3rd Party Supply Chain Security in the Tank

Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer

Nicole Eagan, the CEO of cybersecurity company Darktrace, told attendees at an event in London on Thursday how cybercriminals hacked an unnamed casino through its Internet-connected thermometer in an aquarium in the lobby of the casino.

According to what Eagan claimed, the hackers exploited a vulnerability in the thermostat to get a foothold in the network. Once there, they managed to access the high-roller database of gamblers and “then pulled it back across the network, out the thermostat, and up to the cloud.”
(Via Hacker News)

I didn’t get a chance to write about this when it came out, but it’s dissemination came at an opportune moment. About 1 hour earlier I was using the Target breach as an example of third-party risks.

This story made an excellent follow-up.

Also on:

This site uses Akismet to reduce spam. Learn how your comment data is processed.