7 famous secrets attacks and their horrific outcomes

Adam Cheriki, Co-founder & CTO, Entro
August 7, 2023

Secrets attacks are no joke. These sneaky intrusions can turn companies upside down, revealing confidential information faster than a magician pulls a rabbit out of a hat. Cybercriminals and hackers are constantly honing their skills, searching for vulnerabilities to exploit and sensitive data to expose.


So, let’s dive into the murky waters of cyber espionage and unveil some infamous secret attacks that have left a mark on cybersecurity history. From social media to e-commerce giants, no one is safe from the cunning and audacity of these breaches.


This article will explore some infamous secrets attacks that have left a mark on cybersecurity history and how companies can mitigate those risks with secrets management services.

1. The CVS Pharmacy chronicles

In a world where prescription secrets are meant to be closely guarded, hackers stumbled upon a virtual Pandora’s box. An unsecured database containing a staggering billion records whispered secrets that should have remained hush-hush. In a significant data breach, more than a billion records maintained by CVS Health, including the Aetna and CVS Pharmacy brands, were exposed online. The leaked data comprised search queries entered into the CVS.com and CVSHealth.com websites, revealing information about users’ medication searches, COVID-19 vaccine inquiries, and other personal health-related interests.


Experts warn that cybercriminals could potentially exploit this unsecured database by cross-referencing product data and email addresses to launch targeted phishing campaigns. The lack of password protection, inadequate identity access management, and a cloud-based misconfiguration issue were identified as the primary causes of the breach. The breach sent shockwaves through the pharmaceutical realm, leaving people wondering how such a massive secret stash was left unguarded.


2. The Clubhouse caper


In a recent incident that sent shockwaves through the digital world, Clubhouse, the popular audio-based social networking platform, found itself in hot water when news broke about a massive data leak. Approximately 1.3 million user records were exposed, leaving many Clubhouse users understandably concerned about the security of their personal information.


The leak of Clubhouse user data was taken place through web scraping. In this case, it seems that the data was obtained through the Clubhouse API, which is a set of rules and protocols that allow external developers to access certain data from the platform. The Clubhouse API was the secret that hackers used to gain access to the platform.


It’s important to note that Clubhouse has stated that they have not experienced a breach of their systems and that the data is already publicly available. However, the fact that such data can be accessed by anyone via the API raises concerns about the platform’s privacy stance and the potential risks to user privacy.


The leak, which occurred in April 2021, included a variety of user data such as names, user IDs, profile photos, and links to social media accounts. While sensitive information like passwords and financial details were not compromised, it still raised questions about the platform’s ability to protect user privacy and security.


3. The Slack Shenanigans


On the eve of the new year, Slack reported a security incident in which some of its confidential code that was stored on GitHub was accessed. The threat actor was able to steal Slack employee tokens. These tokens likely provided the attacker with elevated privileges, allowing them to access certain parts of Slack’s infrastructure. In the case of Slack security incident, the employee tokens were the secrets that were stolen by the threat actor. Employee tokens act as digital keys, granting specific privileges and access rights to certain parts of Slack’s systems.


The threat actor specifically targeted Slack’s external GitHub repository, which contains the company’s code. The attacker downloaded some of the company’s code from the GitHub repository. The extent of the code accessed by the threat actor is not specified in the reports. Once Slack became aware of the incident, they took immediate action. They invalidated the stolen tokens to prevent further unauthorized access.

4. The Samsung Spectacle

In a bizarre turn of events, Samsung has managed to misplace its cryptographic app-signing key, leaving it out in the open for potential outsiders to exploit. This critical digital signature verifies the authenticity of apps, ensuring they belong to their designated owners. The critical secret is the cryptographic app-signing key that Samsung uses to sign its applications. However, with the key now accessible to unauthorized parties, they can sneakily sign malware as genuine software and even release fake updates to spy on users and steal sensitive data.


What’s even more astonishing is that Samsung has apparently known about the leak since 2016 but has failed to take any action to replace the compromised keys. This security blunder means that millions of Samsung users are at risk of downloading untrusted and potentially dangerous apps, with no way to know if they are legitimate.

5. The ProQuality Solutions Predicament


ProQuality Solutions recently suffered a cyber-incident involving an unprotected database that exposed customer information of prominent U.S. retail companies, including Whole Foods and Skaggs. The leaked data amounted to a whopping 9.57 GB, comprising 82 million records from April 25th to July 30th. The incident highlighted the vulnerability of digital data across various systems, leaving it open to exploitation by cybercriminals.


This shows how cybercriminals could use exposed information, like partial credit card numbers, emails, and physical addresses, to launch social engineering attacks and steal more sensitive data, such as full payment details or Social Security numbers. Furthermore, they could utilize the leaked information in conjunction with other data from the dark web to gain access to individuals’ online profiles, health insurance portals, financial applications, and more.

6. The SolarWinds Sabotage


The SolarWinds malware attack, also known as Solorigate, was a large-scale cyber-espionage campaign that occurred throughout 2020 and was linked to suspected Russian-government-backed hackers. The attackers targeted the software vendor SolarWinds, inserting malware into its Orion network monitoring software. This tainted software was then distributed to around 18,000 organizations, including US federal agencies and companies.


The weakness exploited in this attack was the insertion of sophisticated backdoor malware into the SolarWinds Orion network monitoring software. This attack raised significant concerns about the security of software supply chains and the potential for sophisticated nation-state actors to exploit vulnerabilities in widely-used software for espionage and data theft purposes. The SolarWinds incident prompted heightened scrutiny and calls for increased cybersecurity measures to prevent and mitigate such large-scale attacks in the future.


7. The Microsoft Mayhem



In early January, Microsoft became aware of four zero-day vulnerabilities in their Exchange Server software. These vulnerabilities, known as ProxyLogon, allowed attackers to gain unauthorized access to servers and execute remote commands, potentially leading to data theft, server hijacking, and deployment of backdoors and malware.


Secrets in the context of a Microsoft attack refer to authentication credentials and cryptographic keys that were used to gain unauthorized access to systems. State-sponsored threat groups, including Hafnium from China, were found to be actively exploiting these vulnerabilities, targeting various organizations worldwide.


To make matters worse, after Microsoft released patches to address the vulnerabilities, there was a delay in the uptake of these fixes, leaving many servers still vulnerable. This situation raised concerns that it could have a widespread impact similar to the SolarWinds attack. The lack of prompt patching prompted Microsoft to investigate potential links between pre-patch attack code shared with cybersecurity partners and the observed increase in attacks.

Preventing secrets attacks

Preventing secrets attacks
Source: Unsplash

It is imperative for businesses to safeguard sensitive data in today’s digital landscape, where cyber threats lurk around every corner. No company wants to end up as the punchline of a cyber-attack joke. So, let’s dive into some key strategies companies can employ to prevent those secrets attacks and keep their reputations intact.

When it comes to protecting sensitive data, many companies believe that locking it away in digital vaults is enough to keep it safe from prying eyes. However, the reality is that relying solely on vaults and secure storage systems is not sufficient to prevent secret attacks from occurring.


While vaults provide storage at scale for secrets, they often overlook the potential dangers both from outside and within the company itself. Insider threats, whether deliberate or unintentional, pose a significant threat to data security. Employees with access to sensitive information can become unwitting accomplices or expose critical data through simple mistakes or misconfigurations.


To effectively prevent secrets attacks, companies need to adopt a holistic approach that goes beyond relying solely on secure storage, and that’s where Entro comes in.

Secrets management with context

These attacks, as unfortunate as they are, could have been prevented using a solution like Entro. In the case of the CVS Pharmacy breach, Entro’s fine-grained access controls could have prevented unauthorized access to the database, while its metadata capabilities would have provided valuable insights into the exposure of user data. In other incidents, Entro’s encryption, access controls, and metadata features could have significantly mitigated the risks associated with the breaches and helped organizations respond promptly to protect user privacy and security. The good news for you is that it’s not too late for your organization to leverage Entro and ensure you don’t become the next news headline.


With Entro, your secrets can finally find a haven. It integrates seamlessly with existing vaults while offering a holistic view of your secrets. Encryption, decryption, and fine-grained access controls based on user roles and permissions are just a few of the superpowers Entro possesses. It goes beyond the ordinary, enriching your secrets with metadata that provides meaningful context. You will know who created the secret, when it was created, and its last rotation date. It is like having a secret agent assigned to each secret, watching their every move.

But wait, there’s more! Entro doesn’t stop at scanning the surface. It dives deep into the secrets abyss, identifying potential threats and offering valuable insights into their origin, ownership, and associated risks. It’s like having a crystal ball that shows you what the secrets really are and what they mean. With this knowledge, you can take swift action, rotating secrets, updating access controls, and investigating potential security breaches. Entro doesn’t just prevent insider threats; it empowers you to become the hero your secrets need.

You may want to read more about:

Github puts secrets at risk

Azure vulnerabilities and your organization

The case of Neho’s misplaced keys

Reclaim control over your secrets

Get updates

All secret security right in your inbox

Want full security oversight?

See the Entro platform in action