Coca-Cola investigates hackers’ claims of breach and data theft

Coca-Cola, the world’s largest soft drinks maker, has confirmed in a statement to BleepingComputer that it is aware of the reports about a cyberattack on its network and is currently investigating the claims.

The American beverage giant has started to investigate after the Stormous gang said that it successfully breached some of the company’s servers and stole 161GB of data.

Stormous announcing the victimization of Coca Cola
Stormous announcing the victimization of Coca Cola

The threat actors listed a cache of the data for sale on their leak site, asking 1.65 Bitcoin, currently converted to around $64,000.

Coca-Cola listing on Tor site
Coca-Cola listing on Stormous leak site

Among the files listed, there are compressed documents, text files with admin, emails, and passwords, account and payment ZIP archives, and other type of sensitive information.

Who is Stormous

Although they claim to be a ransomware group, there is no indication at this time that they are deploying file-encrypting malware on their victim networks.

Closer to a data extortion group, Stormous has stated that they would take action against hacker attacks against Russia in the wake of the invasion into Ukraine.

Stormous message on Telegram
Stormous message

This is the first time Stormous has posted a stolen data set. Last week, the gang asked their followers to vote on who should be their next victim.

The attack promised denial-of-service, hacking, leaking of software source code and client data. Coca-Cola won the poll with 72% of the votes. The gang said that it took them only a few days to breach the company.

Poll held on the Stormous Telegram
Poll held on the Stormous Telegram

Coca-Cola and the other victim choices in Stormous’ poll show anti-Western stance. Previously, the group claimed Epic Games as their victim.

They announced that they stole 200 gigabytes of data and details of 33 million users of Epic store and games. However, there has been no confirmation about the legitimacy of the data, so Stormous’ reputation about these claims has yet to be established.

Coca-Cola has not confirmed that their data was stolen. The company told BleepingComputer that it is currently collaborating with law enforcement and that the investigation into the alleged Stormous attack has not revealed a negative impact yet.

Source :
https://www.bleepingcomputer.com/news/security/coca-cola-investigates-hackers-claims-of-breach-and-data-theft/