Hackers managed to breach data centers by siphoning login credentials from more than two thousand technology companies worldwide, a development reported by Bloomberg. The intrusion underscores how widely distributed company access could be exploited when security credentials are compromised, allowing unauthorized entry into sensitive systems across multiple regions and sectors.
Among the affected facilities were the data centers of GDS Holdings in China and ST Telemedia Global Data in Singapore. The breach touched IT giants and consumer brands alike, from Alibaba, Amazon, Apple, Huawei, and Microsoft to global financial and industrial names such as Goldman Sachs, BMW, and Walmart. The incident laid bare how personal data stored by these firms could be exposed, prompting questions about the breadth of exposure and the reliability of password-related safeguards in large, distributed environments [Bloomberg].
The theft reportedly occurred about a year prior, and the attackers continued to access the stolen data for months, eventually pricing it at $175,000 (roughly 13 million rubles) in the most recent listing. The hackers claimed the volume of data taken was larger than anticipated, a statement that pointed to the scale of the breach and the potential for cascading consequences across supply chains. In February, the complete dataset appeared in the dark web, offered freely for public use, though some participants noted that the published information could have been rendered less dangerous as many companies reset passwords and implemented additional controls thereafter [Industry monitoring reports].
This incident illustrates a pattern seen in modern cyber risk: initial access is often achieved through stolen credentials, with attackers moving laterally to reach increasingly sensitive systems. It highlights the need for robust, multi-layered authentication, strict credential hygiene, and rapid incident response playbooks that can limit the window of exposure once a breach is detected. While some firms may reassure stakeholders by noting password resets and post-breach remediation, the broader implication is clear — organizations of all sizes must assume that credential compromise is a persistent threat and plan accordingly to minimize long-term damage [Security analysts].
Formerly socialbites.ca we talked about itHow some ministries in Pakistan were hacked by Russian Phoenix hackers.