Items tagged with data-breach

High-reward ransomware appears to be all the rage right now after the REvil hacking group executed the Kaseya attack, encrypting over 1,500 businesses. Now, Saudi Aramco has confirmed a data leak today following an extortionist who demanded $50 million after claiming to have sized a large quantity of data from the world’s largest oil producer. Released today, Aramco’s statement explained that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors.” While no supplier or contractor was named nor was it explained how the data was lost according to the Financial Times, it seems the company is simply... Read more...
Sometimes you may not know that you have been infected with malware until it is too late, as is likely the case for users across more than three million Windows-based computers globally. In a stunning revelation, in the two years between 2018 and 2020, a Trojan-like malware managed to infiltrate millions of Windows devices and extract 1.2 terabytes of personal information. On Wednesday, NordLocker, a subsidiary of NordVPN, released malware research that led to discovering a database of stolen data. The stolen information includes nearly 26 million login credentials with 1.1 million unique email addresses, 2 billion or more cookies, and roughly 6.6 million files. Over 50 percent of the stolen... Read more...
The Golden Arches are not so shiny today it seems, as the world's biggest fast-food chain, McDonald's, has been hit by an international data breach. The company reported today that hackers have stolen data containing employee and restaurant information from its South Korean, Taiwanese, and United States markets. Though it is believed that the data was not sensitive nor personal, it still raises concerns for the future. Recently, McDonald's discovered unauthorized activity on an internal security system, which prompted the company to lock things down and cut off access. Following this security incident, external cybersecurity consultants were brought in to investigate and found that indeed... Read more...
It does not seem Facebook will be able to catch a break this week after an accidental email revealed the company’s dismissive view of data leakage. The Silicon Valley social media company is facing a possible new leak after a researcher found he could link up to 5 million Facebook accounts to private email addresses daily. On Tuesday, a video made the rounds that showed a researcher, who remains anonymous, demonstrating a tool called “Facebook Email search v1.0.” This person explained to Ars Technica that as many as 5 million emails could be linked to Facebook accounts in a day, even if said emails were private on an account. Interestingly, the only reason we know of this leak... Read more...
Earlier this month, Facebook worked to downplay a data scraping operation that impacted nearly 533 million users on its social media platform. At that time, we viewed it as Facebook's attempt to simultaneously be evasive and attempt to save face. It seems this is legitimately Facebook's modus operandi; however, after an internal email explaining Facebook's long-term strategy involving the incident was accidentally leaked to a journalist.  Dating back to 2019, users' information, including names, birth date, gender, location, phone number, and email addresses, were available to be scraped off Facebook using a tool created by the social media company. While not all these pieces of data were... Read more...
Information scraping campaigns are becoming more prevalent, it seems, with LinkedIn recently losing data for 500m million users. Facebook also faced a similar issue with its phone contact search feature, which allowed malicious parties to collect over 500 million users' information. Another company, called Q Link Wireless, could be facing the same issue due to a misconfigured or poorly designed mobile app that could have leaked sensitive data. Perhaps it is time to take a hard look at what data is public and how users can access it. Q Link Wireless is a low-cost mobile provider that also works with the FCC on the Lifeline program to provide free cell phone service to low-income households. They... Read more...
Over the last week, we have reported on a Facebook data leak that released phone numbers, emails, date of birth, names, and more, impacting nearly 533 million users. This leak occurred in 2019 but recently came to light as it was being spread online for free, and Facebook did not handle the situation well. The social media company has now released a blog post explaining what happened, but is that enough, or is Facebook trying to shift the blame? Mike Clark, Product Management Director, penned a blog yesterday on Facebook's Newsroom explaining what was occurring with the leaked data. He stated that the data was not obtained through hacking but by "scraping it from [the] platform." Scraping... Read more...
Game developer CD Projekt Red announced on Twitter that it has fallen prey to a "targeted cyber attack," in which an unidentified actor (or actors, as the case might be) gained unauthorized access to its internal network and are demanding a ransom. In a ransom note left by the attacker(s), it is claimed they managed to steal the source code for a few prominent titles, including Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of Witcher 3. It's not clear if the hack did actually result in stolen source as claimed, though CD Projekt Red did acknowledge that the responsible party "collected certain data" belonging to the developer, and also encrypted some devices on the network.... Read more...
According to Comparitech researchers, a database of nearly 235 million social media profiles from platforms such as Instagram, TikTok, and YouTube, was exposed on the internet. This could open users up to phishing and impersonation scams as well as unwanted email usage. On August 1st, Bob Diachenko, a cybersecurity researcher at Comparitech, uncovered three copies of the data on servers ultimately controlled by Hong Kong- based Social Data. Social Data is a company that sells data of social media influencers to marketers. According to hints in the database, the data was initially owned by a company called Deep Social, which is now dissolved. It is assumed that this data was collected with web... Read more...
Unless you’ve been living under a rock, you know that Equifax was hacked surfaced and 143 million Americans have potentially had their personal information stolen. What many have been wondering is what exactly do the hackers plan to do with all that stolen data. A report making the rounds claims that the hackers want a massive ransom from Equifax to return the data. Hackers made the ransom demand on an unnamed Darkweb site stating that they would delete the data if they receive a ransom payment of 600 BTC, which would be worth about $2.6 million at current valuation. The value of Bitcoin is at one of its highest points ever right now, having jumped past $4,000 for the first time in mid-August... Read more...
My phone just pinged. Did someone just like the Instagram photo of my dog? Is my Chipotle to-go order finally ready? Nope, I was one of the lucky one billion users whose Yahoo account was infiltrated by hackers, my personal information potentially compromised. This past November law enforcement provided Yahoo with files that a third party claimed was Yahoo user data. Yahoo then hired an outside forensics team, and established that the data did in fact belong to their users. According to Yahoo, “Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts…” That "broader set" of... Read more...
In case you hadn’t heard, data breaches are a problem--a huge problem--and to quantify that somewhat, New York AG Eric Schneiderman released a report detailing his state’s data breach information including the costs involved. There’s a lot of meaty data in the report, but one part that stands out is that there were 900 data breaches in New York in 2013 exposing the personal details of 7.3 million people at a cost of $1.37 billion. Woof. Those numbers were driven in large part by the massive Target breach as well as those of Sony and Living Social, and they point to the fact that hacking is the leading problem. The report shows that hacks were responsible for 40.78% (2,009) of... Read more...
Symantec, which has been making antivirus products for decades (including Norton, the first piece of software most people would try to remove from a new PC), is getting out of the antivirus game, sort of. Brian Dye, Symantec's senior vice president for information security, told the Wall Street Journal that in Synamtec’s view, antivirus is dead. "We don't think of antivirus as a moneymaker in any way," he stated. That doesn't mean the company is completely abandoning Norton, but it is heading in a new direction. Basically, instead of primarily focusing on keeping the walls secure, Symantec is more interested in what to do when (not if) cybercriminals break through. In a year, this will... Read more...
The good news for Target and its customers is that the retailer’s robust IT system detected the massive holiday season hack that affected tens of millions of accounts before it ever happened. The bad news is that Target failed to act on that detection, and the rest is history. According to Bloomberg, Target’s security tools detected the malware used in the hack as early as November 30th, and the thieves weren’t able to remove any data until December 2nd, which means that there were a couple of days wherein the threat couild have been mitigated. Bloomberg asserts that it was human error that led to the hack from there: Once the malware was flagged, the alert was forwarded to... Read more...
The fallout from the massive holiday Target data breach persists, as the retailer works feverishly to sort out exactly what happened and what to do about it. The 40 million or so customers who used cards at Target between November 27th and December 15th and had their data accessed by cybercrooks still need to be wary of any fraudulent activity, but there’s at least a shred of good news: your PIN numbers are safe. According to the most recent update from Target, PIN numbers are encrypted at the keypad with Triple DES encryption, and the company can’t decrypt them because the keys don’t exist in Target’s system. Rather, a third-party external payment processor handles all... Read more...