BePrime Cybersecurity Breach Exposes Client Pentest Reports and Network Infrastructure

BePrime, a cybersecurity and connectivity provider based in Monterrey, Mexico, acknowledged a significant data breach following claims by a threat actor on a cybercrime forum. The incident was published by investigative journalists and security researchers and allegedly resulted in the theft of 12.6 GB of sensitive internal and client data. 

The root cause of the compromise appears to be the absence of multi-factor authentication (MFA) on critical administrator accounts, allowing unauthorized access to the firm's core infrastructure.

The attacker reportedly gained entry by exploiting administrative credentials that lacked secondary verification layers. Once inside, the malicious actor utilized stolen API keys associated with Cisco Meraki environments to seize control of approximately 1,858 network devices, including routers and switches. This access allowed the threat actor to monitor traffic for over 2,600 connected devices and view live feeds from integrated video surveillance systems. The breach highlights a failure in basic identity and access management (IAM) protocols within a firm specifically tasked with providing security services.

The compromised data includes:

• Security audit and penetration testing (pentest) reports detailing client vulnerabilities
• Plaintext credentials for internal and client systems
• Cisco Meraki API keys and network configuration data
• Financial transaction records and internal operational documents
• Live video surveillance footage and snapshots

The number of affected individuals is not disclosed. The breach impacts high-profile corporate clients including Iberdrola, ArcelorMittal, Whirlpool, and Alsea.

BePrime issued a statement confirming the security incident and claim to have immediately activated containment and remediation protocols. The company stated that its investigation shows no impact on the operational continuity of its services or those of its clients. 

In a controversial move, the firm announced plans to pursue legal action against media outlets and journalists who reported on the breach, alleging the dissemination of inaccurate information. It's not clear which information is inaccurate. BePrime has not provided details on whether it is offering identity theft protection or specific technical support to the affected downstream organizations.

This incident creates downstream risks, as the leaked pentest reports provide a roadmap for attackers to target BePrime's clients directly. Security professionals recommend that all BePrime clients immediately rotate API keys and change all credentials associated with the provider.