New York, New York – Hackers who stole data from Madison Square Garden say they gained access by calling a low-level employee and tricking them into completing a Microsoft account reset process, according to 404 Media.
The hacking group ShinyHunters told 404 Media it used voice phishing, also known as “vishing,” to compromise the employee’s Microsoft Entra account. Entra is Microsoft’s identity-management system used by companies to control employee access to workplace tools and cloud services.
404 Media reported that the stolen 45GB data dump included material from an employee’s OneDrive and MSG SharePoint files. Earlier samples reportedly included Knicks-related records, customer emails, celebrity-related information, and internal risk ratings.
The breach has also drawn attention because MSG has used facial recognition and surveillance tools at its venues. A proposed class-action lawsuit alleges sensitive visitor data may have been exposed, though MSG has not publicly confirmed the hackers’ claims or the full scope of the breach.
Microsoft warned in May that attackers have increasingly used voice calls to trick employees into approving password resets or multifactor authentication prompts.
Sources:
Discover more from News Facts Network
Subscribe to get the latest posts sent to your email.
