In a breach with an unusual twist – and a sign that identity security may have been left to loaf – hackers recently demanded Schneider Electric pay a $125,000 ransom… in baguettes.
Behind the quirky ransom demand lay a serious security incident: attackers infiltrated Schneider Electric’s Atlassian Jira system, leveraging exposed credentials and an unsecured REST API to extract 40GB of sensitive project data and 400,000 user records. The breach highlighted critical vulnerabilities in identity security, particularly in the management of non-human identities (NHIs) like service accounts and API keys.
By leveraging exposed credentials and an unsecured API, the attackers revealed just how vulnerable automated systems and tools can be when NHI protections are lacking.
Here’s how DevSecOps teams can strengthen their security posture and avoid similar breaches by 1) reducing reliance on static credentials, 2) enforcing strict API security measures, and 3) better securing access to development platforms.
1) Adopt Secretless Access and Conditional Policies for Enhanced Security
The Schneider breach underscores the need to reduce reliance on static credentials, which attackers can exploit when left exposed or outdated. By shifting to secretless access models and conditional access policies, organizations can minimize their attack surface for non-human identities (NHIs) without relying on traditional credential management alone.
Secretless access leverages identity-based access, removing the need for static tokens, passwords, or keys for NHIs. With secretless models, non-human identities are authenticated through dynamic policies and identity verification, instead of relying on credentials that must be manually rotated or stored. This drastically reduces the risk of credential leakage and removes the need for extensive management processes, as access is granted based on real-time identity validation rather than stored secrets.
Conditional access policies add another layer of security by using real-time posture assessments to check access context, like request location and typical behavior, before granting access. They can restrict access to known applications making expected API requests and block unusual activity—such as high-frequency requests from an unfamiliar source—on the spot. This adaptive approach helps prevent unauthorized access to critical systems.
2) Lock Down API Access to Prevent Unauthorized Data Exfiltration
In this breach, hackers reportedly exploited an unsecured MiniOrange REST API to exfiltrate data from JIRA, underscoring the need for strict API security practices. API endpoints are powerful but can quickly become liabilities if not properly secured.
“While API keys have long been the de facto method for authenticating API requests, they inherently pose significant risks to the security of your systems and your customers’ data
– Kevin Sapp, Co-Founder and CTO, Aembit, in “An Open Letter to API Vendors”
To avoid unauthorized API access, security teams should use several core controls: rate limiting to prevent large-scale data scraping, IP whitelisting to restrict access to trusted networks, and context-aware authorization to verify both the identity and intent behind each API request.
Dynamic checks based on behavior, such as limiting data requests by time or frequency, provide additional security beyond static credentials alone. Additionally, monitoring and logging each API call are essential – this way, unusual patterns (like mass scraping of data) trigger alerts before substantial data loss occurs. Comprehensive endpoint protection could also have limited the attackers’ ability to misuse Schneider’s API for data extraction.
3) Strengthen Access Controls for Development Platforms
Schneider’s Jira platform housed sensitive project data, internal workflows, and user information, making it an attractive target for attackers. In this breach, exposed credentials were exploited alongside an unsecured API to exfiltrate 40GB of sensitive data and 400,000 user records.
To prevent similar incidents, organizations should focus on securing both human and non-human identities:
- For human credentials: Implement strict identity and access management (IAM) practices, such as enforcing least-privilege access, robust password policies, and adaptive access controls. Monitoring user activity can also detect suspicious behaviors, such as large-scale data requests or login attempts from unusual locations.
- For non-human identities: Eliminate reliance on static credentials like API keys by adopting secretless access models that authenticate dynamically. Restrict permissions for APIs and service accounts to only what is necessary, and continuously monitor for unusual or unauthorized behavior, such as excessive API calls or unexpected access patterns.
By securing all identities interacting with development platforms, organizations can reduce their attack surface and make it significantly harder for attackers to exploit weak links in identity security.
With attackers icreasingly targeting NHIs as entry points, these three strategies provide a solid foundation for safeguarding sensitive environments and ensuring security doesn’t go … stale. For more information on how Aembit can help, visit aembit.io.
