BlackBerry Ltd.-owned cybersecurity company Cylance has suffered a data breach, with the stolen data appearing for sale on the infamous hacking forum BreachForums.

First reported June 7 by Dark Web Informer on X Inc., the data is listed for sale by well-known BreachForums hacker “Sp1d3r” for $750,000. The listing on BreachForums claims to include 34 million customer and employee records and personally identifiable information, prospect lists, partner lists and Cylance user lists.

BlackBerry Cylance has since confirmed the breach, telling BleepingComputer that the leaked samples provided by the hacker appear to be old marketing data used by Cylance. “Based on our initial reviews of the data in question, no current Cylance customers are impacted and no sensitive information is involved,” a spokesperson for the company said. “The data in question was accessed from a third-party platform unrelated to BlackBerry and appears to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio.”

BlackBerry acquired Cylance for $1.4 billion in November 2018. Since that time, Cylance has continued to operate as a standalone business, be it that BlackBerry has integrated Cylance features, such as CylanceGUARD, into BlackBerry products, such as BlackBerry AtHoc.

What is missing from the story is where the data was obtained. The hacker Sp1d3r is also offering hacked data from Advance Auto Parts Inc. on BreachForums, with that data linked to an attack on customers of Snowflake Inc. that started in mid-April.

With Sp1d3r offering the data, some may conclude that the Cylance data could be linked to Snowflake. However, BlackBerry has denied this, saying that Cylance is not a Snowflake customer.

Jim Routh, chief trust officer at cloud identity security and management solutions company Saviynt Inc., told SiliconANGLE that the information in the breach, “if accurate, is a bit of a mixed bag due to the tenure of the data.”

“Its pricing is high given the lack of currency of the email related data used for marketing purposes,” Routh said. “It’s unlikely that this data would be sold for anything near $750,000 based on current black market rates for email data.”

Photo: BlackBerry Cylance