Cyber Incident Victim: Spirol International
Date:
Feb 2014
Location:
United States of America
Summary
A cybercriminal group named DeleteSec breached a manufacturer and distributor of industrial components via SQL injection targeting its news section, compromising sensitive data including email addresses of approximately 70,000 customers, with 886 records containing passwords. The leak also exposed 31,123 company names and 26,856 associated email addresses, including major automotive and aerospace firms. Clear-text credentials for 96 user accounts were additionally disclosed. The attackers claimed the victim organization was aware of the intrusion prior to the data publication but proceeded with the leak after allegedly receiving legal threats. The company's website became inaccessible following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 21, 2014, the hacker group DeleteSec publicly disclosed a breach of SPIROL International, a manufacturer and distributor of industrial components operating in the US and Europe. The attackers exploited an SQL Injection vulnerability in the news section of SPIROL's website to gain unauthorized access to internal systems. This compromise resulted in the exfiltration of sensitive customer data, including email addresses and passwords. Analysis by Cyber War News confirmed the leaked dataset contained email addresses for over 70,000 SPIROL customers, with 886 records including associated passwords stored in clear text. Additionally, the breach exposed information pertaining to 31,123 corporate entities, including major manufacturers such as Ford, General Motors, Boeing, Tesla, and Harley-Davidson. A subset of 96 records containing usernames, email addresses, and corresponding plaintext passwords was also identified within the leaked files. DeleteSec claimed SPIROL had discovered the breach prior to the data publication but opted to threaten legal action against the hackers rather than negotiate. The group cited these threats of arrest as their motivation for publicly releasing the stolen data.
The breach prompted immediate operational disruptions, with SPIROL's website becoming inaccessible following the disclosure, suggesting organizational awareness of the incident. The exposure of clear-text passwords created significant credential compromise risks for affected individuals, while the inclusion of corporate client information raised concerns about potential supply chain targeting. The SQL Injection attack vector indicated inadequate security controls around SPIROL's web applications at the time of intrusion. No public statements from SPIROL regarding containment measures, forensic investigations, or customer notifications were documented in the immediate aftermath, though the website outage implied incident response activities were underway. The data's publication on hacker forums established permanent availability of sensitive customer and corporate information, with no evidence suggesting recovery or deletion of the leaked datasets.