Penta Security Inc. > Blog > [Security News] Korea Telecom, KT Hacking Scandal: Server Auto-Deleted During Subscription Transition

[Security News] Korea Telecom, KT Hacking Scandal: Server Auto-Deleted During Subscription Transition

2025-09-10 Blog
korea telecom breach

10th September 2025

Korea Telecom, KT Hacking Scandal: Server Auto-Deleted During Subscription Transition

Koreans are raising concerns that KT intentionally destroyed a server after it became aware of suspected hacking. However, an investigation revealed that the server in question was a virtual machine (VM)-based on-premises solution for which KT was paying a license fee. KT decommissioned the server as part of its move to switch from an on-premises solution to a subscription-based model for cost-efficiency. This evidence makes it difficult to conclude that KT intentionally destroyed the server. On the other hand, experts believe there is a high possibility that the leaked certificates were not obtained through a direct intrusion into KT’s network but were exposed through other means, such as an external developer’s PC.

Source: ETNews

 

Qualys Data Breach From Salesloft Drift Attack

Qualys has confirmed it was impacted by the Salesloft Drift marketing platform, resulting in unauthorized access to a portion of its Salesforce data. According to the company, the attackers successfully stole OAuth authentication tokens that connected the Drift application to Qualys’s Salesforce instance. The company confirmed in its statement that the attack did not compromise its foundational security infrastructure. There was no impact on the Qualys production environments, including its shared and private platforms, codebase, or any customer data hosted on the Qualys Cloud Platform.

Source: Infosecurity Magazine, Cyber Press

 

OnTrac Data Breach Exposes 40,000 Records

A data breach at the U.S. delivery company, OnTrac, has exposed the personal records of over 40,000 customers. The breach, which occurred between April 13 and 15, 2025, compromised sensitive information including names, dates of birth, Social Security numbers, driver’s licenses, and medical information. This type of data is particularly valuable to hackers for identity theft, fraudulent insurance claims, and other malicious activities. Company offered 12 months of free credit monitoring to the affected individuals. Security experts recommend freezing credit and using a personal data removal service for this incident.

Source: Fox News

 

Workiva Data Breach After Salesforce Attack

A third-party CRM system caused a data breach at cloud-based SaaS provider Workiva. Attackers stole business contact information, including names, email addresses, phone numbers, and support ticket content. However, the attack did not compromise the Workiva platform itself. The incident is linked to a wave of Salesforce data breaches by the ShinyHunters extortion group, which has also impacted other high-profile companies. The group has been using various methods, including voice phishing and exploiting a Salesloft’s Drift AI chat integration with Salesforce, to gain unauthorized access and steal sensitive information.

Source: Bleeping Computer, SC Media

 

 

Click here to subscribe our Newsletter

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D.AMO

Click here for inquiries regarding the partner system of Penta Security

 

Check out the product lines of  Cloudbric by Penta Security:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

Click here for inquiries regarding the partner system of Cloudbric

 

Tags: