EPAM Response to Hacker Misinformation Regarding Data Breach
EPAM Response to Hacker Misinformation Regarding Data Breach
NEWTOWN, PA, USA, June 18, 2024 –
Key Points:
- Based on the results of our internal investigation and our investigations with our clients and partners, EPAM is not a party to the data breach
- A strong Multi-Factor Authentication (MFA) enforcement policy and password cycling are necessary as part of a Zero Trust cybersecurity program, something we at EPAM practice and take extremely seriously.
- October 8, 2024 Update –
“Following certain public reporting, EPAM conducted an internal investigation to identify evidence of credential theft from their managed assets. EPAM’s investigation did not identify credential harvesting activity; subsequently, EPAM engaged Mandiant to conduct a threat hunt to validate their investigation's findings.
Between August 12, 2024 and August 30, 2024, Mandiant worked with EPAM to develop and execute a targeted threat hunt based on both threat intelligence associated with the threat actor that compromised Ticketmaster’s Snowflake environment on April 15, 2024, and Mandiant observed trends across the threat landscape.
Mandiant’s threat hunt did not identify evidence of credential theft from the EPAM environment. Furthermore, Mandiant did not identify evidence of any threat actor activity within the EPAM environment related to any public reporting regarding the Ticketmaster incident or threat actor activity that Mandiant tracks.” – Mandiant Team
Background:
On May 29, 2024, we became aware of an investigation into a potential data breach from several of our clients and partners. This incident was broadly covered in the news and resulted in security analysts at Mandiant notifying 165 organizations about cloud storage accounts being potentially hacked using stolen credentials and exposing data from more than 500 million customer accounts.
The EPAM security team immediately activated our response process to investigate, mitigate and protect EPAM and client assets, as well as to assist our clients and partners with their own investigations and mitigation steps. As part of our ongoing commitment to transparency and out of responsibility to our clients and partners, we are sharing this update.
Upon initial notifications from our clients and Mandiant of a potential data breach, we worked over the past several weeks to conduct a thorough investigation of the incident and to identify causes and potential further vulnerabilities. To date, based on the results of our internal investigation, and investigations conducted with our clients, EPAM is not a party to the data breach. There is no evidence that the threat actor had any access to any of EPAM’s assets, environments, production systems or source code.
Because the incident was broadly covered by media, we were contacted by several reporters covering the story for comment. In all cases, we provided appropriate updates on our ongoing analysis and in keeping with our client confidentiality commitments – with our conclusions that EPAM was not a party in this incident, including our basis that the former employee cited hasn’t been an employee since 2021. This conclusion is further supported by public disclosures, made by Snowflake including evidence that a threat actor obtained personal credentials belonging to other parties: https://epamsys.co/3VQxpPP.
Unfortunately, unnamed hackers interviewed by a popular technology media outlet decided to target us for their misinformation campaign, resulting in a story published today and picked up on social media.
We will continue to investigate this matter, take appropriate actions, and work with our clients and partners as needed. We are committed to sharing more information and our learnings, so that the community can benefit from both our experience and observations about the threat actor. For further inquiries, please reach us at [email protected].
In closing, we wanted to share essential security recommendations to help protect your information:
- Strong Passwords: Ensure your passwords are complex and unique for each online account. Avoid using easily guessable information, such as birth dates or common words. Consider using a reputable password manager to securely store and manage your passwords.
- Multi-Factor Authentication (MFA): Enable MFA wherever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
- Regular Software Updates: Keep all your devices and software up to date with the latest security patches. Software updates often contain fixes for vulnerabilities that hackers exploit to gain unauthorized access.
- Exercise Caution with Emails and Links: Be wary of unsolicited emails, especially those with attachments or links. Verify the sender's identity before clicking on any links or downloading attachments, as they could lead to malware infections or phishing attempts. Avoid clicking on links in security alert emails, which can direct you to fake sites.
- Secure Wi-Fi Connections: When connecting to public Wi-Fi networks, avoid accessing sensitive information unless using a virtual private network (VPN) for added encryption. Hackers can easily intercept data on unsecured Wi-Fi networks.
- Regular Data Backups: Backup your important files and data regularly to an external hard drive or a secure cloud storage service. In the event of a ransomware attack or data breach, having backups ensures you can recover your data without paying a ransom.
- Educate Yourself: Stay informed about the latest cybersecurity threats and best practices. Take advantage of resources provided by reputable sources to enhance your knowledge and awareness of potential risks.
- Report Suspicious Activity: If you notice any unusual or suspicious activity on your accounts, report it immediately to your customer support team or the appropriate authorities. Prompt action can help mitigate potential damage and prevent further compromise.