Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/
News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.
Is this a harbinger of a worse hacking landscape in 2019?
The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also data-driven businesses simultaneously move into the “target zone” of cyber attacks.
On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.
Here are links to some articles that can hopefully help you to handle your cyber security better:
Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/
Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/
622 Comments
Tomi Engdahl says:
275m personal records swiped from exposed MongoDB database
https://nakedsecurity.sophos.com/2019/05/10/275m-indian-citizens-records-exposed-by-insecure-mongodb-database/
Another day, another massive MongoDB exposure. This time, a security researcher has discovered a public-facing database with over 275 million records containing personal information on citizens in India.
Putting people at risk
This is one of the most frustrating things about public database exposures: Someone who doesn’t know what they’re doing can put millions of people in danger, and there’s no way to get hold of them so they can rectify the problem.
We’ve seen this before.
Whoever put this thing online was using an old version they hadn’t reconfigured, or a newer version with the protection disabled. They might do that for convenience, ignorant or uncaring about the security implications.
the database remained public until Wednesday 8 May, when someone hacked it and erased all its content.
That’s the other thing about unprotected MongoDB instances: they’re hackable. Someone that finds them can access the database, delete it, and then hold the owner to ransom.
Tomi Engdahl says:
Security is like an onion. The more you dig in, the more you cry
Tomi Engdahl says:
Your most sensitive data is likely exposed online. These people try to find it
Don’t worry. They want it to be safe.
https://www.cnet.com/news/your-most-sensitive-data-is-likely-exposed-online-these-people-try-to-find-it/
Tomi Engdahl says:
Hackers are collecting payment details, user passwords from 4,600 sites
https://www.zdnet.com/article/hackers-are-collecting-payment-details-user-passwords-from-4600-sites/
Same hacker group compromises Alpaca Forms and Picreel to deploy malicious code to thousands of sites.
Hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on the infrastructure of these two companies to embed malicious code on over 4,600 websites, security researchers have told ZDNet.
The attack is ongoing, and the malicious scripts are still live, at the time of this article’s publishing.
Tomi Engdahl says:
Stack Overflow says hackers breached production systems
https://www.zdnet.com/article/stack-overflow-says-hackers-breached-production-systems/
Stack Overflow said it detected a security breach over the weekend.
Tomi Engdahl says:
Stack Overflow hacker went undetected for a week
https://www.zdnet.com/article/stack-overflow-hacker-went-undetected-for-a-week/
Stack Overflow now says hacker might have also accessed user data.
Tomi Engdahl says:
Faulty database script brings Salesforce to its knees
https://www.zdnet.com/article/faulty-database-script-brings-salesforce-to-its-knees/
Faulty production script gave users access to all their company’s Salesforce data.
Salesforce is going through one of its biggest outages ever after the company was forced to shut down large chunks of its infrastructure earlier today.
At the heart of the outage was a change the company made to its production environment that broke access permission settings across organizations and gave employees access to all of their company’s files.
Tomi Engdahl says:
Company behind LeakedSource pleads guilty in Canada
https://www.zdnet.com/article/company-behind-leakedsource-pleads-guilty-in-canada/
LeakedSource sold data on over 3.1 billion accounts, made CAN$247,000 (US$183,000).
Tomi Engdahl says:
User Data Exposed in Stack Overflow Hack
https://www.securityweek.com/user-data-exposed-stack-overflow-hack
Hackers had access to Stack Overflow systems for nearly one week before the attack was detected and some user data was exposed after all, the company has admitted.
Stack Overflow informed users on May 16 that it had detected unauthorized access to production systems over the previous weekend.
The attackers mainly focused on reconnaissance until May 11, when they made a change that gave them privileged access to production systems.
“This change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion,” Ferguson explained.
Tomi Engdahl says:
Account Hijacking Forum OGusers Hacked
https://krebsonsecurity.com/2019/05/account-hijacking-forum-ogusers-hacked/
Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.
Tomi Engdahl says:
TeamViewer Confirms Undisclosed Breach From 2016
https://www.bleepingcomputer.com/news/security/teamviewer-confirms-undisclosed-breach-from-2016/
TeamViewer confirmed today that it has been the victim of a cyber attack which was discovered during the autumn of 2016, but was never disclosed. This attack is thought to be of Chinese origins and utilized the Winnti backdoor.
Tomi Engdahl says:
Millions of Instagram influencers had their private contact data scraped and exposed
https://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/?tpcc=ECFB2019
A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online.
was left exposed and without a password allowing anyone to look inside. At the time of writing, the database had over 49 million records — but was growing by the hour.
We traced the database back to Mumbai-based social media marketing firm Chtrbox, which pays influencers to post sponsored content on their accounts.
TechCrunch found several high-profile influencers in the exposed database
Shortly after we reached out, Chtrbox pulled the database offline.
The scraping effort comes two years after Instagram admitted a security bug in its developer API
Tomi Engdahl says:
Cache of 49 million Instagram records found online
https://nakedsecurity.sophos.com/2019/05/22/cache-of-49m-instagram-records-found-online/
A security researcher has discovered a massive cache of data for millions of Instagram accounts, publicly accessible for everyone to see. The account included sensitive information that would be useful to cyberstalkers, among others.
Reporters identified the owner of the database as Mumbai-based social media company Chtrbox.
Tomi Engdahl says:
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/
The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.
Santa Ana, Calif.-based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in more than $5.7 billion in 2018.
He said anyone who knew the URL for a valid document at the Web site could view other documents just by modifying a single digit in the link.
And this would potentially include anyone who’s ever been sent a document link via email by First American.
KrebsOnSecurity confirmed the real estate developer’s findings, which indicate that First American’s Web site exposed approximately 885 million files, the earliest dating back more than 16 years. No authentication was required to read the documents.
Many of the exposed files are records of wire transactions with bank account numbers and other information from home or property buyers and sellers.
First American wouldn’t comment on the overall number of records potentially exposed via their site, or how long those records were publicly available.
Armed with a single link to a First American document, BEC scammers would have an endless supply of very convincing phishing templates to use. A database like this also would give fraudsters a constant feed of new information about upcoming real estate financial transactions
Tomi Engdahl says:
First American Financial Exposed Millions of Sensitive Documents
https://www.securityweek.com/first-american-financial-exposed-millions-sensitive-documents
Tomi Engdahl says:
Flipboard Resets User Passwords in Response to Data Breach
https://www.securityweek.com/flipboard-resets-user-passwords-response-data-breach
News and social media aggregator Flipboard revealed on Tuesday that it suffered a serious breach involving unauthorized access to some databases storing user account information.
Tomi Engdahl says:
200k Personal Records Exposed by Events Planning Firm
https://threatpost.com/200k-personal-records-exposed-by-events-planning-firm/145133/
Amazingco, an events planning firm, exposed 212,220 records with personal data relating to children’s parties, wine tours and more.
“These records contained names, email, phone numbers, addresses, and notes about the events,” said Jeremiah Fowler, senior security research at Security Discovery in a post.
Company Offering Unique Experiences, Wine Tours, and Kids’ Parties Exposes 212,220 Records Online
https://securitydiscovery.com/amazingco/
Here is what we have discovered that included the following:
This was an Elastic database set to open and visible in any browser (publicly accessible) and anyone could access customer data without administrative credentials.
212,220 records in total including many user names, emails, phone numbers, internal notes, and other sensitive details
IP addresses, Ports, Pathways, and storage info that cyber criminals could exploit to access deeper in to the network.
It is unclear how long the customer data was exposed online or who may have had access to it.
It is unclear if this data incident was reported to users who may have been affected or the authorities.
Tomi Engdahl says:
Unpatched Flaw Affects All Docker Versions, Exploits Ready
https://www.bleepingcomputer.com/news/security/unpatched-flaw-affects-all-docker-versions-exploits-ready/
All versions of Docker are currently vulnerable to a race condition that could give an attacker both read and write access to any file on the host system. Proof-of-concept code has been released.
The flaw is similar to CVE-2018-15664 and it offers a window of opportunity for hackers to modify resource paths after resolution but before the assigned program starts operating on the resource. This is known as a time-to-check-time-to-use (TOCTOU) type of bug.
Tomi Engdahl says:
First American site bug exposed 885 million sensitive title insurance records
https://techcrunch.com/2019/05/24/first-american-millions-sensitive-records/
Tomi Engdahl says:
Quest Diagnostics Says 11.9 Million Patients May Have Been Affected by Breach
https://www.wsj.com/articles/quest-diagnostics-says-11-9-million-patients-may-have-been-affected-by-breach-11559562193
Breach may have involved the collection of patients’ financial information
Tomi Engdahl says:
Almost 100,000 Australians’ private details exposed in attack on Westpac’s PayID
https://www.smh.com.au/business/banking-and-finance/australians-private-details-exposed-in-attack-on-westpac-s-payid-20190603-p51u2u.html
Tomi Engdahl says:
Quest Diagnostics says 11.9 million patients affected by data breach
https://techcrunch.com/2019/06/03/quest-diagnostics-breach/
Tomi Engdahl says:
Danny Palmer / ZDNet:
Report: ~2.3B files, including sensitive info like credit card and medical data, are exposed via publicly accessible online file storage servers, up 50% YoY
Cybersecurity: The number of files exposed on misconfigured servers, storage and cloud services has risen to 2.3 billion
Digital Shadows research finds that the number of exposed files — including sensitive information — has risen by 50 percent compared with last year. But there are some signs the problem can be fixed…
https://www.zdnet.com/article/cybersecurity-the-number-of-files-exposed-on-misconfigured-servers-storage-and-cloud-services-has-risen-to-2-3-billion/
Tomi Engdahl says:
Quest Diagnostics says 12 million patients may have had their personal information exposed
https://www.cnn.com/2019/06/03/business/quest-diagnostics-breach/index.html
The clinical laboratory company said in a release that an “unauthorized user” gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor hired by a Quest contractor called Optum360.
Quest said the information that may have been exposed included Social Security numbers and medical information, but not test results.
Quest Diagnostics Statement on the AMCA Data Security Incident
http://newsroom.questdiagnostics.com/AMCADataSecurityIncident
Tomi Engdahl says:
Report: Dating App Leaks Explicit User Messages & Other Private Data
https://www.vpnmentor.com/blog/report-jcrush/
vpnMentor’s research team recently discovered a data leak of dating app JCrush’s database.
Tomi Engdahl says:
LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach
https://krebsonsecurity.com/2019/06/labcorp-7-7m-consumers-hit-in-collections-firm-breach/
Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.
Tomi Engdahl says:
19 Years of Personal Data Was Stolen From ANU. It Could Show Up on the Dark Web.
https://pentestmag.com/19-years-of-personal-data-was-stolen-from-anu-it-could-show-up-on-the-dark-web/
Two days ago it was revealed the Australian National University (ANU) fell victim to a cyber security attack in late 2018, but only detected two weeks ago*. Stolen was a substantial amount of data dating back 19 years relating to staff, students and visitors.
These are very critical data. Privacy and security are at risk when this sort of information, especially people’s personal and financial details, are hacked.
The question now is what will happen with the stolen data.
There are three likely outcomes:
1. Invitation to pay a ransom
2. Free public release of data
3. Sell for profit on the dark web
in 2018 The Guardian reported that ANU had spent many months fighting off a threat to its systems
You might ask why the university hadn’t bolstered its cyber defences in response. The answer is the ANU probably did, to the best of its abilities.
However, when you are dealing with elite hackers and those using “zero day exploits”, it means your chances of preventing a hack are quite limited.
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
US CBP says photos of travelers into and out of the country were accessed in breach of subcontractor, first learned of on May 31, fails to say how many affected — U.S. Customs and Border Protection has confirmed a data breach has exposed the photos of travelers and vehicles traveling in and out of the United States.
https://techcrunch.com/2019/06/10/cbp-data-breach/
Tomi Engdahl says:
Daniel Welsh / HuffPost UK:
Radiohead says they’re releasing 18 hours’ worth of unheard music to benefit climate change group, after hackers stole lead singer’s files and attempted ransom
Radiohead Have The Last Laugh After Hackers Hold 18 Hours Of Their Unreleased Music Ransom
Activist group Extinction Rebellion will benefit too.
https://www.huffingtonpost.co.uk/entry/radiohead-hacked-extinction-rebellion_uk_5cffa1ffe4b0b02180874424?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cudGVjaG1lbWUuY29tLw&guce_referrer_sig=AQAAAJL79NsAq6ndX6Z_zjKG6w7Gy37Vv82N7kSpMNXIHUh84kIOkqC4ouYV1jkpZ5XvxjkBv3vFuWm5bZdJUeqikRoT4wRMbzC0eG1jwOEzyn4T5k8KZBKlkiVsTGVWm9wvpvzUVGkUe00JLXfNCOHR3o6FJQA7wiXd7A3hRhFpTV_e
Tomi Engdahl says:
CBP says traveler photos and license plate images stolen in data breach
https://techcrunch.com/2019/06/10/cbp-data-breach/
U.S. Customs and Border Protection has confirmed a data breach has exposed the photos of travelers and vehicles traveling in and out of the United States.
The photos were transferred to a subcontractor’s network and later stolen through a “malicious cyberattack,”
Tomi Engdahl says:
Hackers are stealing years of call records from hacked cell networks
At least 10 cell networks have been hacked over the past seven years
https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/
Tomi Engdahl says:
Global phone networks attacked by hackers
https://www.bbc.com/news/technology-48756030
Hackers targeted mobile phone networks around the world to snoop on specific users, according to a report.
Tomi Engdahl says:
TD Bank internal files found online in ‘keys-to-the-kingdom’ cloud data exposure
https://business.financialpost.com/news/fp-street/td-bank-internal-files-found-online-in-keys-to-the-kingdom-cloud-data-exposure
Attunity Ltd., a company that manages and safeguards data, left internal files exposed on the internet for clients including Ford Motor Co., and the Toronto-Dominion Bank, in the latest example of sensitive information being publicly accessible on the web.
Researchers at UpGuard Inc., a cybersecurity company, found more than a terabyte of data left unsecured by Attunity last month on Amazon Web Services
Documents attributed to TD Bank included invoices, agreements between the companies, and files about the type of technology solution Attunity was configuring for the bank.
The centrepiece was a large collection of Attunity files including administrative and employee passwords to various systems, extensive employee email backups
“It’s a category of data breach we refer to as a keys-to-the-kingdom exposure,” said Chris Vickery, director of cyber-risk research at UpGuard.
Attunity removed public access to the buckets the day after UpGuard informed the company about the breach in May, but it took several weeks before Attunity asked the cybersecurity company more detailed questions
Ford said it was never notified about a data exposure.
“It’s embarrassing for a company marketing services by saying we’ll help you use the cloud properly to make a mistake when they’re using it,”
Besides system passwords, the researchers also found contact information for sales and marketing customers and targets, and project specifications.
would have been easy for Attunity to conceal the data from public view from the start, UpGuard’s Vickery said.
“It’s a one-to-three click fix,” he said. “It illustrates that there were systemic issues with security.”
Tomi Engdahl says:
http://nakedsecurity.sophos.com/2019/06/26/social-engineering-forum-hacked-user-data-dumped-on-rival-site/
Tomi Engdahl says:
Confirmed: 2 Billion Records Exposed In Massive Smart Home Device Breach
https://www.forbes.com/sites/daveywinder/2019/07/02/confirmed-2-billion-records-exposed-in-massive-smart-home-device-breach/
A team of self-styled “hacktivist” security researchers, with an impressive track record of exposing breach after breach as part of a web-mapping project that searches for vulnerabilities within online databases, has disclosed one of the biggest to date.
a user database belonging to a Chinese company called Orvibo, which runs an Internet of Things (IoT) management platform, had been left exposed to the Internet without any password to protect it. So far, so appalling. But it gets even worse when you discover that the database includes more than 2 billion logs containing everything from user passwords to account reset codes and even a “smart” camera recorded conversation.
Tomi Engdahl says:
Confirmed: 2 Billion Records Exposed In Massive Smart Home Device Breach
https://www.forbes.com/sites/daveywinder/2019/07/02/confirmed-2-billion-records-exposed-in-massive-smart-home-device-breach/
The researchers in question, Noam Rotem and Ran Locar from vpnMentor, found that a user database belonging to a Chinese company called Orvibo, which runs an Internet of Things (IoT) management platform, had been left exposed to the Internet without any password to protect it. So far, so appalling. But it gets even worse when you discover that the database includes more than 2 billion logs containing everything from user passwords to account reset codes and even a “smart” camera recorded conversation.
Tomi Engdahl says:
2 billion smart home records left exposed on the internet
https://reclaimthenet.org/2-billion-orvibo-smart-home-records-left-exposed-on-the-internet/
A database containing billions of records was found to have been left exposed to the internet without any password to protect it. The database was owned by a Chinese company known as Orvibo with various smart home devices available in the market.
Tomi Engdahl says:
UK’s ICO fines British Airways a record £183M over GDPR breach that leaked data from 500,000 users
https://techcrunch.com/2019/07/08/uks-ico-fines-british-airways-a-record-183m-over-gdpr-breach-that-leaked-data-from-500000-users/
ICO fined British Airways and its parent International Airlines Group (IAG) £183.39 million ($230 million) in connection with a data breach. The fine was 1.5% of BA’s total revenues for the year that ended December 31, 2018.
Tomi Engdahl says:
19 Years of Personal Data Was Stolen From ANU. It Could Show Up on the Dark Web.
https://pentestmag.com/19-years-of-personal-data-was-stolen-from-anu-it-could-show-up-on-the-dark-web/
Australian National University (ANU) fell victim to a cyber security attack in late 2018, but only detected two weeks ago*
Tomi Engdahl says:
Desjardins data breach to put Bill C-59 to the test: Liberal MP
https://globalnews.ca/news/5484760/desjardins-data-breach-bill-c-59/
Desjardins, the Quebec-based financial institution, said last month that a Laval police investigation traced the data breach to a lone “ill-intentioned” employee. Personal information including social insurance numbers, names, addresses were leaked.
Personal data of 2.7 million people leaked from Desjardins
https://www.cbc.ca/news/canada/montreal/desjardins-data-breach-1.5183297
Data breach affects more than 40% of Quebec-based credit union’s clients and members
An employee with “ill-intention” at Desjardins Group collected information about nearly three million people and businesses and shared it with others outside the Quebec-based financial institution, officials revealed Thursday
Tomi Engdahl says:
Hackers steal millions of Bulgarians’ financial records: tax agency
https://www.reuters.com/article/us-bulgaria-cybersecurity/hackers-hit-bulgaria-leak-data-from-russian-email-government-idUSKCN1UB0MA
Hackers have stolen the financial data of millions of Bulgarians from the country’s tax agency, the government said on Tuesday, in an attack that one researcher said may have compromised nearly every adult’s personal records.
Tomi Engdahl says:
Sprint says hackers breached customer accounts via Samsung website
https://www.zdnet.com/article/sprint-says-hackers-breached-customer-accounts-via-samsung-website/
Hackers had access to customer info such as names, billing, device details, and more.
Tomi Engdahl says:
Data of ‘nearly all adults’ in Bulgaria stolen
https://www.bbc.com/news/amp/technology-49015511
Personal data belonging to millions of Bulgarians has been stolen in a cyber-attack on the country’s tax agency.
Tomi Engdahl says:
https://www.nbc12.com/2019/07/17/sprint-customer-accounts-reportedly-breached-by-hackers-through-samsung-website/
Tomi Engdahl says:
https://www.zdnet.com/google-amp/article/sprint-says-hackers-breached-customer-accounts-via-samsung-website/?__twitter_impression=true
Tomi Engdahl says:
What happens when a country’s entire adult population is hacked?
https://www.technologyreview.com/f/613973/what-happens-when-a-countrys-entire-adult-population-is-hacked/
The hack: A 20-year-old man was arrested in Sofia, Bulgaria, on Tuesday afternoon and charged with an unprecedented hack of the country’s tax authority, ending with the theft of sensitive personal records from nearly every adult in Bulgaria, according to local reports.
After a massive hack in Bulgaria, the prime minister called the attacker a “wizard,” but cybersecurity experts said the security was simply inadequate.
“It was alleged in the press that internal sources say the attack was an SQL injection,”
The facts: There is a gap between the hacker’s claims and what the Bulgarian government says happened. The facts are still being determined.
The hacker claimed to have stolen data from over 5 million Bulgarians. The country’s entire population is around 7 million. Finance Minister Vladislav Goranov said 3% of the NRA’s databases were impacted.
One thing is clear: a reckoning has arrived for Bulgaria’s cybersecurity. Whether the government recognizes it or not, outside hackers certainly will
Tomi Engdahl says:
Another 2.2 million patients affected by AMCA data breach
https://techcrunch.com/2019/07/17/millions-patients-amca-breach/
Another clinical lab ensnared in the AMCA data breach has come forward.
Clinical Pathology Laboratories (CPL) says 2.2 million patients may have had their names, addresses, phone numbers, dates of birth, dates of service, balance information and treatment provider information stolen in the previously reported breach.
7.7 million LabCorp records stolen in same hack affecting Quest
https://techcrunch.com/2019/06/05/labcorp-records-stolen-quest/
Tomi Engdahl says:
https://www.zdnet.com/article/bulgarias-hacked-database-is-now-available-on-hacking-forums/
Tomi Engdahl says:
My browser, the spy: How extensions slurped up browsing histories from 4M users
Have your tax returns, Nest videos, and medical info been made public?
https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/
When we use browsers to make medical appointments, share tax returns with accountants, or access corporate intranets, we usually trust that the pages we access will remain private. DataSpii, a newly documented privacy issue in which millions of people’s browsing histories have been collected and exposed, shows just how much about us is revealed when that assumption is turned on its head.
DataSpii begins with browser extensions—available mostly for Chrome but in more limited cases for Firefox as well—that, by Google’s account, had as many as 4.1 million users.
Tomi Engdahl says:
Bulgaria’s hacked database is now available on hacking forums
https://www.zdnet.com/article/bulgarias-hacked-database-is-now-available-on-hacking-forums/
Half of the database, to be exact, the half the hacker released to local reporters over the last weekend.