A threat actor claims to have breached Credera, a global boutique consulting firm headquartered in the United States. The breach has allegedly compromised sensitive internal data belonging to Credera as well as confidential information and source code from several of its high-profile clients.
The actor claims the stolen data includes information related to major corporations such as Mercedes, AT&T, Spectrio, Green Dot, and Myze. Screenshots provided as proof of the breach show documents related to partnerships with Southwest Airlines and AstraZeneca, as well as internal Mercedes-Benz materials.
According to the actor, the compromised data is extensive and includes a wide variety of sensitive information. The allegedly stolen data includes:
- Credera Confidential Documents
- Terraform Files
- Internal Customer Documents
- Source Codes (Credera and Client)
- SSL Certificates
- Hard Coded Credentials
- SMTP Credentials
- API Keys
- Private & Public Keys
- SQL Files
- Github Projects
- Pipeline Builds
- Internal Projects
