FIN6 is known for it’s highly skilled cyber thieves, and has hacked global enterprise brands such as British Airways. It’s estimated that the credit card details of more than 20 million online customers. In addition, the value of stolen benefits that can be traced back to the hack is estimated at more than $1.5 million.
This is not the first time that Google Cloud Storage has been targeted by hackers. Unfortunately, the scalability makes it very enticing for stealing large amounts of data.
“Anyone can signup and chose a unique bucket name and serve content with the performance and scalability of Google’s cloud,” said Marcel Afrahim in a Medium post about the hack. “Google Cloud Storage (and other Cloud storage providers) has been abused before where threat actors or malware authors distribute malicious code or actual malware through these legitimate services.”
The hack is just one more in a long line of high-profile blunders by the eCommerce department at companies both small and large (such as Macy’s and MasterCard) who continue to ignore security best practices for preventing skimming attacks.