Type
Actors
Pub. date
July 1, 2020
Initial access
Impact
Status
Not started
Last edited
Mar 6, 2025 3:29 PM
In 2018, a Drizly employee posted company cloud computing account login information on the software development and hosting platform GitHub. As a result of this security breakdown, hackers were able to use Drizly’s servers to mine cryptocurrency until the company changed its login information for its cloud computing account. Drizly failed to take steps to adequately address its security problems while publicly claiming to have appropriate security protections in place. Two years later, a hacker breached an employee account, got access to Drizly’s corporate GitHub login information, hacked into the company’s database, and then stole customers’ information.