Apple Supplier TSMC Suffers Data Breach, Hackers Demand $70M

[SurferPup]

Mostly likely Chinese and North Korean Government sponsored to destabilise Taiwan by targeting large businesses in the South Pacific. Having a hackable dummy server with design schematics that causes hardware to brick could be a defensive strategy.

 

[Fat_Guy]

Mostly likely Chinese and North Korean Government sponsored to destabilise Taiwan by targeting large businesses in the South Pacific. Having a hackable dummy server with design schematics that causes hardware to brick could be defensive strategy.

Or: It’s just a song and dance by geeks on both sides that think too much of themselves.

 

[DeepIn2U]

Multiple companies have had their in house databases breached, T-Mobile has had their data stolen multiple times. You would hope that a company versed in security would be better then using in house people that are at the mercy of cut backs, low cost replacements and managers whose knowledge of security is based on reading an articl.

First T-Mobile is NOT 'versed' in security - they are a mobile services company.
The issue with T-Mobile USA is that they outsource their level 2 support - I know cause I used to work for on of the outsourced companies way back in 2001 here in Toronto.

Having access to BB accounts, Sidekick 2 accounts (Danger Inc reps were always cool to chat to and was something Andy Ruben started - his 2nd venture after Google btw), etc. Many mobile accounts (Vision 21 billing system) or access directly to the Nokia switches (sadly allowing some reps access to setup SIM cards for free service without connection to Vision 21) and to so many other internal accounts was NOT secure. I'm more than certain many were shared!

Cut backs have nothing to do with lack of security its simply lack of a proper security direction and execution of protocols run by an team of IT Security engineers that KNOW their stuff and get the power to enforce!

When you're dealing with THE largest Fortune 500 corporations as clients and make SoC's for so many top global clients ... you simply do NOT outsource your DB management - in terms of access: PERIOD. Service accounts MUST have proper 30-60-90 day expiry.

Managers again are NOT the main issue. ALL employees should be following quarterly IT Security testing and protocols to be properly implemented and watched. Again IT Security professionals that have the experience should be doing THEIR jobs properly and the executive teams should heed their warnings and implement security measures immediately with no excuse to circumvent. Most managers and executive team have no issues following such protocols even if it means an inconvenience to them.

 

[BigBrotherNowWatching]

Completely preventing these attacks is incredibly difficult. Even the best technology companies on Earth can't entirely prevent it. It's a sad world.

Just switch to Lockdown Mode on all of your Apple devices and your SAFE !

Well, that’s what Apple says

 

[BigKahunaBurguer]

You would think that any company would have top security it would be this. They need to hire these hackers

Sure, hire someone who attack and steal your property and ask for money just to not ruin your life. I’m sure you can trust on all of them. Omg, I don’t understand sometimes what people think… xD

 

[pcc1]

Misleading title. It was TSMC’s supplier which suffered the data breach. Perhaps the title should be corrected before someone decides to try a defamation lawsuit. ’just some helpful advice. -PC

>”…”​

 

[Gasu E.]

Kin'ell this is major if Microsoft, Cisco and VMWare are also involved

Kinmax, the IT services company, is HQed in Taiwan, and only has offices in Taiwan and China. Those impacted companies would only be using them for local operations, IF at all. Also, don't read too much into "Other Kinmax partners include Microsoft, Cisco, and VMware". Any IT company USES technology from those companies and quite likely supports those technologies at their customers sites-- that's most probably what they mean by "partners".

 

[Gasu E.]

Really?? are you sure Microsoft does not outsource their database? If AI can reproduce accurate Key codes, that might say something. They might not directly outsource, but their databases are networked to outsource locations. That opens up opportunity to hack.

Kinmax is an IT service company. They support their customer's use of Microsoft, Cisco, and VMWare technologies, which are foundation products for IT services. That's what an IT service company does. When an IT service company talks about "partnerships", they are talking about the technologies they support. No IT company of significance would list their clients on their website-- that would be considered a breach of confidentiality that would have their clients looking for more reliable suppliers.

 

[Elohim369]

My first thought was - it's not smart to ask for $70M because, how many assassins could one buy for that money?

Think about it; this is Asia.

The higher the ask, the more reasons are stacked against the hackers. Counter hacking attempts, secret services, private security firms, mercenaries... there may even be other hackers going after that valuable data haul independently...

 

[applesed]

Well, Russia, China, North Korea, among a few others, are not going to be bothered to send their trained hackers to US for trial. FBI can spend money and other resources trying to lure them out, but chance is slim. In summary, it is much harder than you think.

Might as well let machine build machine Rather than us. Heck, replace Tim Cook with AI equivalent. Saves Apple $5m right there.

Is anyone working on AI for adaptive firewalling honeypotting, etc? Seems like that is useful but much harder than question-answer style AI/LLMs.

 

[_Spinn_]

Security is hard. It has to be perfect 100% of the time while criminals only have to get lucky once.

 

[bill001]

Should’ve required their business partners to use biometrics like touchID/faceID and multi-factor identification instead of simple passwords but hey what do I know, they’re only a global leader in chip manufacturing

Hey, they just make the stuff, they don't use it themselves! ha ha

 

[bill001]

OMG, teaching AI to protect our data can also make it aware of how to access it...anyone just a little bit worried about AI tech in the wrong hands? Jeesh.

 

[DeepIn2U]

Really?? are you sure Microsoft does not outsource their database? If AI can reproduce accurate Key codes, that might say something. They might not directly outsource, but their databases are networked to outsource locations. That opens up opportunity to hack.

the key is which AI has been given the compute power and knowledge to decipher say 20xx-bit encryption and a service account for authentication and more so if given the ability to override or circumvent human action and overside to disable access.

THAT is the right questions

 

[majus]

It's impossible to fix all vulnerabilities -- we've got to start killing the people who exploit them.

But give them the opportunity to live. If they can completely debug Windows 3.1 in 24 hours, then they will live. Otherwise...

 

[Klara22]

I was involved in an online mining scam, I started trading with them at 05/02/2022 and discovered it was all fake , around 20/06/2022 after I have invested about $700,980 with them, I was so sad because I was already in a lot of debts and all my savings and salary were already in this fake mining platform. I was about given up in life before I read a testimony about MYSTERIOUS HACKER online how they helped people to recover their lost crypto currency, I contacted them and I was able to get back my money within 48 hours, you can contact MYSTERIOUS HACKER on: mysterioushack666@cyber-wizard.com the good thing is that there is no upfront payment.

 

[robertmorris2]

Sure, hire someone who attack and steal your property and ask for money just to not ruin your life. I’m sure you can trust on all of them. Omg, I don’t understand sometimes what people think… xD

companies hire people to see if they can exploit vulnerabilities in their systems all the time. it's a way to find out the weaknesses in a system. there are hacker conventions that are sponsored by tech companies for that reason. it's not unreasonable to hire someone who has the skills and know-how to help a company fix those vulnerabilities. that is what people think... you need to understand that