The Target: Japanese e-commerce and logistics company Askul, which specializes in B2B sales of office and professional supplies.
The Take: Roughly 590,000 customer records related to business services and 132,000 records related to consumer services have been compromised. In addition, the hackers stole thousands of records related to business partners, employees, and Askul executives.
The Vector: The company’s investigation showed that the cybercriminals gained access to its network using compromised credentials. After obtaining initial access to Askul systems, the attackers conducted reconnaissance, harvested credentials, moved laterally, and disabled security systems.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.