Nestle: Anonymous Can't Hack Us, We Leaked Our Own Data (gizmodo.com) 51
An anonymous reader quotes a report from Gizmodo: A hacker group claims to have stolen and leaked a trove of Nestle's data. The company says that can't possibly be true. Why? Because the data was actually leaked by Nestle itself several weeks ago. In emails to Gizmodo, a Nestle spokesperson disavowed allegations from the hacktivist collective Anonymous, which claimed this week to have stolen and leaked a 10 gigabyte tranche from the global food and beverage conglomerate. Anonymous said it was punishing Nestle for its reticence to withdraw from Russia, as a host of other major companies have done. The data, which Anonymous said included internal emails, passwords, and information on Nestle's customers, was posted to the web on Tuesday.
But, according to Nestle, Anonymous is full of it. A spokesperson told Gizmodo, "This recent claim of a cyber-attack against Nestle and subsequent data leak has no foundation." The spokesperson explained that the trove of data floating around the web was, in fact, the product of a mistake the company made earlier this year: "It relates to a case from February, when some randomized and predominantly publicly available test data of a B2B nature was made accessible unintentionally online for a short period of time." [...] In a follow-up email, the same company spokesperson explained that the data, some of which was already public and some of which was not, had been accidentally published to the open internet for multiple weeks. According to the spokesperson: "Some predominantly publicly-available data (e.g., company names and company addresses and some business email addresses) was erroneously made available on the web for a limited period of time (a few weeks). It was detected by our security team at the time and the appropriate review was carried out. The data was prepared for a B2B test website to perform some functionality checks." Nestle on Wednesday said it planned to partly scale back its operations in Russia, continuing to provide "essential food, such as infant food and medical/hospital nutrition."
But, according to Nestle, Anonymous is full of it. A spokesperson told Gizmodo, "This recent claim of a cyber-attack against Nestle and subsequent data leak has no foundation." The spokesperson explained that the trove of data floating around the web was, in fact, the product of a mistake the company made earlier this year: "It relates to a case from February, when some randomized and predominantly publicly available test data of a B2B nature was made accessible unintentionally online for a short period of time." [...] In a follow-up email, the same company spokesperson explained that the data, some of which was already public and some of which was not, had been accidentally published to the open internet for multiple weeks. According to the spokesperson: "Some predominantly publicly-available data (e.g., company names and company addresses and some business email addresses) was erroneously made available on the web for a limited period of time (a few weeks). It was detected by our security team at the time and the appropriate review was carried out. The data was prepared for a B2B test website to perform some functionality checks." Nestle on Wednesday said it planned to partly scale back its operations in Russia, continuing to provide "essential food, such as infant food and medical/hospital nutrition."
We mistakenly hacked ourselves. (Score:2)
Re: We mistakenly hacked ourselves. (Score:2)
Nestle has no ethics or morals, or even good food. But most of us still eat their shit. They could literally send food to Russia's military and nothing at all will happen to them. If Nestlé went away, so would half the products at the grocery store.
Re: (Score:1)
Re: (Score:2)
They take up quite a bit of shelf space here in the US. It's not just the Nestle brand itself, they own a bunch of other brands as well. Some that people will be familiar with:
Carnation (milk products)
Ovaltine
Sweet Leaf Tea
Blue Bottle Coffee
Taster's Choice
Perrier
San Pellegrino
After Eight (mints)
Buitoni
California Pizza Kitchen (packaged food)
DiGiorno
Hot Pockets
Jack's Pizza
Lean Cuisine
Stouffer's
Tombstone Pizza
Dreyer's
Häagen-Dazs
Outshine (fruit bars)
Boost (nutritional drinks)
Optifast
G
Re: (Score:1)
Re: (Score:2)
Incompetence is not "hacking" yourself anymore than accessing publicly accessible information is "hacking". I know the term isn't used the way it was in the past, but at least you could use it the way it's used now.
Now they shall demand ransom from themselves (Score:2)
Nestle: "We are not that incompetent" (Score:5, Funny)
"Actually, we are much more incompetent than that."
Re: (Score:2)
Re: Nestle: "We are not that incompetent" (Score:1)
Re: (Score:2)
Re: (Score:2)
Because they knew that this would be the outcome
You seem to be granting Nestle some significant super powers right there. I'd be more willing to bet they thought they had found a ripe market, but didn't realize the potential repercussions of their actions until it was already done after several years had passed.
Humans are greedy and lazy, and they make up 100% of the meat-space of all companies on the planet. What some people claim is malice is most likely just plain ignorance.
Re: (Score:2)
Re: (Score:2)
How is that nestles fault if the mothers diluted with bad water?
Strictly it's not, but parent is misrepresenting their 'misdemeanour'
1a. Nestle gave away free samples of infant formula at maternity clinics, and told the mothers it was better for their children (the first one is free.)
1b. Since they were no longer breast feeding the mothers stopped lactating.
2a. Nestle then started charging these mothers for formula milk.
2b. Having no choice but to buy formula in order to feed their children further poverty, with all the consequences that follow from that, resulted.
3. Ne
Re: (Score:2)
Mod informative as the rest of the ugly story.
Re: (Score:2)
Re: (Score:2)
Leaking test-data? No. That is a minor thing. Thinking test-data is life-data? _That_ is grossly incompetent. These "hackers" have a ton of egg on their faces.
Re: (Score:2)
Way to own it. (Score:2)
Re: (Score:2)
Believing that they're that incompetent? Let's just say it's not exactly unbelievable.
Hack or no hack, that "can't hack us" title alone, will pretty much guarantee an attack by tomorrow's news.
This is the corporate equivalent of (Score:2)
This seems worse. (Score:2)
This seems like they are simply too incompetent to keep their data contained within their own systems which is far worse than just having bad security.
If anything, this is a self-own.
Re: (Score:2)
Nestle is publicly traded. They would have a massive problem if they lied here. Very likely, this is just the plain truth and the "hackers" are the incompetent ones.
Re: (Score:1)
If anything, Anonymous has shown they aren't incompetent. But who knows really what happened...
Re: (Score:2)
Re: (Score:2)
This is _test_ data...
Re: (Score:2)
Re: (Score:2)
I hear it's a new kind of "deep" data. You know, for these advanced self-hacks.
So fake it's practically real.
Re: (Score:2)
Are you sure? That would be a major policy violation in many cases.
Nestle call it "randomized and predominantly publicly available test data of a B2B nature", which would indicate there are names, addresses and passwords in there, but they are publicly available anyways and the passwords are fake and do nothing (or allow you into some test system only).
Re: (Score:2)
Nestle is publicly traded. They would have a massive problem if they lied here. Very likely, this is just the plain truth and the "hackers" are the incompetent ones.
A publicly traded company just freely admitted a royal fuck-up that leaked their own data. Forget the "hacker" story, that's not exactly something you would expect to boost stock price. Not to mention slapping a "can't hack us" title on an article bragging to one of the most notorious hacking groups on the planet. Poking the bear, isn't the best way to avoid a bear attack.
Nothing quite like the sheer entertainment value of watching a moronic PR department shoot themselves in the foot. I'm shocked this t
Re: (Score:2)
Nestle is publicly traded. They would have a massive problem if they lied here. Very likely, this is just the plain truth and the "hackers" are the incompetent ones.
A publicly traded company just freely admitted a royal fuck-up that leaked their own data.
They did not. They admitted to leaking "randomized and predominantly publicly available test data of a B2B nature", which is fundamentally different. With good processes, test data looks real, but it is not wherever it does contain data not already publicly available.
Interesting Strategy (Score:2)
Still a hack.. (Score:2)
Re: (Score:2)
Just an FYI, the prosecutor said there would be no charges over the "view source" nonsense.
Disinforming like the pros (Score:2)
Looks like some Russian rubbed off on them.
admission (Score:2)
Admitting that you have a problem is the first step to recovery.
Your Spin is wobbly (Score:2)
I can see a few corporate mouthpieces losing their jobs along with those charged with protecting this data. "We did this too ourselves intentionally" is the dumbest infosec excuse I've seen in a long time.
So there! (Score:2)
Re: (Score:1)
Profits before people!
Partly scale back operations? (Score:1)
Hmm... Nestle should post something like this: "We want the children of Russia to know that the reason they cannot have any more Nestle sweets is because their President has been a very bad boy."
Re: Partly scale back operations? (Score:1)
Re: (Score:3)
Here is a compromise: Americans, let's stop getting ourselves involved in extra-curricular wars at the whims of our "representatives" (and the military industrial complex that bought them)
As tragic as it is, the situation in Ukraine isn't our particular business outside of our existing NATO agreements, of which Ukraine is not a current member. We have no good reason to be delivering truckloads of weapons over to the Ukrainians other than to politically thumb our noses toward Russia - it's just a stupid game
I know you are but what am I (Score:2)
You can't hang up on me because I hung up on you first!
You can't break up with me because I dumped you first.
It's like kindergarten all over again.
I know you are, but what am I?
Infinity plus one.
Nestle Secrets (Score:2)
Sad case (Score:1)
What revelations are left? (Score:2)
We already know Nestle is a corrupt evil pack of bastards; they've never really denied it.
SPIN SPIN SPIN (Score:2)
Anonymous - "We totally pwnd/hacked ..."
In 99% of cases means they found something that ... left open on the internet without appropriate access control. Which isn't to say its not valuable damaging data its just that the effort was OSINT and a little luck nothing especially technically challenging.
Nestle - "We were not hacked we exposed the data ourselves"
Right yes, you made a serious configuration error, the root cause of probably 99% that don't fall into the social engineering category. Someone else noti