A post on Twitter suggests that pro-Russian ransomware group Stormous has stolen 161 gigabytes (GB) of data from the Coca-Cola Company and is selling it on for 1.6 BTC ($66,000).
The ubiquitous soft drink multinational said it was investigating the as-yet unverified claims and has contacted the authorities about the alleged security breach.
“We are aware of this matter and are investigating to determine the validity of the claim. We are coordinating with law enforcement,” Coca-Cola’s vice president of communications Scott Leith told Protos in an email.
Bleeping Computer reports that the data set purportedly includes compressed documents, text files with admin, emails, passwords, account and payment ZIP archives, and other types of sensitive information.
However, it’s unknown whether the data cache contains the closely guarded recipe for the world’s top-selling soft drink. Last year, the world drank 43,000,000 liters of Coca-Cola and 10,000,000 liters of sugar-free Diet Coke.
According to a screenshot posted to Twitter on Monday, the group is willing to barter a price relative to the amount of data the buyer wants. Below the broken English, red letters advertise the 161GB of allegedly stolen data for 1.6467000 BTC, worth just over $64,000 at the time of the offering.
Stormous chose to hack Coca-Cola with a poll
According to more screenshots, Stormous chose its target via a poll that promised a denial-of-service attack (DDoS), data hacking, and the leaking of the target’s source code and client data.
The world’s largest soft drink manufacturer was up against Barbie makers Mattel and education technology firm Blackboard. But unfortunately for Coca-Cola, it won at a canter with 72% of the vote.
“Since it was a vote on giant beverage company (Coca-Cola)! We hacked some of their servers and went over (161G)! But the situation is not always as we want to sell it by any other ways we have opened our store on our own website in the dark web !” Stormous said in a dark web announcement (via Security Affairs).
However, questions remain about the integrity of the claim. Stormous’ dark web announcement said it would send some “required data as initial proof” of the hack’s success. Last year, Ransomware BlackMatter stole 50GB of sensitive data from Solar Bebidas, the second-largest Coca-Cola bottler in Brazil.
In March, Stormous announced the theft of 200GB of data from Epic Games. The group claimed to possess the data of about 33 million users, although the validity of these claims has yet to be established.
The group is one of a number of hacker collectives to have pledged their support to Russia as it continues its invasion of Ukraine. Stormous promised to retaliate against any groups targeting Russia with cyberattacks in a post on its Telegram channel.
The group’s nationality remains unclear; however, many of its announcements appear in Arabic and English. Cyber security firm SOR Radar suggested the group may be trying to achieve notoriety by employing the rhetoric of Russian ransomware group Conti.
On March 1, the group claimed to have hacked the Ukrainian Ministry of Foreign Affairs. However, this data was reportedly already available on the dark web. In fact, Bleeping Computer notes that there is no evidence to suggest that Stormous is using malware to carry out its exploits.
Follow us on Twitter for more informed news.
Out now: the first three episodes of our new investigative podcast series Innovated: Blockchain City.