Month: March 2019

On March 29, 2019, Toyota Motor Company (TMC) announced in Japan that that its Tokyo Sales Holdings Inc., a TMC sales subsidiary, and its affiliated enterprises, as well as 3 other dealers in Japan, have been hacked. Unauthorized access had been detected on March 21, 2019 on a server containing data belonging to 3.1 million customers. Customer names and dates of birth were hacked, but no credit card information.

On February 21, 2019, Toyota Australia reported a security breach. Although no user or customer data was hacked at that time, the attack caused disruptions to its IT systems.

Read more about it here.

Security experts found an unprotected server operated by e-mail validation company Verifications.io, exposing 4 MongoDB databases. Initially, only one database was reported as being leaked. In total, 2,069,145,043 records (made up of both individual consumers and businesses) have been leaked.

Leaked information included first name, last name, e-mail, phone, city,state, date of birth, and more.

The good news is that the leaked data didn’t include financial data, medical records or other personal or confidential information.

The image below shows Verifications.io’s four MongoDB databases exposed to the internet.

The breached server and the web site have been down since.

Read more about it here.

American software giant Citrix was notified by the FBI on March 6, 2019 that it has been hacked.

The FBI believes attackers used the “password spraying” technique to access the Citrix network. In this technique, a large number of accounts (usernames) are attempted to be accessed by a low number of commonly used password, such as “Password1” or “Summer2018”.

Once inside, the attackers worked to obtain more privileges. According to one source, 6TB of e-mails, documents and corporate secrets were stolen.

So far, there aren’t any indications that personal information was stolen.

Read more about it here.

Here are some of the highlights from the 2019 Hacker Report:

• $19 million in customer bounties earned in 2018, representing nearly the bounty totals for all preceding years combined.
• By the end of 2018, hackers had earned over $42 million.
• Some hackers earned $100K for one vulnerability.
• A 19-year-old that goes by the handle “@try_to_hack” became the first white hat hacker to surpass $1 million in bounty awards.
• The community has over 300,000 registered hackers.
• Over $100,000 valid vulnerabilities have been submitted.

Read more about it here.