Mobile giant T-Mobile disclosed its second data breach so far in 2023. A hacker gained access to the personal information of 836 of T-Mobile customers between late February and March. The personal information included full names, contact information, dates of birth, addresses, government ID’s, Social Security Numbers, and T-Mobile account numbers pins.
After detecting the security breach, T-Mobile reset account PINs of impacted customers.
In January 2023, T-Mobile reported another data breach affecting 37 million customers.
Hackers have reportedly been breaking into AT&T provided email addresses, and using this access to steal large amounts of cryptocurrency. While it’s not clear how many people have been impacted, one victim claimed that hackers stole $134,000 from a Coinbase account associated with a compromised email address. Email addresses with att.net, sbcglobal.net, bellsouth.net and other AT&T domain names have all reportedly been affected.
Presumably, the hackers gained access to a part of AT&T’s internal network, which allows them to create mail keys for any user. Mail keys are unique credentials that AT&T email users can use to log into their accounts using email apps such as Thunderbird or Outlook, but without having to use their passwords.
AT&T has adopted security measures to prevent similar attacks, and forced a password reset on some email accounts.
OpenAI, the company behind popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are “safe and useful for everyone”.
“Security is essential to OpenAI’s mission”, said the company. “We appreciate the contributions of ethical hackers who help us uphold high privacy and security standards for our users and technology.”
The company said that ChatGPT is in scope, including ChatGPT Plus, logins, subscriptions, OpenAI-created plugins (e.g. Browsing, Code Interpreter), plugins users create themselves, and all other functionality. Plugins developed by other users are out of the scope.
The bounties range from $200 for low-severity security issues, up to $20,000 for “exceptional discoveries”.
Yum! Brands, the company that owns restaurant chains KFC, Pizza Hut Taco Bell, disclosed a data breach. On January 13, 2023, Yum! Brands suffered a ransomware attack that forced it to take its IT systems offline, closing almost 300 restaurants in the UK for one day. Back then the company said that it had no evidence that the attackers exfiltrated any customer information.
In a breach notification letter that was sent to affected customers starting April 6, Yum! Brands revealed that it has now found out the attackers stole some individuals’ personal information, including names, driver’s license numbers, and other ID numbers.
The company added that the ongoing investigation has not found evidence that the stolen data had been used for identity theft or fraud, however, such data is typically traded or shared on underground hacker forums and ultimately used in phishing and other types of attacks.
Storage giant Western Digital confirmed on April 3, 2023 that its network has been breached and an unauthorized party gained access to multiple company systems. The California based computer drive maker and provider of cloud data storage services stated that the network security incident was identified on March 26. The investigation is still ongoing and Western Digital has yet to learn how much was taken.
Since the incident, Western Digital’s consumer cloud and backup service My Cloud has experienced outages, preventing customers from accessing their files. This included My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Charger. Services were restored on April 12.
While Western Digital’s customers wait for more information, they can take action. Users should assume their accounts associated with Western Digital’s services may have been compromised, and therefore they should change their service account passwords and if possible, enable Multi-Factor Authentication (MFA).
Italian supercar manufacturer Ferrari disclosed on March 20, 2023 that it was recently the victim of a ransomware attack that may have disclosed certain personal information about its clients. The company said it was “recently contacted by a threat actos with a ransom demand related to such customer data. As a policy, Ferrari will not be held to ransom”.
The car make said that hackers accessed customers’ names, addresses, email addresses and telephone numbers. Based on its investigation so far, Ferrari said no payment information, bank account numbers or details of Ferrari cars owned or ordered had been stolen.
Ferrari hasn’t disclosed how many customers were impacted by the breach or how or when the company was compromised.
AT&T is notifying 9 million customers of data breach after a third-party vendor hack
Telecom giant AT&T is notifying 9 million of its customers that some of their information was exposed after a third-party vendor was hacked. “We recently determined that an unauthorized person breached a vendor’s system and gained access to your “Customer Proprietary Network Information (CPNI)”, reads the data breach communication sent by AT&T to the impacted customers. “However, please rest assured that no sensitive personal or financial information such as Social Security number or credit card information was accessed”, continues the communication. Passwords or personal information wasn’t breached either.
Exposed CPNI data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses. “A small percentage of impacted customers also had exposure of rate plan name, past due amount, monthly payment amount, various monthly charges, and/or minutes used. The information was several years old”, said AT&T.
In its email to the affected customers, AT&T confirmed that the marketing vendor has fixed the vulnerability. The company has also notified the federal law enforcement agencies about the incident.
Customers are advised to toggle off CPNI data sharing on their accounts, by making a CPNI Restriction Request to reduce exposure risks in the future if AT&T uses it for third-party vendor marketing purposes.
Password management giant LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for two and a half months.
This saga started in August 2022, when LastPass CEO, Karim Toubba, confirmed that an “unauthorized party gained access to portions of the LastPass development environment,” and “took portions of source code and some proprietary LastPass technical information.” This incident had not compromised master passwords. Toubba updated the LastPass incident statement in September 2022 with further details of what the attacker had accessed. On November 30, 2022, Toubba updated that statement again: Company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service were accessed by the attacker. The attacker accessed both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled data. This meant that the attacker now had customer password vaults but not the means to open them, unless they tried known passwords from other breaches or weakly constructed master passwords.
On March 1, 2023, the company published another update, saying that threat actor breached “DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”
LastPass ultimately detected the anomalous behavior through AWS GuardDuty Alerts, when the threat actor attempted to use Cloud Identity and Access Management (IAM) roles to perform unauthorized activity.
The complete list of the customer data that was breached is posted on this support page.
The European Commission (EC) and the European Council, the two largest policy bodies in the EU, are the latest government entities to implement a TikTok ban for their staff. The EU bodies requested that their staff remove the TikTok app from their work devices, as well as from their personal devices that contain work-related apps installed. An alternative option that was offered to the staff is to delete work-related apps from their personal phones if they want continues to use TikTok.
A similar move was adopted by the US Government, banning the use of TikTok on all government devices by the end of February 2023 due to national security concerns.
In 2020, India banned TikTok, among dozens of other China-developed apps.
In anticipation of the EU ban, TikTok has gone on a major PR offensive, including infrastructure investments that includes opening three local data centers in Europe for its EU user’s data.
TikTok, developed by Chinese firm ByteDance, has over 1 billion active users across 154 countries. It has come under close scrutiny in the US and other countries for its alleged ties to the Government of China.
Web hosting giant GoDaddy disclosed on February 17, 2023 a multi-year security breach that enabled unknown threat actors to install malware on its servers and exfiltrate source code related to some of its services.
The threat actors have breached its cPanel shared hosting environment.
The malware installed on the systems of the company was intermittently redirecting random customer websites to malicious websites, stated the company.
The security breach was discovered in December 2022 after customers reported that this, however the attackers had access to GoDaddy’s network for several years.
The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign.
