BroadBand Tower, Inc., a Japan-based data center and cloud solutions provider, has allegedly been compromised following a significant intrusion into its internal network. The breach reportedly originated through unauthorized access to a Basic Auth protected administrative page, which allowed the attacker to pivot internally by exploiting vulnerabilities in systems such as Movable Type, F5 BIG-IP, and Mongo Express. The attacker claims to have maintained access for an extended period, establishing persistence across numerous compromised hosts within the network.
According to the allegations and leaked samples, the compromised data includes:
- Customer and employee personal information
- Source code for systems and technologies developed by the company
- Internal network maps and IPAM (IP Address Management) files
- Administrative credentials, including SHA and bcrypt password hashes
- Database configurations and credentials for internal systems
- Lists of internal domains and compromised hosts
