Hackers allegedly breached a Viz Media vice-president’s corporate Google Account, stealing 250GB of sensitive data, including emails, NDAs, licensing agreements, employee credentials (social security numbers), future business plans, invoices, and royalty statements. The breach was announced on an underground data leak forum, where hackers offered the stolen data for sale (minimum price: five figures). Initial access was likely gained via social engineering, compromising a single executive’s account but granting access to corporate Google Drive, Gmail, internal dashboards, and Mediabox’s royalty-management system. Researchers warned the stolen data could enable further phishing attacks against partners or deeper system compromises. While Viz Media has not confirmed the full scope, the breach exposed employee PII (personally identifiable information), financial records, and proprietary business documents. The company’s Twitter/X account was previously hacked in January, raising concerns about recurring vulnerabilities. Viz Media is investigating but has not disclosed whether customer data was also affected. The attack highlights risks of insider-targeted social engineering leading to large-scale corporate espionage and data theft.
TPRM report: https://www.rankiteo.com/company/viz-media
"id": "viz0704307110425",
"linkid": "viz-media",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'publishing (manga)',
'location': 'United States',
'name': 'Viz Media',
'type': 'private company'}],
'attack_vector': ['social engineering', 'credential theft'],
'data_breach': {'data_exfiltration': '250GB+ of data allegedly stolen',
'personally_identifiable_information': ['employee social '
'security numbers',
'employee credentials',
'e-mails (potentially '
'containing PII)'],
'sensitivity_of_data': 'high (includes SSNs, NDAs, and '
'internal business plans)',
'type_of_data_compromised': ['corporate communications',
'legal documents',
'personal identifiable '
'information (PII)',
'financial records',
'business strategies']},
'date_publicly_disclosed': '2023-10-30',
'description': 'Hackers claimed to have stolen over 250GB of corporate data '
'from a vice-president at Viz Media, a U.S. manga publisher. '
'The compromised data includes e-mails, NDAs, employee '
'credentials, personal information (e.g., SSNs), licensing '
'agreements, future business plans, invoices, and royalty '
'statements. The breach was announced on an underground data '
'leak forum, with access to a corporate Google Account '
'(including Google Drive, Gmail, and internal dashboards) '
'allegedly sold for a minimum of $100,000. The incident may '
'have originated from a social engineering attack targeting a '
'senior executive.',
'impact': {'brand_reputation_impact': 'potential (due to public disclosure '
'and sensitive data exposure)',
'data_compromised': ['e-mails',
'non-disclosure agreements (NDAs)',
'licensing agreements',
'employee credentials',
'future business plans',
'employee social security numbers',
'invoices',
'royalty statements'],
'identity_theft_risk': 'high (SSNs and personal data exposed)',
'systems_affected': ['corporate Google Account',
'Google Drive',
'Gmail',
'internal dashboard',
'Mediabox royalty-management dashboard']},
'initial_access_broker': {'data_sold_on_dark_web': 'yes (on underground '
'forum; partial data '
'posted as proof)',
'entry_point': 'corporate Google Account (via '
'social engineering)',
'high_value_targets': ['executive vice-president',
'internal dashboards (e.g., '
'Mediabox '
'royalty-management)']},
'investigation_status': 'ongoing (company aware but no public updates)',
'motivation': ['financial gain (data sale)',
'potential follow-on attacks (e.g., phishing)'],
'post_incident_analysis': {'root_causes': ['likely social engineering '
'targeting a senior executive']},
'ransomware': {'data_exfiltration': 'yes (claimed)'},
'recommendations': ['Catalog compromised data to assess scope and mitigate '
'further risks (e.g., phishing attacks on partners).',
'Investigate the initial access vector (e.g., social '
'engineering) to prevent recurrence.',
'Monitor dark web forums for further data leaks or sales.',
'Enhance executive-level cybersecurity training to '
'prevent credential theft.'],
'references': [{'date_accessed': '2023-10-30',
'source': 'CyberNews (Vilius Petkauskas)'},
{'source': 'Security Daily Review'},
{'source': 'Anime News Network (ANN)'}],
'response': {'incident_response_plan_activated': 'under investigation (no '
'public confirmation)'},
'threat_actor': ['initial access brokers',
'cybercriminals (unknown specific group)'],
'title': 'Alleged Data Breach at Viz Media Involving 250GB of Stolen '
'Corporate Data',
'type': ['data breach', 'unauthorized access', 'social engineering']}