The attack on SoftServe likely resulted in client data breach

Today, on the Telegram channel @freedomf0x, repositories that may belong to SoftServe were published. It is assumed that they were fused as a result of a hacker attack that took place on the night of September 2. The Telegram channel @DС8044_Info, referring to the company’s sources, reported. 

The editor of AIN.UA requested SoftServe to confirm or refute the information – the company is dealing with the situation, the press-service replied. 

What happened

Hackers attacked SoftServe at 1 am on September 2. Ransom virus and other kinds of malware were launched into the system. Consequently, some of the company’s services stopped working. However, according to the senior vice president of IT at SoftServe Adriyan Pavlikevich, the attack was localized and client data was not affected.

At the same time, the source code repositories of developments for a number of companies, which may be the SoftServe clients, were leaked online today. IBM, Toyota, Panasonic, Cisco and others might be among them. Some repositories contain a line that indicates that the data belongs to SoftServe.

The administrators of the @DС8044_Info channel claim that sources at SoftServe have verified the authenticity of the repositories, and that they were stolen in a recent hacker attack.

“All files with the program code published by unknown hackers on the @freedomf0x channel relate to different projects for large clients of #SoftServe,” the message says.

Hackers could supposedly gain access to the developments by getting into the virtual computers of SoftServe programmers. 

What is the source

The @freedomf0x channel with 15,000+ subscribers is managed by a hacker from the Russian Federation. And it is not his main channel.

What does SoftServe say

The company did not confirm or refute the authenticity of published developments. It also did not answer the question of how critical the data breach is for the company’s clients.

“As we continue to investigate the security incident that happened on the night of Tuesday, it is important to distinguish between where the fact is and where the intention to cause fear or destabilization of the company is. We will know the answer to this question after the completion of the complex investigation, Adriyan Pavlikevich commented to the editor of AIN.UA.

We managed to restore the main damaged services within a few hours after the attack. Now we are concluding the restoration of the internal services on a full scale. Our plans are to complete the investigation in the short term.”