Cyber breaches abound in 2019

Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/

News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.

Is this a harbinger of a worse hacking landscape in 2019?

The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also  data-driven businesses simultaneously move into the “target zone” of cyber attacks.

On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.

Here are links to some articles that can hopefully help you to handle your cyber security better:

Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/

Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/

484 Comments

  1. Tomi Engdahl says:

    Hackers say they stole millions of credit cards from Banco BCR
    https://www.bleepingcomputer.com/news/security/hackers-say-they-stole-millions-of-credit-cards-from-banco-bcr/
    Hackers claim to have gained access to the network of Banco BCR, the
    state-owned Bank of Costa Rica, and stolen 11 million credit card
    credentials along with other data. This attack was allegedly conducted
    by the operators of the Maze Ransomware, who have been behind numerous
    cyberattacks against high-profile victims such as IT services giant
    Cognizant, cyber insurer Chubb, and drug testing facility Hammersmith
    Medicines Research LTD.

    Reply
  2. Tomi Engdahl says:

    French daily Le Figaro database exposes users’ personal info
    https://www.bleepingcomputer.com/news/security/french-daily-le-figaro-database-exposes-users-personal-info/
    French daily newspaper Le Figaro exposed roughly 7.4 billion records
    containing personally identifiable information (PII) of reporters and
    employees, as well as of at least 42, 000 users. The data was exposed
    by an unsecured database owned by Le Figaro and containing over 8TB of
    data which was publicly accessible because of a misconfigured
    Elasticsearch server.

    Reply
  3. Tomi Engdahl says:

    Hacker leaks 15 million records from Tokopedia, Indonesia’s largest
    online store
    https://www.zdnet.com/article/hacker-leaks-15-million-records-from-tokopedia-indonesias-largest-online-store/#ftag=RSSbaffb68
    The Tokopedia data has been published on a well-known hacking forum.

    Reply
  4. Tomi Engdahl says:

    Home affairs data breach may have exposed personal details of 700, 000
    migrants
    https://www.theguardian.com/technology/2020/may/03/home-affairs-data-breach-may-have-exposed-personal-details-of-700000-migrants
    Privacy experts have blasted the home affairs department for a data
    breach revealing the personal details of 774, 000 migrants and people
    aspiring to migrate to Australia, including partial names and the
    outcome of applications.

    Reply
  5. Tomi Engdahl says:

    Nintendo Source Code for N64, Wii and GameCube Leaked
    https://itsecurity.org/nintendo-source-code-for-n64-wii-and-gamecube-leaked/

    Nintendo Was Likely Anticipating the Dump After 2018 Intrusion

    Gamers are poring over a massive leak of Nintendo data, including source code for older gaming systems, prototypes of games and extensive software and hardware documentation.

    The material includes the source code for the Wii, N64 and GameCube systems, and demo games for the N64. Also leaked were extensive hardware and software engineering documents as well as software development kits.

    The leak is “of biblical, rarely heard of proportions,” writes Alex Donaldson, a journalist and web developer who follows gaming, on Twitter.

    So what?
    Why does anyone care?

    There’s a thriving community of enthusiasts for bygone Nintendo games and systems. Even today, new details about how the storied Japanese company designed games, including scrapped bits that never became public, are of high interest.

    Most of the games whose source code was released – especially those from the 1990s – were actually already disassembled and reverse engineered years ago, says a source who asked to remain anonymous. That allowed gamers to make their own “fan” version of games, with their own tweaks, he says. “But now that the actual source code has leaked, it reveals a lot more stuff that couldn’t be revealed via disassembly,” the source says.

    Reply
  6. Tomi Engdahl says:

    Tokopedia data breach exposes vulnerability of personal data
    https://www.thejakartapost.com/news/2020/05/04/tokopedia-data-breach-exposes-vulnerability-of-personal-data.html

    A recent data breach jeopardizing more than 15 million user accounts of Indonesian unicorn Tokopedia has exposed the vulnerability of personal data on digital platforms as Indonesians increasingly turn to e-commerce to meet their needs from home

    The cybersecurity research collective Under the Breach told The Jakarta Post in an e-mail correspondence that large companies such as Tokopedia were at a disadvantage by having a lot of employees with access to the companies’ internal systems.

    “Hackers often use social engineering tactics to send phishing emails to employees, which in return allows them access to different systems inside the company,” the e-mail reads.

    Indonesia’s Tokopedia investigates alleged data leak of 91M users
    https://www.dailysabah.com/world/asia-pacific/indonesias-tokopedia-investigates-alleged-data-leak-of-91m-users

    Reply
  7. Tomi Engdahl says:

    India’s Jio Coronavirus symptom checker exposed test results
    https://securityaffairs.co/wordpress/102698/data-breach/coronavirus-symptom-checker-data-leak.html
    A security glitch in the self-test coronavirus symptom checker
    developed by India’s Jio cell network exposed test results.

    Reply
  8. Tomi Engdahl says:

    CAM4 adult cam site exposes 11 million emails, private chats
    https://www.bleepingcomputer.com/news/security/cam4-adult-cam-site-exposes-11-million-emails-private-chats/
    Adult live streaming website CAM4 exposed over 7TB of personally
    identifiable information (PII) of members and users, stored within
    more than 10.88 billion database records. The sensitive data was
    leaked after one of the site’s production databases was left open to
    Internet access on a misconfigured Elasticsearch cluster, with records
    dating back to March 16, 2020.

    Reply
  9. Tomi Engdahl says:

    Hacker Bribed ‘Roblox’ Insider to Access User Data
    https://www.vice.com/en_us/article/qj4ddw/hacker-bribed-roblox-insider-accessed-user-data-reset-passwords
    A hacker bribed a Roblox worker to gain access to the back end
    customer support panel of the massively popular online video game,
    giving them the ability to lookup personal information on over 100
    million active monthly users and grant virtual in-game currency.

    Reply
  10. Tomi Engdahl says:

    Godaddy Hacked : 19 Million Customers at Risk
    https://hackernewsdog.com/godaddy-hacked-breached-stolen-data/?fbclid=IwAR2h5XuWSsnrC8HHsDqGSyF2S2GEIVQnxh0F-T5YkWNaSBiiBPZ35Yu5Bc4

    Big Breaking News Just coming In
    Godaddy Just confirmed its data breach on 5 May 2020 putting 19 million customers on risk.

    One of the biggest domain registrar and web hosting firm godaddy today publicly announced its data breach that impacted millions of hosting account customers. This incident goes back to the date October 2019 when enabled one hacker to access some customer’s login information of SSH of hosting account. Later the security team of the godaddy company observed suspicious activity on some accounts.

    Although the company said “It did not impact main customer accounts” , although why are not sure what do they mean by saying “main customers”.

    Reply
  11. Tomi Engdahl says:

    Brian Barrett / Wired:
    Adult livestreaming website CAM4 exposes 10B+ records, including names, sexual orientations, payment logs, and email transcripts, on an unsecure database — CAM4 has taken the server offline, but not before it leaked 7TB of user data. — It’s all too common for companies to leave databases chock full …

    Hack Brief: An Adult Cam Site Exposed 10.88 Billion Records
    CAM4 has taken the server offline, but not before it leaked 7TB of user data.
    https://www.wired.com/story/cam4-adult-cam-data-leak-7tb/

    Reply
  12. Tomi Engdahl says:

    Details of 44 Million Pakistani Mobile Users Leaked Online, Part of Bigger 115 Million Cache
    https://it.slashdot.org/story/20/05/06/2058249/details-of-44-million-pakistani-mobile-users-leaked-online-part-of-bigger-115-million-cache?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    The details of 44 million Pakistani mobile subscribers have leaked online this week, ZDNet has learned. The leak comes after a hacker tried to sell a package containing 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin. Data contains names, phone numbers, national IDs, and home addresses among others, and is believed to have originated from Jazz, a local mobile provider. According to our analysis of the leaked files, the data contained both personally-identifiable and telephony-related information.

    https://www.zdnet.com/article/details-of-44m-pakistani-mobile-users-leaked-online-part-of-bigger-115m-cache/

    Reply
  13. Tomi Engdahl says:

    Hackers sell stolen user data from HomeChef, ChatBooks, and Chronicle
    https://www.bleepingcomputer.com/news/security/hackers-sell-stolen-user-data-from-homechef-chatbooks-and-chronicle/
    Three more high-profile databases are being offered for sale by the
    same group claiming the Tokopedia and Unacademy breaches, and the more
    recently reported theft of Microsofts private GitHub repositories.
    Going by the name Shiny Hunters, the group is now selling user records
    from meal kit delivery service HomeChef, from photo print service
    ChatBooks, and Chronicle.com, a news source for higher education.

    Reply
  14. Tomi Engdahl says:

    DigitalOcean Data Leak Incident Exposed Some of Its Customers Data
    https://thehackernews.com/2020/05/digitalocean-data-breach.html
    DigitalOcean, one of the biggest modern web hosting platforms,
    recently hit with a concerning data leak incident that exposed some of
    its customers’ data to unknown and unauthorized third parties. Though
    the hosting company has not yet publicly released a statement, it did
    has started warning affected customers of the scope of the breach via
    an email.. Also:
    https://www.zdnet.com/article/digital-ocean-says-it-exposed-customer-data-after-it-left-an-internal-doc-online/

    Reply
  15. Tomi Engdahl says:

    A hacker group is selling more than 73 million user records on the
    dark web
    https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
    A hacker group going by the name of ShinyHunters claims to have
    breached ten companies and is currently selling their respective user
    databases on a dark web marketplace for illegal products. The hackers
    are the same group who breached last week Tokopedia, Indonesia’s
    largest online store. Hackers initially leaked 15 million user records
    online, for free, but later put the company’s entire database of 91
    million user records on sale for $5,000.. Also:
    https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/

    Reply
  16. Tomi Engdahl says:

    Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’
    Miscreants threaten to leak 756GB of allegedly stolen paperwork
    https://www.theregister.co.uk/2020/05/12/papa_dont_breach/

    Reply
  17. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/security/microsofts-github-account-hacked-private-repositories-stolen/

    A hacker claims to have stolen over 500GB of data from Microsoft’s private GitHub repositories, BleepingComputer has learned.

    This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full access to the software giant’s ‘Private’ repositories.

    Reply
  18. Tomi Engdahl says:

    Over 4000 Android Apps Expose Users’ Data via Misconfigured Firebase
    Databases
    https://thehackernews.com/2020/05/android-firebase-database-security.html
    More than 4,000 Android apps that use Google’s cloud-hosted Firebase
    databases are ‘unknowingly’ leaking sensitive information on their
    users, including their email addresses, usernames, passwords, phone
    numbers, full names, chat messages and location data.

    Reply
  19. Tomi Engdahl says:

    Sodinokibi drops greatest hits collection, and crime is the secret
    ingredient
    https://blog.malwarebytes.com/cybercrime/2020/05/sodinokibi-drops-greatest-hits-collection-and-crime-is-the-secret-ingredient/
    When a group of celebrities ask to speak with their lawyer, they
    usually dont have to call in a bunch of other people to go speak with
    their lawyer. However, in this case it may well be a thing a little
    down the line. A huge array of musicians including Bruce Springsteen,
    Lady Gaga, Madonna, Run DMC and many more have had documents galore
    pilfered by the Sodinokibi gang.

    Reply
  20. Tomi Engdahl says:

    Colorado’s unemployment system, slammed with coronavirus claims, inadvertently exposed people’s private data
    https://coloradosun.com/2020/05/18/colorado-unemployment-private-data-released/

    The unauthorized access is blamed on a vendor’s technical issue and was identified and blocked within an hour after it was noticed on Saturday, according to the Colorado Department of Labor and Employment

    Reply
  21. Tomi Engdahl says:

    “EasyJet has revealed that the personal information of 9 million customers was accessed in a “highly sophisticated” cyber-attack on the airline.

    The company said on Tuesday that email addresses and travel details were accessed and it would contact the customers affected.

    Of the 9 million people affected, 2,208 had credit card details stolen, easyJet told the stock market. No passport details were uncovered.

    The ICO recommended easyJet contact everyone affected because of an increased risk of phishing fraud, the airline said.”

    https://www.theguardian.com/business/2020/may/19/easyjet-cyber-attack-customers-details-credit-card?CMP=share_btn_fb

    Reply
  22. Tomi Engdahl says:

    Hacker selling 40 million user records from popular Wishbone app
    https://www.zdnet.com/article/hacker-selling-40-million-user-records-from-popular-wishbone-app/
    A hacker has put up for sale today the details of 40 million users
    registered on Wishbone, a popular mobile app that lets users compare
    two items in a simple voting poll. Read also:
    https://www.bleepingcomputer.com/news/security/hacker-shares-40-million-wishbone-user-records-for-free/

    Reply
  23. Tomi Engdahl says:

    Toll’s stolen data finds itself on the ‘dark web’
    https://www.zdnet.com/article/tolls-stolen-data-finds-itself-on-the-dark-web/
    Toll Group has provided an update on the ransomware attack it suffered
    following a January infection. The Australian transport giant said,
    after revealing the extent of data theft it suffered earlier this
    month, that the stolen information has found its way onto the “dark
    web”.

    Reply
  24. Tomi Engdahl says:

    Database Breaches Remain the Top Cyber Threat for Organizations
    https://www.recordedfuture.com/database-breaches-analysis/
    With the number of affected victims growing every year, some of
    today’s most serious threats to organizations are database breaches
    and releases. These breaches compromise millions of pieces of
    sensitive information like personally identifiable information (PII),
    credentials, payment information, and proprietary data. Criminals gain
    access to the data through various tactics, techniques, and procedures
    (TTPs), such as phishing, malware, exploiting existing vulnerabilities
    in software, insider threats, password reuse, and a number of other
    methods, taking advantage of holes in security infrastructure. After
    breaching an organization’s network, criminals may access the data
    themselves or sell the access off at dark web auctions. The
    information gathered as a result in turn frequently leads to further
    breaches through techniques like business email compromise (BEC). Read
    also: https://go.recordedfuture.com/hubfs/reports/cta-2020-0521.pdf

    Reply
  25. Tomi Engdahl says:

    Halpalentoyhtiö Easyjet ilmoitti hakkereiden varastaneen yhdeksän
    miljoonan asiakkaan varaustiedot
    https://www.hs.fi/ulkomaat/art-2000006512922.html
    Tietomurto tapahtui jo tammikuussa. Samalla vietiin yli kahdentuhannen

    Reply
  26. Tomi Engdahl says:

    Home Chef announces data breach after hacker sells 8M user records
    https://www.bleepingcomputer.com/news/security/home-chef-announces-data-breach-after-hacker-sells-8m-user-records/
    Home Chef, a US-based meal kit and food delivery service, announced a
    data breach today after a hacker sold 8 million user records on a dark
    web marketplace.

    Reply
  27. Tomi Engdahl says:

    EasyJet: 9 million customers personal data accessed
    https://www.pandasecurity.com/mediacenter/news/easyjet-data-breach/
    EasyJet: A massive data breach. On May 19 this year, EasyJet announced
    that it had suffered a “massive cyberattack” in which the attackers
    had accessed the personal data of approximately nine million
    customers. Among that data that the cybercriminals were able to access
    were the victims’ email addresses and travel details. What’s more, the
    attackers also managed to “access” the credit card details of 2, 208
    customers. The company first learned of this incident in January this
    year. Read also:
    https://www.tivi.fi/uutiset/tv/a8e698bc-d840-4c37-a3dd-e1b0a3f4277c
    and https://www.is.fi/digitoday/tietoturva/art-2000006513220.html. Or:
    https://threatpost.com/easyjet-hackers-travel-details-9m-customers/155894/

    Reply
  28. Tomi Engdahl says:

    Snake ransomware leaks patient data from Fresenius Medical Care
    https://www.bleepingcomputer.com/news/security/snake-ransomware-leaks-patient-data-from-fresenius-medical-care/
    Medical data and personally identifiable information belonging to
    patients at a Fresenius Medical Care unit are currently available
    online on a paste website. Fresenius is a large private hospital
    operator in Europe and its systems were compromised as part of a
    massive campaign from Snake ransomware that targeted organizations
    across all verticals.

    Reply
  29. Tomi Engdahl says:

    Home Chef announces data breach after hacker sells 8M user records
    https://www.bleepingcomputer.com/news/security/home-chef-announces-data-breach-after-hacker-sells-8m-user-records/

    The user records for Home Chef was one of the databases being sold and allegedly contained 8 million user records.

    At the time of our reporting, BleepingComputer emailed Home Chef but never received a response.

    Home Chef issues data breach notification
    Now, almost two weeks later, Home Chef has officially disclosed the data breach in a “Data security incident” notice posted to their web site.

    Reply
  30. Tomi Engdahl says:

    Original Xbox’s complete source code leaked online
    The Windows NT 3.5 kernel has also been unearthed.
    https://engt.co/2zTgtSr

    The original Xbox was a new frontier for modders and tinkerers, as the included hard drive made it easy to install unofficial dashboards and pirated games. Those enthusiasts might be getting a flashback to 2002, as the official Xbox OS has leaked online, according to The Verge. This includes the Xbox dev kit, emulators, build environments, documentation and the kernel itself. These kinds of leaks have often enabled developers to create unofficial (and illegal) fan projects such as emulators. However, The Verge notes that some of this data has been available within the homebrew scene for a while, so it’s not clear how much of it will be a revelation to the Xbox modding and emulation community.

    Reply
  31. Tomi Engdahl says:

    Hackers leak credit card info from Costa Rica’s state bank
    https://www.bleepingcomputer.com/news/security/hackers-leak-credit-card-info-from-costa-ricas-state-bank/
    Maze ransomware operators have published credit card data stolen from
    the Bank of Costa Rica (BCR). They threaten to leak similar files
    every week.

    Reply
  32. Tomi Engdahl says:

    26 million LiveJournal credentials leaked online, sold on the dark web
    https://www.zdnet.com/article/26-million-livejournal-credentials-leaked-online-sold-on-the-dark-web/
    LiveJournal credentials were obtained in a 2014 hack, but leaked
    online earlier this month.

    Reply
  33. Tomi Engdahl says:

    Amtrak resets user passwords after Guest Rewards data breach
    https://www.bleepingcomputer.com/news/security/amtrak-resets-user-passwords-after-guest-rewards-data-breach/
    Amtrak, a high-speed intercity passenger rail provider and an
    independent US government agency, operates a nationwide rail network
    in 46 states, the District of Columbia, and three Canadian provinces,
    with 30 million customers during the last nine years.

    Reply
  34. Tomi Engdahl says:

    Hacker leaks database of dark web hosting provider
    https://www.zdnet.com/article/hacker-leaks-database-of-dark-web-hosting-provider/
    “This information could substantially help law enforcement track the
    individuals running or taking part in illegal activities on these
    darknet sites, ” Under the Breach told ZDNet.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*