The stormous threat actor has compromised various sensitive data, including partially hidden user emails, OAuth and JWT tokens, login links for internal systems, session cookies, and identity and access information such as email, profile, VIN, and phone details, along with authentication and access control parameters like redirect_uri, state, and nonce. This incident impacts Germany.
Incident Details
Information
- Partial user account data including emails
- Authentication tokens such as OAuth tokens and JWT tokens
- Login links for internal systems, for example, https://identity.vwgroup.io
- Session cookies, including JSESSIONID and others
- Identity and access information, such as scopes like email, profile, vin, phone, etc.
- Authentication and access control details, including redirect_uri, state, and nonce
Disclaimer: This post is based on public claims made by the ransomware group "stormous". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.