Framework Hacked: Hackers Used Phishing Emails to Compromise the Network

On January 11, 2024, at 8:13 am PST, Framework principal external accounting partner, Keating Consulting, learned that an attacker had compromised the company network through a phishing email. Phishing emails are a tactic used by hackers to fool people into divulging personal information.

Hackers use human psychology to deceive victims into compromising their security by appearing as reliable institutions. This allows them to acquire unauthorized access or financial advantage. Framework Computer, an American manufacturer of laptop computers, offers readily disassembled laptops with interchangeable parts, hence proposing the right to repair electronics.

What has Happened?

In this instance, a social engineering technique was used to fool a staff member into disclosing customer PII (Personal Identifiable Information) connected to unpaid Framework purchases. On January 9 at 4:27 am PST, the attacker sent an email claiming to be the CEO, asking for Accounts Receivable information related to Framework purchases. Unknowingly, the accountant shared a spreadsheet containing the PII (Personal Identifiable Information) on January 11 at 8:13 am PST. The categories of information that are offered are listed below:

  1. Full Name
  2. Email Address
  3. Balance Owed

Within 29 minutes of the accountant response (8:42 am PST, January 11, 2024), Framework Head of Finance found the vulnerability. The breach was quickly reported to Keating Consulting by Framework Head of Finance, who also forwarded the information to the leadership of the organization to start notifying all impacted clients in bulk.

What Actions Are Being Taken by the Company, and What Should Users Do?

The organization required key staff to undergo phishing and social engineering training in reaction to the hack. Numerous audits are currently in progress concerning the processes for requesting information, as well as the instructions and protocols for accounting and financial consultants who have access to client data.

Since information including name, email, and balance was exposed, the organization notified all of its users about potential phishing or impersonation attempts and asked them to remain vigilant. Since the official payment communications only come after unsuccessful website captures never send out payment details directly via email in such a situation.

Aside from this, Framework pledged to swiftly handle situations such as this and asked them to always put their customers' privacy first.