Dark web posts shed light on Panasonic breach

The November security breach at electronics giant Panasonic may have been the result of a security vulnerability that was marketed to cybercriminals earlier this year.

Researchers with security vendor Webz.io found that a SQL injection vulnerability possibly used in the attack had been advertised on RaidForums, a popular dark web site, on Jan. 16, 2021. According to a Webz.io report published Thursday, a post advertising the bug was cataloged but not immediately noticed by the security firm's team.

After word broke of the attack, the researchers combed through their archives, eventually finding the two forum posts that had been made some 10 months prior.

"We were able to scan and collect it on the same day. We also scanned the second post the following day. But since Panasonic isn't one of our customers, our cyber team wasn't monitoring these incidents in real time," a Webz.io spokesperson told SearchSecurity. "We do, however, have the data, so once we heard they were breached, our team took a closer look to see if we could find any footprints leading up to the attack."

Panasonic disclosed a breach some 10 months after the post on Nov. 26, 2021, informing the public that the breached file server contained the personal information of both customers and employees of the company.

According to Panasonic's disclosure, the company detected the breach earlier in the month on Nov. 11, but the attackers had likely been sitting on its network before then. Webz.io cited Japanese news reports that claimed attackers had access to Panasonic's server for four months prior to the discovery.

"After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network," a Panasonic press release said at the time.

It's unclear if the vulnerability was the cause of the Panasonic breach, but Webz.io said some of the information appears to match. "Using this vulnerability, threat actors could access the company's servers, which according to Panasonic's announcement is the method behind their breach."

Panasonic did not respond to a request for comment on the Webz.io report.

Webz.io said that such lulls in activity are not unheard of, as intruders will often bide their time before making a move and breaking into a network -- in this case the SQL database that held Panasonic's employee and customer information.

"It's important to remember that vulnerabilities are usually used as a backdoor to break in," the Webz.io spokesperson said. "It still takes a few steps and traps, in other words -- long months, in the lead-up to the breach."