Gigabyte Breached by Ransomware Group AvosLocker – Data up for sale

Gigabyte Breached by Ransomware Group AvosLocker

GIGA-BYTE Technology Co., Ltd. (known as Gigabyte), the well-known tech giant, has allegedly suffered a serious network breach. A sample of files from Gigabyte’s network were leaked on AvosLocker’s onion site and appear to contain confidential details regarding deals with third-party companies and identifiable information about employees. PrivacySharks has reached out to AvosLocker for more information about the breach.

AvosLocker, the ransomware group behind the breach, has threatened to leak more data from Gigabyte’s network if the Taiwanese company refuses to negotiate. So far, there has not been a response from Gigabyte. However, given that the sample documents contain a lot of sensitive information, including passwords and candidate resumes, the leak is highly concerning for the tech company.

We hope that there are no Gigabyte private master keys included in this leak which could potentially see a new supply chain attack like the Solarwinds Supply Chain Attack. If the leak does include keys, these could be used to impersonate Gigabyte, forcing servers and motherboards to download fake updates and drivers, etc.

Fortunately, our tech experts can only find two .key files and a few .crt files, which may suggest that this breach contains no or very little data from the security/tech departments. However, if Gigabyte revokes any keys in the near future, keep this possibility in mind.

When did the leak occur?

On October 20 2021, AvosLocker posted a ‘press release,’ on its onion site, announcing that it had downloaded files from Gigabyte’s network. However, the group didn’t give any specifics of when the data was stolen or how, simply stating instead,

“Gigabyte INC suffered a breach, and this is a sample of the files we’ve downloaded from their network. Barracuda NDA + full dir list leaked in sample.”

In the same announcement, the group revealed that it has access to more files and will release them unless Gigabyte negotiates a ransom, “If they refuse to negotiate, we will leak all the data we’ve got. Attached are some of the documents that were exfiltrated.”

AvosLocker is well known for selling companies’ data, and the Gigabyte data is also up for sale. We assume that Gigabyte is well aware of the leak since AvosLocker always contacts companies it has breached to ask for ransom.

Gigabyte Press Release

What does the Gigabyte leak contain?

AvosLocker has released a small taster of the data it has downloaded from Gigabyte’s network in a file called ‘proof.zip,’ which is 14.9MB. An independent security researcher affiliated with PrivacySharks has viewed the contents of the sample file and can confirm that the leaked data contains the following:

  • Potential credit card details. Fortunately, if these files contain credit card information, the credit cards may be expired as this folder is from 2014.
  • Password and username details.
  • Employee payroll details.
  • HR agreements with consultants as well as full names, images, and CVs.
  • 10 PDF documents in a file named ‘Passports.’
  • Information on over 1,500 job candidates, including full names, CVs, resumes, and applications. There are also Zoom internet details with what appears to be personal information on each candidate.
  • A folder named ‘Mailchimp’ containing GSM Account Database information. This could include email addresses.
  • A zip folder containing an NDA and information of a deal with Barracuda Networks worth $100,000+
  • In addition to Barracuda Networks, the leak includes various data from the following well-known companies: Blizzard, Black Magic, Intel, Kingston, Amazon, BestBuy.
  • A .txt file named ‘Tree’ containing 133,352 lines of folder and file names stolen in the breach.
  • Business expenses from trips such as ‘Hawaii 2019’, including money spent on Luau drinks, uber trips, and tips.
  • Images from company events, including Christmas parties, Halloween parties, and ‘Tony’s Birthday.’

The leaked data contains files from as recently as May 2021. This indicates that this is a fresh leak with new data. Not only this, but the date of the files means that some of the personally identifiable data (such as interviewees’ information, password and username credentials, etc.) could be up to date, and therefore, at risk of being compromised.

Passport information

Resume information

Private company photos

Employee information

What does the leak mean for Gigabyte?

A network breach is never good news for a company, and the Gigabyte leak poses many questions about the company’s security measures. Moreover, some of the leaked data calls into question how Gigabyte stores and uses data.

For example, we were particularly surprised to find a vast amount of identifiable data about job applicants, including CVs and resumes, which normally include personal data like dates of birth, email addresses, and phone numbers.

As a rule of thumb, companies should not hold onto candidates’ data after the hiring process is over, and the Gigabyte data leak demonstrates why, as this information can fall into the wrong hands. For this reason, the EU has a GDPR law that requires companies to delete data like this.

The data leak also risks damaging Gigabyte’s relationships with third-party companies, as its deal with Barracuda Networks, and a signed NDA between the two companies, has been exposed. Revealing financial agreements may damage Gigabyte’s bargaining power in future negotiations or cause companies to be wary of entering into business with the tech company for fear of data being exposed.

Furthermore, should the leaked images or expenses present an unflattering depiction of the company or its employees, this could also tarnish the professional way others view Gigabyte. Although work events and business trips are the norms, the images may not be something Gigabyte wants in the public domain.

Contact us

If you have any information, questions, or comments about this story, please get in touch with us at [email protected].

Author Madeleine Hodson

Hi, I'm Madeleine. I'm a British writer with a global background, currently based in the UK. I have always been interested in the online world and how it connects people worldwide. My keen interest in the internet led me to ...
Read more about the author