Go to the text

Solutions & Services

Close

Purpose / Issues

IT Keyword

Introduction Case Studies

Close

Special feature Blog

Close

News

Close

About Us

Close

Company Information

Stock / Investor Information

Human Resources

Sustainability

Close

Site Search

Close

Report on detailed investigation into the possibility of information leakage due to unauthorized access (final report)


SoftBank Technology Corp.
President & CEO Shinichi Ata

>Please check here for the first report.
>Please check here for the second report.

Respect
We would like to express our gratitude for the continued success of your company. Thank you very much for your continued patronage.

We sincerely apologize to all of our business partners and partners for the great concern and inconvenience caused by the unauthorized access to our verification server.

From the time we discovered the facts, we have taken emergency measures and reported to the relevant authorities, as well as proceeding with the investigation. In parallel with these measures, we have also been implementing measures to prevent recurrence. We would like to inform you of the circumstances surrounding this, the impact on customers, and measures to prevent recurrence as follows.

Record

1. background
Malware (virtual currency mining program) was executed on some computers within our network, and communication to the outside was blocked using multiple security measures. After the security operations team confirmed the alert that blocked communications from the malware, CSIRT members, including the CISO and information systems department, immediately began investigating and responding. The investigation revealed that the server that had been accessed illegally contained a file containing customer information (company name, contact name, phone number, email address), which was accessible to the attacker. did.

Despite the server being able to connect to the Internet, it was possible for an attacker to gain unauthorized access because (1) there was an unnecessary account, (2) the password for the account was weak, and (3) external access measures were not appropriate. I caused it to occur. In addition, there was a file stored on the server that contained customer information used for verification work, etc., but (4) the file was poorly managed, leading to the possibility of information leakage.

After becoming aware of the possibility of information leakage, our Threat Intelligence Research Office, MSS (Managed Security Services) team, and third-party organizations conducted their own investigations and found no evidence of information leakage. As the possibility cannot be completely ruled out, we requested a third-party organization to conduct a detailed investigation.

Restoration of deleted files on the server carried out by a third party, investigation of logon history and suspicious behavior history from various logs, and information that regularly and automatically records system operation status ( Investigate whether there is any suspicious file processing within the server (Journal), investigate the existence of suspicious communications based on the external access history existing on the server, and identify the presence of suspicious communications using keywords related to the issue such as file names. An investigation that searched the server revealed no evidence that the attacker had accessed files containing customer information on the server. There was also no evidence that the drive itself where the file was stored was accessed.

2. Impact of unauthorized access
A detailed investigation by a third-party organization did not confirm that any files containing customer information had been leaked. To date, we have not received any reports from customers regarding the possibility that business partner information that existed on the server that was accessed illegally was used.

3. Recurrence prevention measures, etc.
From the initial report on July 24, 2017 to today, we have inspected the entire information management policy and procedures that led to the possibility of information leaks, and have taken inventory of unnecessary accounts as a countermeasure against unauthorized access. We deleted information, strengthened passwords, established regular password audits, and reviewed and systemized access control policies.

In the future, we will ensure thorough compliance with these measures to prevent such situations from occurring again, as well as further security measures and audits, as well as efforts to strengthen security operations to enable early detection of unauthorized access and swift investigation and countermeasures. I'll be there.

<Inquiries regarding this matter>

Dear business partners Contact point for news organizations
If you have any questions or concerns, or if you have any concerns about possible leaks, please contact our sales representative. Corporate Communication Group
Email: sbt-pr@tech.softbank.co.jp