Coca-Cola FEMSA is the bottler of Coca-Cola and its related soft drink products in much of Latin America, which makes it an important part of the Coca-Cola system. This week, a threat actor known to DataBreaches as “TheSnake” and as the person who had also hacked a Brazilian clinic, leaked some data from Coca-Cola FEMSA on a popular hacking forum with a claim that they had acquired a “Full database Coca-Cola FEMSA containing company information, confidential photos and files, and much more.” They also posted a message to the company:
As we said, after the specified time, your data will be gradually uploaded to the public domain for everyone. You can still protect your reputation and keep most of the data undisclosed, but you have less and less time to do so. The choice is yours Coca-Cola FEMSA.
The listing indicated that the freely available data tranche was 8.16 GB in size, or 5.83 GB compressed.
TheSnake provided DataBreaches with additional details via an exchange of private messages. According to the information he provided, he was able to access Coca-Cola FEMSA twice in a period of a little over a year. The first time was in April 2022 and then again in June 2023. As before, they would not provide any statement about how they gained access, but did state that they had spent time researching their target and:
We had complete company information, including information from Mexico, Argentina, Brazil, Costa Rica, etc. The data had passwords, financial documents, invoices in ZIP and supplier data, data from facilities, company equipment, ad campaign, data and photos of employees, backups and much more, we had access to more than 200GB of company.
The attack involved both encrypting files and backups and exfiltrating data. TheSnake claims the encryption did not interfere with the firm’s functioning.
When asked whether the firm had responded to him at all or negotiated at all, he replied that the firm had reached out to “negotiate a fair agreement.” On inquiry, he clarified that they had demanded $12 million to delete all the files they had exfiltrated, but the firm was most concerned about preventing the leak of certain files and the negotiations were focused on a price not to leak those specific files. According to TheSnake, the company did pay them $1.5 million not to leak those files.
The rest of the files remained locked on their server. Now some of the exfiltrated files have been leaked freely. “If anyone is interested in the rest of the files, they are selling for US $65 thousand,” he added.
DataBreaches reached out to the firm via email yesterday evening to ask for a statement about the impact of the attack on their company. No reply has been received, however.