Month: January 2023

Mobile giant T-Mobile disclosed a new data breach that resulted in the theft of data belonging to 37 million customer accounts.

According to the announcement made, “a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.”

The announcement continues: “No passwords, payment card information, social security numbers, government ID numbers or other financial account information were compromised. Some basic customer information”, “including name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features” was obtained.

T-Mobile said it first learned of the incident on Jan. 5, 2023, and that an investigation determined the bad actor started abusing the API beginning around Nov. 25, 2022. The company says it is in the process of notifying affected customers.

Read more about it here.

In the end of November 2022, OpenAI released ChatGPT. ChatGPT (Generative Pre-trained Transformer) is the newest development in the AI field, created by research company OpenAI led by Sam Altman and backed by Microsoft, Elon Musk, LinkedIn Co-Founder Reid Hoffman, and Khosla Ventures. It can conduct conversations with people, mimicking various writing styles.

Check Point Research (CPR) has recently discovered that there are already first instances of cybercriminals using ChatGPT to develop malicious tools. Although the tools presented are rudimentary, it’s only a matter of time until they can be enhanced for malicious used.

The researchers provided the following examples:

• Creating infostealer: A hacker shared the code of a Python-based stealer that searches for common file types, copies them to a random folder inside the Temp folder, ZIPs them and uploads them to a hardcoded FTP server.
• Creating an Encryption Tool: A hacker shared a Python script that performs cryptographic operations: Generates a cryptographic key, encrypts a file, and more. With some work, hacker can potentially turn the code into ransomware.
• Facilitating ChatGPT for Fraud Activity.

Read more about it here.

A data leak containing email addresses of 222 million Twitter users has been published on a popular hacker forum. Many experts have analyzed it and confirmed the authenticity of many of the entries in the leaked archive.

Since July 22, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private data (phone numbers and email addresses) and public data on various hacker forums. These data sets were created in 2021 by exploiting a Twitter API vulnerability.

The first data set of 5.4 million users was put up for sale in July 2022 for $30,000 and ultimately released for free on November 27, 2022. Another data set allegedly containing the data for 17 million users was also circulating privately in November.

On January 4, 2023, a threat actor released a data set consisting of 221,608,279 Twitter profiles on the Breached hacking forum for eight credits of the forum’s currency, worth approximately $2.

Unlike previously leaked data collected using this Twitter API flaw, this leak didn’t indicate whether an account is verified.

Read more about it here.