-
Mideast, a Saudi Arabian company witnessed a cyber breach, with the attackers stealing 40GB of data, payment cards, bank accounts, and vehicle details inclusive.
-
The hackers wiped Mideast’s databases, forcing the company to rebuild their entire system, including apps and website, from scratch.
-
This breach fits a pattern of increased cyber attacks across the Middle East amid regional tensions.
A company in Saudi Arabia has suffered a serious data breach where the hackers took more than 40GB of the database. Also, the attackers stole the entire source code of the company’s websites and mobile apps.
The stolen data includes a complete set of customer identities, passwords, email addresses and payment information, which is now on sale on the dark web.
Details of the Data Breach
The attack allegedly compromised the whole of Mideast’s subdomains, their mobile apps both on Google Play and Apple App Stores, and their main website. The hackers claimed they wiped the database clean, forcing the firm to take everything offline.
According to the dark web forum post where the data is up for sale, Mideast is now rebuilding its systems from scratch. The hackers gained access to a huge trove of sensitive information.
Vehicle owners need to be on guard now, as the stolen data includes both vehicle license plate numbers, types, and models, as well as personal details of customers.
The compromised dataset reportedly contains:
- Full names and email addresses
- Passwords and phone numbers with information about the type of devices
- Bank transfer records and bank account numbers
- Payment card details
- Vehicle license plate, types, and models
- Complete website and mobile application source code
The inclusion of source code makes this breach particularly dangerous, just as in the Target case, where stolen code allowed criminals to understand the retailer’s systems in depth, potentially enabling more sophisticated future attacks.
All these are among the information the hacker included in their post. Among the stolen data the attackers dumped, there’s a list of database names they grabbed, including mideast_accounts, mideast_maindb, and customer, information tables
Cyber Threats Increase in the Middle East
Hints at increases of cyber events throughout the Middle East have been made prior to this event. The current geopolitical instability of the region will continue to increase attacks aimed at Gulf states through cyberspace.
A March 5 report revealed that UAE law enforcement intercepted up to 200,000 daily cyber attacks. More than 70% of the reported attacks came from state-associated hackers with a focus on disrupting critical infrastructure.
Folks at cybersecurity companies Proofpoint and Check Point point fingers at Iranian-linked groups like TA453 and MuddyWater. Apparently, they’ve been busy running espionage campaigns all over the Middle East.
The real headache? These groups are blending in so well with everyday cybercriminals. And that is making it a lot harder to trace the attacks.
Why the Mideast Data Breach is Different
This incident stands out because the attackers not only stole customer data, but also stole source code. This source code will give them insight into how Mideast systems work, possibly enabling future attacks.
The threat actor is already advertising their loot for sale on the dark web. They tagged the dataset as “comprehensive and rare marketing data.”
Unlike breaches where the hackers leak only emails and passwords, this one includes vehicle details and financial information. Cybercriminals often put higher price tags on payment card data and bank accounts because such information can be used for financial fraud.
What’s Next?
If you’ve ever signed up for Mideast services, keep your guard up. Scammers have stolen real customer info, and that means your inbox or phone could be the prime target for their next phishing attempts.
Emails from unknown sources, unexpected texts, and unexpected calls are likely to be phishing scams. If you receive any of these, don’t be too fast to give away your information; first, check things out to be sure they are what you think they are.
Make sure you pay close attention to your bank statement. This will help you catch any questionable payments or charges before they go through. If Mideast has ever received your credit card number, we suggest that you place a fraud alert on your credit file, just in case.
The recent breach is a reminder for businesses in the Middle East. With the ongoing tension, companies must take every possible measure to beef up their security. If they do not, they will likely be next.
