Category: Uncategorized

UK newspaper “The Telegraph”, one of the UK’s largest newspapers and online media outlets, has leaked 10 TB of data after failing to properly secure one of its Elasticsearch databases.

The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers. It also included registrant information of Apple News subscribers, also including passwords in plaintext form.

The unsecured database was discovered by popular researcher Bob Diachenko on September 14, 2021. The newspaper was contacted and warned about the exposure immediately, but it took them two days to respond and secure the database. The database instance was indexed on specialized search engines on September 1, 2021, so the period of exposure was at least three weeks.

Experts recommend impacted visitors to reset their password, remain vigilant, and look out for unsolicited messages that could ask them to click on links or open attachments.

Read more about it here.

On September 30, 2021, American luxury department store Neiman Marcus notified 4.6 million customers of data breach that occurred in May 2020. According to the company:

“The personal information for affected customers varied and may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts. More than 85% of affected payment and virtual gift cards are expired or invalid.”

According to the Neiman Marcus Group, no evidence has been found to suggest that the online customer accounts pf its two other brands, Bergdorf Goodman and Horchow, were affected by the breach.

In response to the security breach, Neiman Marcus is requiring all affected customers whose online account password hasn’t changed since May 2020 to change their password.

Read more about it here.

British cybersecurity researcher Bob Diachenko stumbled upon his own personal data online, after discovering an unsecured database containing the personal information of millions of visitors to Thailand. He discovered the database on August 22, 2021 and immediately alerted the Thai authorities, who acknowledged the incident and secured the data the following day.

Inside the 200 GB digital index were records dating back ten years, containing the personal data of 106 million international travelers to Thailand. The data included full names, arrival dates, gender, residency status, passport numbers, visa types, and Thai arrival card numbers.

Fortunately, none of the data exposed poses a direct financial threat to most individuals. No financial or contact information was included.

While the IP address of the database is still public, the database has been replaced with a honeypot – a digital booby trap. Visitors to the IP address who attempt to access the now secured database are presented with the message: “This is honeypot, all access were logged.” [sic]

Read more about it here.

Pacific City Bank is a California based bank that provides financial services and caters mainly to the Korean-American community. The bank started its operations in 2003, and currently has 12 branches and 8 loan offices.

On September 4, 2021, the AVOS Locker gang broke into Pacific City Bank’s systems and extracted some sensitive files. They then published a screen shot as proof of the successful attack. The screen shot is showing human resources documents and a phone directory, and threatened to leak it.

It isn’t clear yet how much the gang was asking, and whether the ransom was paid.

Read more about it here.

The US Securities and Exchange Commission (SEC) Office of Investor Education and Advocacy is warning investors to be “extremely wary” of potential investment scams related to Hurricane Ida. Scams may be promoted through email and social media posts, promising high returns for small, thinly-traded companies that supposedly will reap huge profits from recovery and cleanup efforts. Fraudsters may likely target individuals receiving compensation from insurance companies

One of the best ways to avoid investment fraud is to ne skeptical and ask questions. Individuals should ask anyone approaching them with an investment opportunity if they’re licensed and if their investment is registered with the SEC or with a US state securities regulator. This can be easily checked by contacting the SEC or the state securities regulator. “Know that promises of fast and high profits, with little or no risk, are classic signs of fraud” says the SEC alert.

Read more about it here.

Telecommunications giant T-Mobile has issued a warning that following a security breach, personal data of more than 50 million customers has been compromised. The data includes names, dates of birth, phone numbers, addresses, US Social Security Numbers, and driver’s license information of customers.

The seller was asking for 6 bitcoin (around $270,000) for a subset of the data containing 30 million Social Security Numbers and driver’s licenses, and said that they were looking to sell the remaining information privately.

T-Mobile said that the data breach affected about 7.8 million current customers and 40 million records of former or prospective customers. Both prepaid and postpaid customers were affected.

Read more about it here.

Global IT and consulting giant Accenture has allegedly been hit by a LockBit 2.0 ransomware attack. Accenture acknowledged in an internal memo that on July 30, 2021, attackers stole client information and work materials in “security incident.”

The ransomware cybercriminals have stolen databases containing over 6TB of data, are demanding a $50M ransom. They further claim that the hack was the result of an insider job.

Accenture did not initially disclose the ransomware attack, and later downplayed it. Accenture said it “fully restored” the affected servers from backups.

Read more about it here.

The city of Joplin, Missouri, US, announced a few days ago that it was hit in July by a ransomware attack. Computer servers and programs that operated the city’s online services were closed down on July 7, 2021. Joplin’s internet-based telephone system was restored two days later. Cybersecurity firms hired to recover the city’s information technology systems have restored nearly every system needed to resume normal operations, including the city’s COVID-19 dashboard, online utility payments and court functions, Edwards said.

“An insurer has paid $320,000, to someone not identified, to keep any sensitive information obtained as a result of the cyberattack from being exposed”, said City Manager Nick Edwards in the statement.

“No additional information about the breach will be disclosed now because making more information available to the public could harm the investigation and expose the city to future risks or attacks”, the statement said.

Read more about it here.

Clubhouse is a social audio app for iOS and Android, where users can communicate in voice chat rooms that host groups of thousands of people.

On July 24, 2021, leading cybersecurity expert Jiten Jain wrote on Twitter that a database of 3.8 billion phone numbers (cellphones, fixed, private, and professionals numbers) of Clubhouse users is up for sale on the Darknet. The screenshot on the tweet claimed that “Clubhouse is connected in real time to all their users’ phonebooks meaning each time you add a new phone number in your phonebook, the number is automatically added into the secret database of Clubhouse. Each number is ranked by a score (the score corresponds to the number of Clubhouse users who have this specific phone number in their phonebook). With this score we are able to evaluate the level of network of each phone number in the world”.

In response, Clubhouse denied these claims, and said: “There has been no breach of Clubhouse. There are a series of bots generating billions of random phone numbers. In the event that one of these random numbers happens to exist on our platform due to mathematical coincidence, Clubhouse’s API returns no user-identifiable information. Privacy and security are of the utmost importance to Clubhouse and we continue to invest in industry-leading security practices.”

Several security experts have denied the hacker’s claims. Security researcher Rajshekhar Rajaharia said that the list of phone numbers can be generated very easily, and the data leak claim appears fake.

Read more about it here.

ENISA, the European Union Agency for Cybersecurity, published a guide for Subject Matter Experts, containing 12 practical, high level steps on how to better secure their systems and their business.

The 12 recommendations are:

• Develop good Cybersecurity culture
• Provide appropriate training
• Ensure effective third party management
• Develop an incident response plan
• Secure access to systems
• Secure devices
• Secure your network
• Improve physical security
• Secure backups
• Engage (securely!) with the cloud
• Secure online sites
• Seek and share information

Read more about it here.