Trending

ee-track">
Link copied!

Why Cybercriminals Target Code Analytics Companies

Atlanta, United States; Bengaluru, Karnataka; and Mumbai, Maharashtra, India: Cybercrime reached new levels in 2020, with a host of startups and established organizations impacted by data breaches. With a global population of around 7.8 billion, companies…

February 2, 2021 · 3 min read
Why Cybercriminals Target Code Analytics Companies

Atlanta, United States; Bengaluru, Karnataka; and Mumbai, Maharashtra, India: Cybercrime reached new levels in 2020, with a host of startups and established organizations impacted by data breaches. With a global population of around 7.8 billion, companies collect substantial amounts of information about individuals for use in personalization, data analysis, and business decisions. These consolidated datasets are targets of cybercriminals and organizations, and their partners have a duty to safeguard the data.  

Cybercriminals attempt to gain unauthorized access to datasets in a multitude of ways. One method is to compromise third-party partners who have access to an organization’s sensitive keys, tokens, or credentials. An example is the breach of Waydev, a San Francisco-based code analytics platform used by organizations to optimize software development. In July 2020, Waydev disclosed a security breach in which hackers infiltrated its platform and stole GitHub and GitLab OAuth tokens from its internal database. Cybercriminals leveraged the stolen tokens to gain unauthorized access to the codebase of Waydev’s clients in an effort to steal sensitive data.

According to Thomas Siah, Head of Business Development at Cyble, “Companies must equip themselves with well-designed data security frameworks and understand how data flows within the organization and, crucially, with its partners. Understanding data flow and the associated security controls aids in the management of risk throughout the life cycle of the data regardless of where the data is being processed.”

After gaining access to the data repositories containing user and corporate data, cybercriminals tend to sell the information in cybercrime forums. Cybercriminals, such as ShinyHunters, publish notice of their breaches in the darkweb to entice other cybercriminals to purchase their data and use it to target individuals or exploit organizations. The stolen information can fetch handsome returns from sales in darkweb or cybercrime forums. As an outcome of the security breach of Waydev, the digital banking app and tech unicorn Dave.com also suffered a data breach. As a result of the breach, the cybercriminal published details of 7.5 million users on a public forum. In May 2020, ShinyHunters, a major darkweb player, claimed to have stolen and leaked the 500 GB of data from Microsoft’s GitHub account.

“Stolen PII is fuel for an array of cybercrimes such as identity theft, financial fraud, phishing attacks, social engineering campaigns, and business email compromise (BEC). The monetization of stolen data is one of the key motives for cybercriminals. Therefore, there is a pressing need to heighten data security among companies and individuals. Besides, it is imperative that organizations check the cyber health of third parties as an integral component of their due diligence,” says Beenu Arora, Founder and CEO of Cyble.

About Cyble

report-ad-banner

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams