Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Nestle: Anonymous Can't Hack Us, We Leaked Our Own Data (gizmodo.com) 51

An anonymous reader quotes a report from Gizmodo: A hacker group claims to have stolen and leaked a trove of Nestle's data. The company says that can't possibly be true. Why? Because the data was actually leaked by Nestle itself several weeks ago. In emails to Gizmodo, a Nestle spokesperson disavowed allegations from the hacktivist collective Anonymous, which claimed this week to have stolen and leaked a 10 gigabyte tranche from the global food and beverage conglomerate. Anonymous said it was punishing Nestle for its reticence to withdraw from Russia, as a host of other major companies have done. The data, which Anonymous said included internal emails, passwords, and information on Nestle's customers, was posted to the web on Tuesday.

But, according to Nestle, Anonymous is full of it. A spokesperson told Gizmodo, "This recent claim of a cyber-attack against Nestle and subsequent data leak has no foundation." The spokesperson explained that the trove of data floating around the web was, in fact, the product of a mistake the company made earlier this year: "It relates to a case from February, when some randomized and predominantly publicly available test data of a B2B nature was made accessible unintentionally online for a short period of time." [...] In a follow-up email, the same company spokesperson explained that the data, some of which was already public and some of which was not, had been accidentally published to the open internet for multiple weeks. According to the spokesperson: "Some predominantly publicly-available data (e.g., company names and company addresses and some business email addresses) was erroneously made available on the web for a limited period of time (a few weeks). It was detected by our security team at the time and the appropriate review was carried out. The data was prepared for a B2B test website to perform some functionality checks."
Nestle on Wednesday said it planned to partly scale back its operations in Russia, continuing to provide "essential food, such as infant food and medical/hospital nutrition."
This discussion has been archived. No new comments can be posted.

Nestle: Anonymous Can't Hack Us, We Leaked Our Own Data

Comments Filter:
  • Right. Good job at BS.
    • Nestle has no ethics or morals, or even good food. But most of us still eat their shit. They could literally send food to Russia's military and nothing at all will happen to them. If Nestlé went away, so would half the products at the grocery store.

      • by DVLNSD ( 9457327 )
        I've been avoiding Nestle's products for years. They don't take up that much of the shelf space. Maybe it's different in other countries.
        • They take up quite a bit of shelf space here in the US. It's not just the Nestle brand itself, they own a bunch of other brands as well. Some that people will be familiar with:

          Carnation (milk products)
          Ovaltine
          Sweet Leaf Tea
          Blue Bottle Coffee
          Taster's Choice
          Perrier
          San Pellegrino
          After Eight (mints)
          Buitoni
          California Pizza Kitchen (packaged food)
          DiGiorno
          Hot Pockets
          Jack's Pizza
          Lean Cuisine
          Stouffer's
          Tombstone Pizza
          Dreyer's
          Häagen-Dazs
          Outshine (fruit bars)
          Boost (nutritional drinks)
          Optifast
          G

          • by DVLNSD ( 9457327 )
            From that list I've seen Perrier, San Pellegrino, Gerber, Purina (Alpo, Beneful, Fancy Feast, Friskies, Cat Chow, Dog Chow), Maggi. For all of those there are better alternatives. But I guess it depends on country you are in.
    • Incompetence is not "hacking" yourself anymore than accessing publicly accessible information is "hacking". I know the term isn't used the way it was in the past, but at least you could use it the way it's used now.

  • ... and in order to hand out proper punishment for their negligence, burn the only copy of the crypto-wallet key they send the ransom to. Sounds efficient.
  • by ochinko ( 19311 ) on Thursday March 24, 2022 @05:20PM (#62387477)

    "Actually, we are much more incompetent than that."

    • by fermion ( 181285 )
      Whatever else Nestle might be, they are not incompetent. They have leveraged the Swiss mystique into deflecting any number of scandals. For instance, for 50 years they have been marketing baby formula to mothers in areas without clean water. These mothers also could not afford formula, but were told it was way better, so many diluted it and feed it to their babies. The end result was that babies died. But nestle is the expert in PR, so they just said our bad.
      • How is that nestles fault if the mothers diluted with bad water?
        • Because they knew that this would be the outcome and yet they highly advertised in those areas that their baby formula was much better than breast feeding.
          • by Arethan ( 223197 )

            Because they knew that this would be the outcome

            You seem to be granting Nestle some significant super powers right there. I'd be more willing to bet they thought they had found a ripe market, but didn't realize the potential repercussions of their actions until it was already done after several years had passed.

            Humans are greedy and lazy, and they make up 100% of the meat-space of all companies on the planet. What some people claim is malice is most likely just plain ignorance.

            • No they didn't need any superpowers to know that selling baby formula that you need to mix with water to a part of the world where there exists no clean water as "much better and safer than breast feeding". It was also pointed out to Nestle back in 1975 when the "The Baby Killer" report was released, Nestle still to this day continues this practice. So if they have a superpower it's being ignorant and greedy.
        • by Whibla ( 210729 )

          How is that nestles fault if the mothers diluted with bad water?

          Strictly it's not, but parent is misrepresenting their 'misdemeanour'

          1a. Nestle gave away free samples of infant formula at maternity clinics, and told the mothers it was better for their children (the first one is free.)
          1b. Since they were no longer breast feeding the mothers stopped lactating.
          2a. Nestle then started charging these mothers for formula milk.
          2b. Having no choice but to buy formula in order to feed their children further poverty, with all the consequences that follow from that, resulted.
          3. Ne

      • I wouldn't say that they managed to completely avoid that scandal, over here in Europe I remember that many people boycotted Nestle for this very reason in the 90:ies.
    • by gweihir ( 88907 )

      Leaking test-data? No. That is a minor thing. Thinking test-data is life-data? _That_ is grossly incompetent. These "hackers" have a ton of egg on their faces.

    • They didn't kick us in the balls, we kicked ourselves in the balls!
  • Not that anyone is going to believe it.
    • Believing that they're that incompetent? Let's just say it's not exactly unbelievable.

      Hack or no hack, that "can't hack us" title alone, will pretty much guarantee an attack by tomorrow's news.

  • "I know you are, but what am I?".
  • This seems like they are simply too incompetent to keep their data contained within their own systems which is far worse than just having bad security.

    If anything, this is a self-own.

    • by gweihir ( 88907 )

      Nestle is publicly traded. They would have a massive problem if they lied here. Very likely, this is just the plain truth and the "hackers" are the incompetent ones.

      • by kellin ( 28417 )

        If anything, Anonymous has shown they aren't incompetent. But who knows really what happened...

      • How are the hackers "incompetent", it's quite clear that they managed to get their hands on the data during the "brief period" that Nestle accidentally made the data publicly available on one of their test servers. Discovering that this was the case is not different from discovering that e.g their site is vulnerable to some sql injection.
        • by gweihir ( 88907 )

          This is _test_ data...

          • Your test data contains real names, addresses, and passwords. Good job.
            • I hear it's a new kind of "deep" data. You know, for these advanced self-hacks.

              So fake it's practically real.

            • by gweihir ( 88907 )

              Are you sure? That would be a major policy violation in many cases.

              Nestle call it "randomized and predominantly publicly available test data of a B2B nature", which would indicate there are names, addresses and passwords in there, but they are publicly available anyways and the passwords are fake and do nothing (or allow you into some test system only).

      • Nestle is publicly traded. They would have a massive problem if they lied here. Very likely, this is just the plain truth and the "hackers" are the incompetent ones.

        A publicly traded company just freely admitted a royal fuck-up that leaked their own data. Forget the "hacker" story, that's not exactly something you would expect to boost stock price. Not to mention slapping a "can't hack us" title on an article bragging to one of the most notorious hacking groups on the planet. Poking the bear, isn't the best way to avoid a bear attack.

        Nothing quite like the sheer entertainment value of watching a moronic PR department shoot themselves in the foot. I'm shocked this t

        • by gweihir ( 88907 )

          Nestle is publicly traded. They would have a massive problem if they lied here. Very likely, this is just the plain truth and the "hackers" are the incompetent ones.

          A publicly traded company just freely admitted a royal fuck-up that leaked their own data.

          They did not. They admitted to leaking "randomized and predominantly publicly available test data of a B2B nature", which is fundamentally different. With good processes, test data looks real, but it is not wherever it does contain data not already publicly available.

  • Monthly release mountains of faked "internal" data, nobody would ever know when the real stuff shows up.
  • According to that dipshit midwestern Governer Whatsit that is trying to file charges against some guy for basically "viewing source" on a website, this would still be a hack. In fact, I am hacking every site I visit so in a way I am the master hacker of all time, or I guess almost every human in the country is.
  • Looks like some Russian rubbed off on them.

  • Admitting that you have a problem is the first step to recovery.

  • I can see a few corporate mouthpieces losing their jobs along with those charged with protecting this data. "We did this too ourselves intentionally" is the dumbest infosec excuse I've seen in a long time.

  • There's nothing wrong with providing food for people. Fuck all the propaganda
  • Nestle on Wednesday said it planned to partly scale back its operations in Russia, continuing to provide "essential food, such as infant food and medical/hospital nutrition."

    Hmm... Nestle should post something like this: "We want the children of Russia to know that the reason they cannot have any more Nestle sweets is because their President has been a very bad boy."

    • here is a compromise: Russia allow humanitarian aid to Maripul, and Nestle allow infant formula to mothers in Russia.
      • by Arethan ( 223197 )

        Here is a compromise: Americans, let's stop getting ourselves involved in extra-curricular wars at the whims of our "representatives" (and the military industrial complex that bought them)

        As tragic as it is, the situation in Ukraine isn't our particular business outside of our existing NATO agreements, of which Ukraine is not a current member. We have no good reason to be delivering truckloads of weapons over to the Ukrainians other than to politically thumb our noses toward Russia - it's just a stupid game

  • You can't hang up on me because I hung up on you first!

    You can't break up with me because I dumped you first.

    It's like kindergarten all over again.

    I know you are, but what am I?

    Infinity plus one.

  • Nestle's main business concern was it had not been able to increase the prices on all its products, in all markets as much as it needed to please shareholders. Maybe 7% per year , compounding! A bit like Kelloggs corn flakes price which also seem too high relative to the farmer price. Then you see biscuits and Mars bars shrinking in size/weight. The solution is do not buy brand names .
  • Sad case or corporate trying to hide it by blatant LIES. Well have fun with all German related Corps going like that soon....
  • We already know Nestle is a corrupt evil pack of bastards; they've never really denied it.

  • Anonymous - "We totally pwnd/hacked ..."

    In 99% of cases means they found something that ... left open on the internet without appropriate access control. Which isn't to say its not valuable damaging data its just that the effort was OSINT and a little luck nothing especially technically challenging.

    Nestle - "We were not hacked we exposed the data ourselves"

    Right yes, you made a serious configuration error, the root cause of probably 99% that don't fall into the social engineering category. Someone else noti

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...