New SoftServe data leak affects customer projects and probably employee data

On September 2, it became known that one of the largest Ukrainian tech outsourcing companies, SoftServe Company, was hacked, as a result of which several services of the company stopped working. And although the company informed that customers’ data was not affected, the next day, projects’ repositories, which most likely SoftServe was developing for its customers, surfaced online.

On September 16, the leaked data was published. This time, in addition to customers’ data, it also contained personal data of about 200 people – probably SoftServe employees. The company informed AIN.UA that it was not a new breach, but the data from the previous leak.

What happened

After the first data breach, SoftServe neither confirmed nor denied it. The company said it was conducting an internal investigation. However, the repositories contained a line that confirms that the developments did leak from SoftServe:

In the meantime, a new data archive became available online. It contains previously unpublished developments for customers, and also a database of scanned copies of national and international passports, which probably belong to SoftServe employees. That was reported by Telegram channel, DC8044 F33d, citing to a Russian hacker nicknamed Freedom F0x. According to preliminary estimates, personal data of more than 200 people has been compromised.

AIN.UA checked the leaked archive, and it does contain scans of passports of Ukrainians and citizens of other Eastern European countries. It is not yet known whether it indeed belongs to the employees of SoftServe. The only thing that points to it is the name of the archive.

As for customer developments, among the repositories breached on September 16 are banking applications, parts of code of CRM systems, as well as developments for the Cylance antivirus.

According to the hacker cited by @DC8044 F33d, there is more to come: more data has been leaked as a result of attack than has been published so far.

SoftServe Comment

The company confirmed to AIN.UA the data breach in the hacker attack on SoftServe on September 1. The company expects hackers to demand a ransom. The company is continuing its investigation.

“The attack happened on September 1. The data, which was published on September 16, is the result of the same incident. So, there was no new data breach. That is a common tactic in such cases, the purpose of which is to intimidate a company and to demand a ransom,” the company told AIN.UA.

As mentioned earlier, SoftServe systems localized the attack, and our information security team took immediate action to restore the system. In this situation, as in any other, the security of our customers and employees remains our priority. Now a third party is conducting a comprehensive independent investigation of this incident.”