Connect with us

Hi, what are you looking for?



BlackBerry Cylance Data Offered for Sale on Dark Web

BlackBerry says the Cylance data offered for sale for $750,000 is old and its own systems have not been compromised. 

BlackBerry data breach

BlackBerry is investigating an incident involving Cylance data being offered for sale on the dark web, but the company says the data appears old and it does not originate from its own systems. 

Dark Web Informer reported last week that a threat actor is hoping to get $750,000 for data allegedly belonging to customers, partners and employees of BlackBerry’s Cylance cybersecurity unit.

The endpoint security company Cylance became part of BlackBerry in 2019, following its acquisition for $1.4 billion. 

The cybercriminals are claiming to be in the possession of “34,000,000 million customer and employee emails”. They claim to have obtained customer emails, personally identifiable information, sales prospects, and user and partner lists.  

Contacted by SecurityWeek, BlackBerry said it’s aware of the potential data breach and it’s in the process of conducting an investigation. At this point there is no evidence that BlackBerry data and systems related to customers, products, and operations have been compromised.

“Based on our initial reviews of the data in question, no current Cylance customers are impacted, and no sensitive information is involved,” BlackBerry said. “The data in question was accessed from a third-party platform unrelated to BlackBerry and appears to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio.”

“We continue to monitor this situation closely and will take all necessary precautions to maintain the integrity of our products and systems and the trust of our customers,” it added.

Emsisoft threat analyst Brett Callow noted that the Cylance data may have been obtained as a result of the recent campaign targeting customers of cloud data platform Snowflake.

Advertisement. Scroll to continue reading.

The Snowflake campaign has impacted many organizations, including high-profile companies such as Ticketmaster, Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, Progressive, Santander Bank, and State Farm. 

Mandiant reported on Monday that roughly 165 organizations have been affected by this campaign, in which attackers seem to be leveraging stolen Snowflake customer credentials to target their cloud storage.

According to Mandiant, the attacks are conducted by a financially motivated threat actor and the user credentials leveraged by the hackers have been obtained by infostealer malware from the systems of Snowflake customers. 

There is no evidence that the attacks involved a vulnerability in Snowflake systems or products, or that the vendor’s production or corporate systems have been compromised. 

BlackBerry did not specifically confirm or deny that the data comes from Snowflake, but highlighted that the company is currently not a Snowflake customer.

*updated to add that BlackBerry is not currently a Snowflake customer

Related: BBC Data Breach Impacts 25,000 Employees

Related: Hackers Boast Ticketmaster Breach on Relaunched BreachForums

Related: Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights