Cylance Confirms Data Breach Connected to Unnamed Third-Party Service

Published on June 11, 2024
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

Cybersecurity company Cylance confirmed the legitimacy of a trove of data currently sold on a hacking forum but said the access point was a third-party service that has not been named. BlackBerry Cylance says the hacker owns old marketing data from a previous third-party data breach dating from before BlackBerry acquired Cylance.

A threat actor known as Sp1d3r is allegedly selling data belonging to Cylance customers, partners, and employees for $750,000. Data includes 34 million customer, prospect, and employee emails, Cylance partners and users lists, customer and email and personally identifiable information, products used by organizations, and sales prospects lists complete with activity status.

Cylance Leaked Data
Image Source: Dark Web Informer

BlackBerry Cylance is investigating the threat actor's claims, stating: “Based on our investigation to date, we do not believe that BlackBerry data and systems related to our customers, products, and operations have been compromised.

The statement mentions current Cylance customers are not impacted, and no sensitive information is involved, while “the data in question was accessed from a third-party platform unrelated to BlackBerry and appears to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio.” 

However, the same threat actor is also selling an alleged 3TB of data from automotive aftermarket parts provider Advance Auto Parts obtained from a breach of the company's Snowflake account – and Cylance is also a Snowflake customer, which may be an indicator of who the unnamed third party is.

The number of affected companies using Snowflake environments hasn’t been disclosed until now. However, incident response firm Mandiant says approximately 165 companies may have had their data stolen through the use of leaked credentials of Snowflake customer accounts without multi-factor authentication (MFA) exposed via several info-stealer malware variants.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: