The Target: Schneider Electric is a French multinational company that manufactures energy and automation products ranging from household electrical components found in big box stores to enterprise-level industrial control and building automation products.
The Take: The threat actors claim that the stolen data includes 75,000 unique email addresses and full names for Schneider Electric employees and customers.
The Vector: The threat actor said they breached Schneider Electric's Jira server using exposed credentials. Once they gained access, they claimed to use a MiniOrange REST API to scrape 400k rows of user data.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.