Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data

Brickcom Corporation, an IP surveillance company headquartered in Taiwan with offices in Dallas, Texas, has suffered an alleged data breach at the hands of Anonymous supporters, who claim to have leaked a customer database.

Brickcom Corporation, an IP surveillance company headquartered in Taiwan with offices in Dallas, Texas, has suffered an alleged data breach at the hands of Anonymous supporters, who claim to have leaked a customer database.

Brickcom has gained granular notoriety in the surveillance space due to their affordable high-resolution (high mega-pixel) equipment, which is used by corporations and law enforcement. Primarily, their core business is in Asia, but they have partnerships in Europe and the U.K., and are making inroads stateside as well.

HackersIn a statement accompanying the alleged leak, Anonymous accuses the company of hubris for statements made in their marketing materials, and said the firm was targeted “solely for the greater glory of Anonymous, the battle for anonymity and against indiscriminate state and corporate surveillance of the public.”

“This leak is a dedication to those who have given up their liberty for the ideals of free speech, and a surveillance free internet. This leak is also dedicated to those who continue to risk their freedom and refuse to be paralyzed by the ever rising levels of paranoia we all feel as we read the news daily.”  

With that said, Anonymous posted 3,400 records, containing what are claimed to be customer email addresses, names, usernames, and passwords. Some of the data points to Brickcom staffers and testing accounts, a few of the records are clearly spam. However, there are some that seem to be legit.

The source of the data appears to be the Brickcom registration form

When asked, the source of the leak would only confirm that there was an issue with the web server’s configuration, and nothing more. “All data that was present on their webserver has been downloaded,” the source said.

Excluding the possibility of SQL Injection vulnerabilities, a configuration issue could be anything from open directories and traversal vulnerabilities, to something more sinister such as Remote File Inclusion, which enables an attacker to upload shell scripts, completely compromising the system.

SecurityWeek has been in touch with Brickcom and will update this story if we get additional information.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.