Naruto, Sailor Moon US publisher’s Google Drive breached, attackers claim
A senior employee of Viz Media, America’s largest anime and manga publisher, was allegedly compromised by hackers. The attack resulted in them downloading hundreds of gigabytes of corporate data, including employee credentials.
The attackers announced the attack on an underground data leak forum that’s often utilized by initial access brokers, a subset of cybercriminals who trade access keys to companies. They claim to have accessed the company’s vice president’s account and stolen over 250GB of sensitive data.
We have reached out to Viz Media for comment and will update the article once we receive a reply.
Viz Media is the largest graphic novel publisher in the US and is owned by the Japanese production company Shogakukan-Shueisha Productions. Viz Media titles include hits like Naruto, Demon Slayer, Death Note, Sailor Moon, and many more.
Meanwhile, the Cybernews research team investigated the attackers’ post, noting that they likely penetrated a single person’s account, which, since the target is a very senior person in the company, granted them broad access to the company systems.
“It could’ve been that this person fell victim to a social engineering attack leading to unauthorized access to the company’s internal systems,” our researchers said.
The team noted that the compromised employee clearly had access to a significant amount of privileged company data and resources. Therefore, Viz Media needs to react quickly and catalog what data was compromised by the attackers.
“The exfiltration alone could be used to compromise more systems within the company, leading to convincing phishing messages to the company's partners,” our team said.
The data sample provided by the attackers suggests that they had access to numerous sensitive company systems, including corporate Google Drive, Gmail accounts, Viz Media’s internal dashboard, compromised employees’ IDs, and access to Mediabox's royalty-management dashboard.
They claim they have syphoned extremely sensitive corporate details, including:
- All emails
- NDA’s
- Licencing agreements
- Employee credentials
- Business plans
- Employee Social Security numbers
Needless to say, malicious actors can inflict significant financial and reputational damage when they have access to this type of data.
However, the post’s author only posted a data sample and is attempting to sell the rest of the data and access for an undisclosed five-figure sum.
If confirmed, the attack would be a clear example of the importance of access management and why attackers often focus their efforts on high-ranking corporate employees with extensive access to company systems. Compromising one individual can open doors to numerous sensitive systems.
San Francisco-headquartered Viz Media claims to be the most popular manga destination in America and the prime distributor of prestigious anime brands in the industry. Public records indicate that the company’s revenue ranges between $40 million and $100 million, with over 300 employees under its umbrella.
Unlock more exclusive Cybernews content on YouTube.
