Hackread reports that IntelBroker has exposed sensitive data allegedly stolen from major UK-based international financial services firms Barclays and HSBC following a purported attack against a third-party contractor last month that was conducted along with Sanggiero.
Information compromised in the intrusion against the third party included both banks' source codes, database files, compiled JAR files, certification files, SQL files, JSON configuration files, and email addresses, according to IntelBroker, which already leaked a substantial amount of data on BreachForums resulting in their proliferation across various Russian forums.
Such an incident could have significant ramifications for the security of both banks, with the possibility of threat actors using the stolen information to gain better knowledge of their IT systems and facilitate further compromise that could extend to their customers. The claimed attack also indicates organizations' mounting challenges in managing third-party risks, which should prompt more robust vendor risk evaluation and management techniques.