Japanese government official says Olympic ticket data leaked

Update: A spokesperson for the Tokyo Games said that after an investigation they confirmed that this was not a leak from Tokyo 2020's system.
Written by Jonathan Greig, Contributor

Update: In a statement to ZDNet, a spokesperson from the Tokyo 2020 International Communications Team said that the initial statement from a Japanese government official was incorrect. 

"We are aware of the incident and, after checking the facts, we can confirm that this was not a leak from Tokyo 2020's system," the spokesperson said. 

"While we have been liaising with the government and other relevant organizations on a regular basis, we have already taken measures in the form of password resets to limit any damage for the very limited number of IDs detected in this case based on the information supplied by the government."

Previously: A government official told Kyodo News on Wednesday that login IDs and passwords for the Tokyo Olympic ticket portal had been posted to a leak website following a breach.

The official said the leak was "not large" but admitted that the IDs and passwords would give someone access to a person's name, address, bank account information and more.

Speaking anonymously, the government source said the body organizing the Games has launched an investigation. The leak also included names, addresses and bank account information of people who bought tickets to the Paralympics as well as another portal for volunteers. They did not say how many accounts had been leaked. 

Some online disputed the claims that there was a breach. Twitter user pancak3 located accounts for those registration sites on Dark Web markets and said "there are no postings on any of the forums showing direct information leaks.

He went on to explain to ZDNet that the data was not connected to a breach but instead was the result of attacks using the RedLine malware and other info stealers. The Olympic Committee in Japan did not respond to requests for comment. 

The news came one day after the FBI released a private industry alert urging organizations working with the Tokyo 2020 Summer Olympics to prepare for a wave of "DDoS attacks, ransomware, social engineering, phishing campaigns, or insider threats to block or disrupt live broadcasts of the event, steal and possibly hack and leak or hold hostage sensitive data, or impact public or private digital infrastructure supporting the Olympics."

"Malicious activity could disrupt multiple functions, including media broadcasting environments, hospitality, transit, ticketing, or security," the FBI notice said on Tuesday. "The FBI to date is not aware of any specific cyber threat against these Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments."

The notice goes on to reference the Pyeongchang cyberattack that took place during the last Olympics in February 2018, where Russian hackers deployed the OlympicDestroyer malware and damaged web servers during the opening ceremony.

The hackers "obfuscated the true source of the malware by emulating code used by a North Korean group, creating the potential for misattribution," according to the notice. In October, the Justice Department indicted six Russian intelligence operatives for the attack on the Pyeongchang Games. 

In addition to widespread spearphishing campaigns and more targeted at Olympic officials in Japan, the notice also warns of potential attacks on "hotels, mass transit providers, ticketing services, event security infrastructure or similar Olympics support functions."

The FBI added that two months ago, Japanese IT giant Fujitsu reported a breach that leaked data from many of its government clients including the Tokyo 2020 Organizing Committee and the Japanese Ministry of Land, Infrastructure, Transport, and Tourism.

In October, the UK released a similar warning explicitly naming the Russian government as backers of a widespread campaign to launch attacks against the coming Olympic Games. 

Foreign Secretary Dominic Raab said Russia's military intelligence service, the GRU, was conducting "cyber reconnaissance" against officials and organizations at the 2020 Olympic and Paralympic Games. He added that the GRU's actions against the Olympic and Paralympic Games were "cynical and reckless."

Tony Cole, CTO of Attivo Networks, said that in discussions with Olympic organizers focused on cyberdefense in Rio 2016 and Tokyo 2021, some told him that even years of preparation may not be enough to protect everything.   

"Well-resourced and determined adversaries will find a path into the environment sooner or later, so early detection is the key to countering these attacks and mitigating possible impacts,"  Cole said. 

Editorial standards