Cyber breaches abound in 2019

Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/

News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.

Is this a harbinger of a worse hacking landscape in 2019?

The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also  data-driven businesses simultaneously move into the “target zone” of cyber attacks.

On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.

Here are links to some articles that can hopefully help you to handle your cyber security better:

Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/

Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/

280 Comments

  1. Tomi Engdahl says:

    Thinkful confirms data breach days after Chegg’s $80M acquisition
    https://tcrn.ch/2Attjnr

    Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired.

    Reply
  2. Tomi Engdahl says:

    Nearly 5M DoorDash users affected in security breach
    https://www.wpxi.com/news/trending-now/nearly-5m-doordash-users-affected-in-security-breach/990777510?fbclid=IwAR10ibE3zAuAlC9XvtCEJtwmBOLqy4XM8wT1xZkzrY6M4WJcwHkZKVmEGD4

    Food delivery service DoorDash announced nearly 5 million customers, workers and merchants could have had their information stolen by hackers after a security breach earlier this year.

    Reply
  3. Tomi Engdahl says:

    Data of 24.3 million Lumin PDF users shared on hacking forum
    The person who leaked the data claims it notified Lumin PDF earlier this year but got no reply.
    https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/

    Reply
  4. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    DoorDash confirms a data breach on May 4 affecting 4.9M customers, workers, and merchants, with last-four digits of payment cards, driver’s license info stolen — DoorDash has confirmed a data breach. — The food delivery company said in a blog post Thursday that 4.9 million customers …
    https://techcrunch.com/2019/09/26/doordash-data-breach/?tpcc=ECTW2019

    Reply
  5. Tomi Engdahl says:

    Security Firm Comodo Hacked, as vBulletin Exploit Spawns
    https://www.cbronline.com/news/comodo-hacked

    Cybersecurity firm Comodo (slogan: “creating trust online”) says hackers exploited a new vulnerability in its user forum to steal the personal data of 245,000 users.

    The zero day was dumped on the SecLists security forum on September 23; the exploit developer declining to go down a “responsible disclosure” route.

    Another security researcher rapidly followed its publication with a script that scans the internet for vBulletin forums vulnerable to the zero day.

    Comodo is unlikely the sole such company affecte

    Comodo Hacked: Emails, Names, etc. Leaked

    A vulnerability in vBulletin is manna from heaven for hackers as it’s known to be used by organisations such as NASA, games publish EA and games distribution platform Steam.

    a zero-day exploits market platform, said the “bugdoor” had been circulating in the exploit community for three years.

    Reply
  6. Tomi Engdahl says:

    Former Yahoo employee admits hacking into over 6000 users’ accounts, mostly of younger women, to find sexual images & videos. He then also hacked into their iCloud, Gmail, Facebook & other email-connected accounts in search of more private content.

    Former Yahoo Software Engineer Pleads Guilty To Using Work Access To Hack Into Yahoo Users’ Personal Accounts
    https://www.justice.gov/usao-ndca/pr/former-yahoo-software-engineer-pleads-guilty-using-work-access-hack-yahoo-users

    Defendant admits illegally copying images and videos from about 6,000 Yahoo accounts

    Reply
  7. Tomi Engdahl says:

    Games company Zynga has been relieved by hackers of the names, email addresses, login IDs, and hashed passwords of more than 200 million players. The pilfered database is also said to contain in some cases phone numbers, password reset tokens, Facebook IDs, and Zynga account IDs.

    https://www.theregister.co.uk/2019/10/05/security_roundup_october_4/?utm_source=dlvr.it&utm_medium=facebook

    Reply
  8. Tomi Engdahl says:

    #Breach
    https://thehackernews.com/2019/08/foxit-pdf-reader-data-breach.html
    https://threatpost.com/tgi-fridays-data-exposure/147849/
    https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/
    https://www.theregister.co.uk/2019/09/02/teletext_holidays_200k_call_recordings_s3_bucket/
    https://www.bleepingcomputer.com/news/security/xkcd-forum-breach-exposes-emails-passwords-of-562-000-users/
    https://thehackernews.com/2019/09/xkcd-forum-hacked.html
    https://www.securityweek.com/over-328000-users-hit-foxit-data-breach
    https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
    https://www.securityweek.com/circleci-customer-data-exposed-through-third-party-vendor
    https://www.securityweek.com/400-mn-facebook-users-phone-numbers-exposed-privacy-lapse-reports
    https://www.securityweek.com/vulnerabilities-exposed-2-million-verizon-customer-contracts
    https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/
    https://threatpost.com/198m-car-buyer-records-exposed-online/148231/
    https://threatpost.com/major-groupon-ticketmaster-fraud-scheme-exposed-by-insecure-database/148246/
    https://www.securityweek.com/car-dealer-marketing-firm-exposed-198-million-data-records
    https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
    Catalin Cimpanu / ZDNet:
    Personal information of most of Ecuador’s population, including 6.7M children, left exposed online with home addresses, phone numbers, work information, more
    https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/
    https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/
    https://www.zdnet.com/article/gootkit-malware-crew-left-their-database-exposed-online-without-a-password/
    https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
    https://www.securityweek.com/industry-reactions-massive-ecuador-data-leak
    https://www.securityweek.com/doordash-breach-exposes-data-nearly-5-mn-users

    Reply
  9. Tomi Engdahl says:

    The Sesame Street Live Store, where fans of the children’s show buy merchandise, is one of more than 6,500 websites that security researchers say are compromised by payment skimmers after an apparent incident at an e-commerce platform.

    Breach at e-commerce provider gave hackers an entry to Sesame Street
    https://www.cyberscoop.com/sesame-street-website-hacked-magecart/

    Reply
  10. Tomi Engdahl says:

    More than 6,500 stores have been compromised, but the number could be around 20,000.

    Hackers breach Volusion and start collecting card details from thousands of sites
    https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d9d0005165af60001531f9b&utm_medium=trueAnthem&utm_source=facebook

    More than 6,500 stores have been compromised, but the number could be around 20,000.

    Reply
  11. Tomi Engdahl says:

    #Breach
    https://thehackernews.com/2019/08/foxit-pdf-reader-data-breach.html
    https://threatpost.com/tgi-fridays-data-exposure/147849/
    https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/
    https://www.theregister.co.uk/2019/09/02/teletext_holidays_200k_call_recordings_s3_bucket/
    https://www.bleepingcomputer.com/news/security/xkcd-forum-breach-exposes-emails-passwords-of-562-000-users/
    https://thehackernews.com/2019/09/xkcd-forum-hacked.html
    https://www.securityweek.com/over-328000-users-hit-foxit-data-breach
    https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
    https://www.securityweek.com/circleci-customer-data-exposed-through-third-party-vendor
    https://www.securityweek.com/400-mn-facebook-users-phone-numbers-exposed-privacy-lapse-reports
    https://www.securityweek.com/vulnerabilities-exposed-2-million-verizon-customer-contracts
    https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/
    https://threatpost.com/198m-car-buyer-records-exposed-online/148231/
    https://threatpost.com/major-groupon-ticketmaster-fraud-scheme-exposed-by-insecure-database/148246/
    https://www.securityweek.com/car-dealer-marketing-firm-exposed-198-million-data-records
    https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
    Catalin Cimpanu / ZDNet:
    Personal information of most of Ecuador’s population, including 6.7M children, left exposed online with home addresses, phone numbers, work information, more
    https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/
    https://www.zdnet.com/article/data-of-24-3-million-lumin-pdf-users-shared-on-hacking-forum/
    https://www.zdnet.com/article/gootkit-malware-crew-left-their-database-exposed-online-without-a-password/
    https://www.securityweek.com/security-firm-data-breach-exposes-millions-ecuadorians
    https://www.securityweek.com/industry-reactions-massive-ecuador-data-leak
    https://www.securityweek.com/doordash-breach-exposes-data-nearly-5-mn-users
    https://threatpost.com/intimate-details-healthcare-workers-exposed-cloud-security/149007/

    Reply
  12. Tomi Engdahl says:

    Geez, that’s a sensitive breach if ever I’ve seen one:
    https://mobile.twitter.com/troyhunt/status/1182229517722476544?s=19&fbclid=IwAR08IqadQvyUIu3H3qDQu5lwy-ZIpXgx3tly1_w-Izp0qyfXH8YD3xFw91E

    Data breach of the Dutch prostitute network http://Hookers.nl (yes really), resulting in a leak of IP, email addresses and encrypted passwords of 250.000 prostitutes and johns. Breach by leak in vBulletin

    Reply
  13. Tomi Engdahl says:

    Hacker wants $300 for 250,000 records stolen from sex worker site
    https://nakedsecurity.sophos.com/2019/10/14/hacker-asking-300-for-250000-records-stolen-from-sex-worker-site/

    A hacker has stepped through a hole in vBulletin web software to steal all email addresses from a Dutch website for prostitution and escort customers and for sex workers themselves, Hookers.nl.

    Reply
  14. Tomi Engdahl says:

    Someone hacked this massive marketplace selling stolen credit cards and removed nearly 26 million records

    https://www.hackread.com/stolen-credit-card-data-trading-marketplace-hacked/

    Reply
  15. Tomi Engdahl says:

    Mercedes-Benz app glitch exposed car owners’ information to other users
    https://tcrn.ch/2qlbpRN

    Mercedes-Benz car owners have said that the app they used to remotely locate, unlock and start their cars was displaying other people’s account and vehicle information.

    Reply
  16. Tomi Engdahl says:

    Hacker Breached Servers Belonging to Multiple VPN Providers
    https://www.bleepingcomputer.com/news/security/hacker-breached-servers-belonging-to-multiple-vpn-providers/?fbclid=IwAR3LDNdNf4ufoCd6AU1259_hwE0aqXXs9jOdUNGIlbtsewDjc83dmJbOQAU

    Servers belonging to the NordVPN and TorGuard VPN companies were hacked and attackers stole and leaked the private keys associated with certificates used to secure their web servers and VPN configuration files.

    Over the weekend, security researcher @hexdefined tweeted that NordVPN, of which we are an affiliate, was compromised as the private keys for their web site certificate were publicly leaked on the Internet.

    this certificate is now expired

    Servers for NordVPN, TorGuard, and possibly VikingVPN hacked

    Reply
  17. Tomi Engdahl says:

    Open database leaked 179GB in customer, US government, and military records
    The US Department of Homeland Security has become embroiled in the leak.
    https://www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/

    An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers.

    On Monday, vpnMentor’s cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group.

    Reply
  18. Tomi Engdahl says:

    7.5 Million Records of Adobe Creative Cloud User Data Exposed
    https://www.bleepingcomputer.com/news/security/75-million-records-of-adobe-creative-cloud-user-data-exposed/

    Adobe secured a database with 7.5 million records belonging to Adobe Creative Cloud users. The cache was not protected in any way, allowing anyone access to client information if they knew how to find it.

    Diachenko reported his findings to Adobe on October 19 and the company secured the Elasticsearch database on the same day.

    screen capture that was taken by Diachenko shows the details that could be accessed without authentication

    Reply
  19. Tomi Engdahl says:

    https://thehackernews.com/2019/10/adobe-database-leaked.html?m=1
    Unsecured Adobe Server Exposes Data for 7.5 Million Creative Cloud Users

    With an estimated 15 million subscribers, Adobe Creative Cloud or Adobe CC is a subscription service that gives users access to the company’s full suite of popular creative software for desktop and mobile, including Photoshop, Illustrator, Premiere Pro, InDesign, Lightroom, and many more.

    Reply
  20. Raul says:

    I believe that 100% security is never possible,The breach itself is not that serious, while the public backlash is quite hard. While it will damage NordVPN financialy, I think from now on NordVPN will probably invest a LOT more towards their security.. But who knows, we will see in a few months what will they do. Also the attacker stole one TLS key which was never used to encrypt user traffic on the VPN server. NordVPNs statement really shines some light on the issue. Yet most of the information that has been surfing around is not even worth reading. https://nordvpn.com/zh-tw/b… and the issue is so out of proportion when only one server out of thousands was affected.

    Reply
  21. Tomi Engdahl says:

    A network of ‘camgirl’ sites exposed millions of users and sex workers
    https://tcrn.ch/2PIoakg

    A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected.

    Reply
  22. Tomi Engdahl says:

    NordVPN users’ passwords used in credential-stuffing attacks

    Ars Technica: NordVPN had a second wave of headlines this week after its breach last month. This time, a number of users’ credentials have been found in several Pastebin posts used in credential stuffing attacks.

    [https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/](https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/)

    Reply
  23. Tomi Engdahl says:

    Trend Micro rogue employee exposes customer data
    https://www-bbc-com.cdn.ampproject.org/c/s/www.bbc.com/news/amp/technology-50315544

    The company says an employee sold information from its customer-support database, including names and phone numbers, to a third party.

    It became suspicious after customers started receiving phone calls from scammers posing as Trend Micro staff.

    “It’s every security firm’s nightmare for something like this to occur,” cyber-expert and writer Graham Cluley told BBC News.

    “You can have all the security in place to prevent external hackers getting in but that doesn’t stop internal staff from taking data and using it for nefarious purposes,” he said.

    Trend Micro Discloses Insider Threat Impacting Some of its Consumer Customers
    https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/

    Reply
  24. Tomi Engdahl says:

    Trend Micro reveals rogue employee sold data of up to 120,000 customers
    Updated: The cybersecurity firm says the attack came from within, leading to targeted scams.
    https://www.zdnet.com/article/trend-micro-reveals-insider-threat-exposing-customer-data/

    Reply
  25. Tomi Engdahl says:

    The 1GB SQL database appears to contain the entirety of the site’s information, including user names, private messages, public posts, registered email addresses, and IP addresses.

    Someone Published All the Membership Data From a Neo-Nazi Website
    https://futurism.com/the-byte/someone-published-membership-data-neo-nazi-website

    Prior to its abrupt close in November 2017, Iron March was one of the most influential neo-Nazi websites in the world. Investigators have linked the site to murders, acts of terrorism, and fascist groups in at least nine different countries.

    And now, thanks to a leak from an anonymous source, researchers have access to the entire contents of Iron March — including the user names, registered email addresses, and IP addresses of nearly 1,000 site members.

    Reply
  26. Tomi Engdahl says:

    A ‘Data Breach’ at the DMV Exposed Personal Information of Thousands of Californians
    Social Security numbers, immigration status, and other private details were improperly released
    https://www.lamag.com/citythinkblog/dmv-data-breach/

    California’s DMV just can’t seem to get its act together, and today, news broke of a new problem at the agency. Private information about around 3,200 California drivers was improperly made available to agencies outside the DMV.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*