Month: August 2019

Security researchers discovered an unsecured database containing 700,000 records from hotel franchise Choice Hotels. The MongoDB database contained 5.6 million records.

The database was hosted on a vendor’s server. Exposed records included guests names, email addresses, and phone numbers.

The hackers left a ransom note saying that 700,000 records had been stolen and backed up elsewhere, demanding 0.4 Bitcoin, or about $3,856. However, they didn’t lock up the data, making the ransom demand moot.

Read more about it here.

The city of Naples, Florida, has confirmed that is lost $700,000 following a spear phishing cyber attack. “The funds were paid to a fake bank account the attacker provided while posing as a representative from the Wright Construction Group, which was doing infrastructure work on Eighth Street South in downtown Naples”, according to a news release.

The attackers sent an email disguised as coming from the Wright Construction Group, tricking a city employee into transferring the funds to a fake bank account under their control.

Fortunately, City Manager Charles Chapman confirmed that the attack did not breach the city’s data systems.

Recently, a number of cities in Florida were victims of cyber attacks: Riviera Beach, Key Biscayne, and others.

Read more about it here.

State Farm, an American group of insurance and financial services companies, disclosed that it has been a victim of a credential stuffing attack. The attack was discovered in July 2019. The company notified the impacted users, but didn’t disclose how many users were affected.

Credential stuffing occurs when bad actors steal usernames and passwords from one online account, and then try them on other online account, revealing additional user information.

In response to the attack, State Farm reset the passwords of the impacted accounts.

Read more about it here.