is no impact to the security of our systems, services, or customers.”

A few companies said that they do not believe customer data was accessed, and that they can see no impact on their business. BMW said that the attack had “a very limited impact.”

Both data center operators admitted that the breaches had occurred, but of course played down the severity.

Photo: Christina/Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications