Casio discloses data breach impacting customers in 149 countries

Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform.

Casio detected the incident on Wednesday, October 11, following the failure of a ClassPad database within the company’s development environment. Evidence suggests that the attacker accessed customers’ personal information a day later, on October 12.

The exposed data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics.

Casio says that credit card information was not stored within the compromised database.

As of October 18, the attackers accessed 91,921 items belonging to Japanese customers (including individuals and 1,108 educational institution customers) and 35,049 records belonging to customers from 148 countries and regions outside Japan.

“At this time, it has been confirmed that some of the network security settings in the development environment were disabled due to an operational error of the system by the department in charge and insufficient operational management,” the company said.

“Casio believes these were the causes of the situation that allowed an external party to gain unauthorized access.”

ClassPad still online, previous breach claims

Although the compromised database is currently “inaccessible to external entities,” the ClassPad.net app remains operational. Casio clarified that the hackers did not infiltrate systems beyond the compromised database within the development environment.

On Monday, October 16, Casio reported the incident to Japan’s Personal Information Protection Commission and is collaborating with law enforcement authorities, assisting with their breach investigation.

Additionally, Casio is working with external cybersecurity and forensics experts to conduct an internal investigation to find the underlying causes of the incident and draw up countermeasures in response to the breach.

In early August, a threat actor (known as thrax) claimed to have leaked over 1.2 million user records on the BreachForums cybercrime forum, allegedly stolen from a Remote Desktop Services (RDS) server with older casio.com databases.

Alleged Casio data leak from August 2023
Alleged Casio data leak from August 2023 (BleepingComputer)

​The allegedly stolen information contains entries up to July 2011, AWS keys, and database credentials.

“This DB is kinda old as hell, but believe it or not, this was dumped from a live RDS server today. If anyone wants the AWS keys (with some pretty juicy permissions, S3 bucket access, etc.) and database credentials, etc., DM me,” the threat actor said.

“A user who I gave the AWS keys to has managed to find another database. After looking into this database, the newest date I could reference was January 2006, another old database.”

A Casio spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today to provide additional details regarding the October incident and to confirm thrax’s claims.


Source: https://www.bleepingcomputer.com/news/security/casio-discloses-data-breach-impacting-customers-in-149-countries/

Any text modified or added by CorruptionLedger is highlighted in blue, and the following characters indicate content was shortened: [...]