Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hacker Sells Aurora Cannabis Files Stolen In Christmas Cyberattack

Hacker Sells Aurora Cannabis Files Stolen In Christmas Cyberattack

A hacker is selling the data stolen from cannabis giant Aurora Cannabis after breaching their systems on Christmas day.

Aurora Cannabis is a Canadian cannabis producer listed on both the Toronto Stock Exchange and the New York Stock Exchange. The company operates numerous cannabis-related medical and consumer brands, including MedRelease, CanniMed, Whistler Medical Marijuana Corp., San Rafael, Daily Special, and Woodstock.

Marijuana Business Daily reported that former and current employees received data breach notifications from Aurora Cannabis after the company suffered a cyberattack on December 25th, 2020.

The data breach notifications describe what data was stolen in the attack, with each employee reporting different compromised data.

“He said each person reported different data compromised in the breach, including credit card information, government identification, home addresses and banking details,” MBD reported.

Hacker selling stolen data for one bitcoin

Today, the hacker behind the Aurora Cannabis attack began selling the stolen data on a hacker forum for one bitcoin, approximately 39,000 at today’s prices. As part of the post to promote the sale, the threat actor leaked images of eleven files stolen during the attack.

Also Read: Website Ownership Laws: Your Rights And What These Protect

Hacker forum post selling Aurora Cannabis data

The samples of stolen data included images of passports, checks, driver licenses, and business documents.

Image of check stolen during the data breach
Sensitive information redacted by BleepingComputer

In an interview with the hacker, BleepingComputer was told that Aurora Cannabis was breached on December 25th after the threat actor hacked into their network.

The threat actor claims to have stolen 50GB of data, including customers’ and employees’ personal information.

After stealing the data, the hacker states they contacted Aurora Cannabis to ransom the data back to them, but “all them ignore this breach.”

The threat actor claims that they still have access to Aurora’s network. When asked if Aurora knows that they continue to have access, BleepingComputer was told, “i send mail but i think all employs ignored me.”

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

BleepingComputer has contacted Aurora Cannabis about the attack but did not receive a response.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us