The hackers that stole a large cache of data from Madison Square Garden called a low level employee and tricked them into letting the hackers into MSG\u2019s systems, according to the hackers and 404 Media\u2019s review of the stolen data.The breach highlights the risk of social engineering over voice calls, sometimes called \u2018vishing\u2019. Whereas phishing, where hackers social engineer someone over email or send them a fake login page, has been common for decades, vishing has only become prevalent more recently, especially as young and native English speaking hackers have become a serious cybersecurity threat.\ud83d\udca1Do you know anything else about this hack or others? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.\u201cEmployee vishing on their Microsoft Entra,\u201d a member of the hacking group behind the MSG breach, called ShinyHunters, told 404 Media when asked to explain how the group got in. Microsoft Entra is Microsoft\u2019s identity management product, similar to Okta, which lets employees log into whatever tools or services they need to at work.Last week 404 Media reported hackers had uploaded data stolen from MSG. A sample 404 Media reviewed at the time included files mentioning Knicks-related personalities, with fields such as \u201caddress,\u201d \u201cclaim to fame,\u201d and \u201ccost of talent.\u201d In some cases the data included a risk score for certain celebrities, with actor, director and Knicks fan Ben Stiller described as \u201cLow Risk\u201d and rapper Boogie with da Hoodie marked \u201cHigh Risk.\u201dSince then 404 Media downloaded the full 45GB data dump and found the contents of a specific MSG employee\u2019s OneDrive. It included work documents, photos, screenshots, and other attachments. A folder called \u201cPersonal,\u201d contained the employee\u2019s W-2 form, which included their name and other personal information. This indicated that the breach may have originated from this specific employee. 404 Media found a LinkedIn profile under the same name showing this person worked at MSG. 404 Media is not naming the employee for their privacy.404 Media then asked a member of ShinyHunters how the group breached MSG. The member provided this employee\u2019s name.When 404 Media asked the ShinyHunters member to elaborate on how the group compromised MSG, they pointed to a May blog post from Microsoft, which they said was \u201cabout us.\u201d That post described what Microsoft called a \u201cmethodical, sophisticated, and multi-layered attack.\u201d It details another attack\u2014the blog post was published May 18 and the ShinyHunters member said the MSG hack happened on June 5\u2014but there are similarities.The Microsoft blog post says hackers first targeted specific people to get their Microsoft Entra credentials. The hackers started the Self-Service Password Reset (SSPR) process, and then tricked users into completing the multifactor authentication prompts that appear legitimate, Microsoft said. \u201cFor example, the threat actor might impersonate an internal information technology (IT) support representative and contact the user claiming that their account requires urgent verification, instructing them to approve MFA prompts as part of a routine password reset procedure,\u201d the blog post reads.\u00a0Once in, the hackers can then pivot onto other apps or systems where data may be stored. In MSG\u2019s case, the dump includes data taken from a SharePoint instance, Microsoft\u2019s sharing and collaboration platform.The ShinyHunters member didn\u2019t elaborate beyond the blog post, but told 404 Media: \u201c\u200b\u200bWe called the employee and had them do the SSPR process,\u201d referring specifically to the MSG hack.\u00a0Law firm Morgan and Morgan has filed a class action lawsuit related to the breach, arguing MSG\u2019s surveillance of visitors led to it. When asked if ShinyHunters targeted MSG because of the venue\u2019s surveillance practices, the member said, \u201cYes we thought they would pay for that reason but they surprisingly did not.\u201dMSG did not respond to a request for comment.404 Media reported this week the data dump contained a dossier on activists who had opposed MSG\u2019s facial recognition program.<\/p>\n","protected":false},"excerpt":{"rendered":"