Opaxe Pty Ltd, an Australian software and information services company for mining and minerals industry, has allegedly suffered a cyberattack. A Threat Actor (TA) has claimed to have breached sensitive data of the firm which includes Personal Identifiable Information (PII) of 16,000 users. The Opaxe data breach was reportedly orchestrated by a threat actor, operating under the alias, βTanakaβ.
Unconfirmed: Opaxe Data Breach
Opaxe is an intelligent software platform that restructures and redistributes information and generates business insights to help mining professionals and investors make better decisions.
"We collect, collate and republish listed mining company announcements so that you can access them quickly and easily, all in one place. We have more than 40,000 mining company announcements and 3 million
data points extracted from these announcements," the company mentioned in its profile.
[caption id="attachment_80137" align="alignnone" width="1602"]
Source: Opaxe Website[/caption]
According to the companyβs
website, βOpaxe was founded in May 2019 and is headquartered in West Perth, Australia with an operational office in Dunedin, New Zealand. Our development team is based in Kathmandu, Nepal.β
Threat actor Tanaka made the claim to have accessed Opaxeβs data on the
dark web marketplace BreachForums. In his post, the TA mentioned that the database was exfiltrated on June 26, 2024, and was in the SQL format.
[caption id="attachment_80136" align="alignnone" width="1807"]
Source: X[/caption]
The TA stated that the breached information had over 5.5 million rows in the SQL database, which includes 16k,00 user records. The user records comprise the data fields like ID, first name, last name, e-mail, hashed passwords, industry, company, and job title [sic].
No Official Conformation of Data Breach Yet
Despite these claims by the threat actor, a closer inspection reveals that the firmβs website is currently functioning normally, showing no signs of a security breach.Β
The Cyber ExpressΒ has reached out to Opaxe to verify the allegedΒ
cyberattack. As of now, no official statements or responses have been received, leaving the claims unverified.
The implications of such a breach, if proven, are potentially devastating, given the sensitive nature of the data held by Opaxe. The organization is responsible for holding personal data of its users. A
data leak of this magnitude could expose sensitive personal information of users as well as its business secrets.
Mining professionals and investors who rely on information shared by Opaxe for critical business insights could be vulnerable of having their confidential information accessed and misused by threat actors. The breach, if confirmed, could poses several
risks, including unlawful access to proprietary business insights and personal user information. This could lead to identity theft, data manipulation, and a loss of trust among Opaxeβs user base.
Mining Industry Exposed to Higher Cybersecurity Risks: Report
According to
AustralianMining.com, which reports on the latest news and current trends in the industry, a data breach in the mining sector could be devastating due to the highly sensitive nature of the information involved, such as geological surveys and operational plans.
The article suggests that mining organizations should considering establishing βPrivate AIβ. It refers to artificial intelligence systems that are deployed within an organization's own infrastructure, rather than relying on external, cloud-based solutions.
This ensures that sensitive data, such as organizational financial information, merger and acquisition targets, site surveys and employee details, remains on-premises, enhancing security and compliance with local regulations.
While the authenticity of the data breach on Opaxe Pty Ltd remains unconfirmed, the potential consequences are significant.Β
TheΒ CyberΒ ExpressΒ will continue to monitor this ongoing situation and provide updates as more information becomes available.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it.Β The Cyber ExpressΒ assumes no liability for the accuracy or consequences of using this information.