14 DAY TRIAL // The servers of Tobasco.be and Z-Staffing.org have been breached by an entity operating under the name of Rex Mundi, which extracted sensitive information about job applicants and published it online.
In a set of messages over Twitter, the hacker(s) announced on Wednesday that they would be leaking the stolen information. The details have indeed been published on Dpaste.de, an online clipboard for anonymous posts similar to the more popular Pastebin.
Sensitive client data was unprotected
It appears that Rex Mundi (@rexmundi14) has contacted the administrators of the two websites and demanded monetary compensation for not making the data public (thousands of records). However, none of the two met their demands and the outfit spilled the data on Friday.
At the moment, none of the text snippets containing the leaks are available at the locations indicated by the hackers.
The information is of highly sensitive nature, as registering for an account on the websites required providing personal data such as telephone number, full address, email, national number (~SSN), date and place of birth, tax code, and bank account number.
More worryingly, all this data was sent to the database in an unencrypted form, as SSL connection was not supported. The two websites are offline right now, most certainly for forensic and maintenance activity that would hopefully make them more secure.
Through their Twitter account, which seems to have been created specifically for the purpose of announcing these incidents, Rex Mundi informs that they also breached the systems of Xtra-Interim, a temporary staffing agency (offline at the moment), and Novation, a website building company that made the sites for both Tobasco and Z-Staffing.
Data has also been stolen and a threat to release it has been made privately to company officials, unless a ransom of €5,000 / $6,200 was paid.
These are not the first or the last Rex Mundi incidents
This is not the first time Rex Mundi makes headlines, although it appears that there are multiple individuals working under similar monikers, much like the Anonymous hacker outfit.
In a tweet on Saturday, it was said that there was no connection between the current entity that attacked Tobasco and Z-Staffing, and @Anon_RexMundi, which also seems to be involved in similar types of attack.
There is no information on the real identity of the Rex Mundi hacker(s), but based on their targets, security experts speculate that it is very likely that they are French speakers, as many hackers stick to their language, an article in DeMorgen explains (Google Translate).
The purpose of the attacks is purely financial, as after the intrusion a ransom is demanded for not divulging the stolen data.
In June, a similar incident aimed at Domino’s Pizza in Belgium and France, with more than 650,000 customer records being exfiltrated by RexMundi_Anon (account has been suspended). €30,000 / $37,400 was demanded in exchange at the time. It is unclear whether the same entity was responsible for that incident as the one involved in the current cyber-extortions.
We of course offered a deal to both Xtra-Interim and Novation in order not to release their data in exchange for 5K EUR.
— Rex Mundi (@rexmundi14) December 12, 2014
Our @Z_staffing #leak is here: https://t.co/AkfczaIKwH #hack #rexmundi
— Rex Mundi (@rexmundi14) December 12, 2014
And here are the personal details of the people who applied for a job through Tobasco.be: https://t.co/MUpsZoC2qU
— Rex Mundi (@rexmundi14) December 12, 2014
