Brinztech Alert: Data of Eurofiber are on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the alleged sale of the entire GLPI IT system database from Eurofiber, a major European telecommunications and cloud infrastructure provider.

This claim, if true, represents one of the most severe supply chain attacks imaginable. My analysis confirms Eurofiber is designated “vital infrastructure” by the Dutch government and serves a massive B2B client base, including government ministries, major telecoms, and financial institutions.

This is not a simple PII leak. The seller is offering the “crown jewels” of a core IT provider, allegedly stolen from their GLPI (a common IT asset management system) portal. The data for sale reportedly includes:

• SSH Private Keys
• Cloud Setup Files
• VPN Configurations
• Source Codes
• SQL Backups

The seller claims this data compromises 10,000+ B2B clients and over 90% of Eurofiber Cloudinfra clients. The data is dated 2015-2019, suggesting a long-term, undetected compromise, potentially linked to a poorly-integrated company acquisition—a classic high-risk period for M&A. This is a complete toolkit for an attacker to bypass all modern defenses and gain direct, administrative access to Eurofiber’s clients’ core infrastructure.

Key Cybersecurity Insights

This alleged data breach presents a critical and immediate threat:

• Catastrophic Supply Chain Compromise: The breach of a major B2B telecommunications provider’s core IT system exposes a vast network of high-profile clients, including government and critical infrastructure, highlighting significant supply chain attack risks.
• Deep Operational Data Exposure: The leaked data includes highly sensitive technical assets like SSH private keys, cloud configurations, and source codes, providing potential direct access and control over affected client infrastructures.
• Prolonged Undetected Compromise: The data spanning from 2015 to 2019 suggests a long-term, possibly undetected, compromise or a persistent vulnerability, potentially exacerbated by post-acquisition infrastructure integration issues.
• Critical Software Vulnerability Impact: The compromise of a widely used IT management system (GLPI) serving as a central client portal underscores the severe cascading impact that vulnerabilities in foundational software can have across an entire client base.

Mitigation Strategies

In response to this claim, all affected clients and Eurofiber must take immediate and decisive action:

• Immediate Credential Rotation and Infrastructure Audit: All affected clients and Eurofiber must immediately invalidate and rotate all credentials (including SSH keys, API keys, and database credentials) that may have been stored or transmitted via the compromised GLPI system, followed by a comprehensive audit for unauthorized access.
• Enhanced Third-Party and Supply Chain Security Assessments: Implement rigorous security assessments and continuous monitoring for all third-party vendors, especially those managing critical IT infrastructure or sensitive customer data, focusing on their IT management systems and data handling practices.
• Mandatory Multi-Factor Authentication (MFA) and Principle of Least Privilege: Enforce mandatory MFA for all access to critical systems and strictly apply the principle of least privilege to limit data access, significantly reducing the impact of stolen credentials.
• Secure Data Handling and Communication Protocols: Educate all employees and clients on secure communication practices, prohibiting the transmission of highly sensitive operational data (e.g., private keys, configuration files) through unencrypted or general-purpose ticketing systems, and enforcing the use of secure alternatives.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com