Cyber Victor – a leading blog on cyber security

Robinhood is a US commission-free stock trading and investing platform, having as of March 2021 18 million accounts with over $80 billion in assets. On November 8, 2021, the company disclosed a data breach, where where on November 3, a threat actor gained access to the personal information of approximately 7 million customers. “Based on our investigation, the attack has been contained and we believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident” says the announcement.

“The unauthorized party socially engineered a customer support employee by phone and obtained access to certain customer support systems.” In total, the following was leaked:

• 5 million email addresses
• 2 million full names of a different group of customers
• 310 customers had their personal information, including name, date of birth, and postal zip code leaked
• 10 customers had more extensive account details leaked

Read more about it here.

After the compromise of its servers in India, tech giant Acer was hacked again in Taiwan by the same threat actor.

In mid October, Acer revealed that its after-sales service systems in India were hit by an isolated attack. The incident was disclosed after the threat actors, Desorden, advertised the sale of more than 60 GB of data on an underground cybercrime forum. In response, Acer Taiwan took down the compromised server, and issued the following statement:

“We have recently detected an isolated attack on our local after-sales service system in India and a further attack in Taiwan. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India, while the attacked Taiwan system does not involve customer data. The incident has been reported to local law enforcement and relevant authorities, and has no material impact to our operations and business continuity.”

This is the third time this year that Acer suffers a data breach. In March, Acer was hit by REvil ransomware operators that compromised its systems and requested a record $50 million ransom. Acer had offered to pay the group $10 million, which was rejected by the hackers.

Read more about it here.

UK newspaper “The Telegraph”, one of the UK’s largest newspapers and online media outlets, has leaked 10 TB of data after failing to properly secure one of its Elasticsearch databases.

The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers. It also included registrant information of Apple News subscribers, also including passwords in plaintext form.

The unsecured database was discovered by popular researcher Bob Diachenko on September 14, 2021. The newspaper was contacted and warned about the exposure immediately, but it took them two days to respond and secure the database. The database instance was indexed on specialized search engines on September 1, 2021, so the period of exposure was at least three weeks.

Experts recommend impacted visitors to reset their password, remain vigilant, and look out for unsolicited messages that could ask them to click on links or open attachments.

Read more about it here.

On September 30, 2021, American luxury department store Neiman Marcus notified 4.6 million customers of data breach that occurred in May 2020. According to the company:

“The personal information for affected customers varied and may have included names and contact information; payment card numbers and expiration dates (without CVV numbers); Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts. More than 85% of affected payment and virtual gift cards are expired or invalid.”

According to the Neiman Marcus Group, no evidence has been found to suggest that the online customer accounts pf its two other brands, Bergdorf Goodman and Horchow, were affected by the breach.

In response to the security breach, Neiman Marcus is requiring all affected customers whose online account password hasn’t changed since May 2020 to change their password.

Read more about it here.

British cybersecurity researcher Bob Diachenko stumbled upon his own personal data online, after discovering an unsecured database containing the personal information of millions of visitors to Thailand. He discovered the database on August 22, 2021 and immediately alerted the Thai authorities, who acknowledged the incident and secured the data the following day.

Inside the 200 GB digital index were records dating back ten years, containing the personal data of 106 million international travelers to Thailand. The data included full names, arrival dates, gender, residency status, passport numbers, visa types, and Thai arrival card numbers.

Fortunately, none of the data exposed poses a direct financial threat to most individuals. No financial or contact information was included.

While the IP address of the database is still public, the database has been replaced with a honeypot – a digital booby trap. Visitors to the IP address who attempt to access the now secured database are presented with the message: “This is honeypot, all access were logged.” [sic]

Read more about it here.

Pacific City Bank is a California based bank that provides financial services and caters mainly to the Korean-American community. The bank started its operations in 2003, and currently has 12 branches and 8 loan offices.

On September 4, 2021, the AVOS Locker gang broke into Pacific City Bank’s systems and extracted some sensitive files. They then published a screen shot as proof of the successful attack. The screen shot is showing human resources documents and a phone directory, and threatened to leak it.

It isn’t clear yet how much the gang was asking, and whether the ransom was paid.

Read more about it here.

The US Securities and Exchange Commission (SEC) Office of Investor Education and Advocacy is warning investors to be “extremely wary” of potential investment scams related to Hurricane Ida. Scams may be promoted through email and social media posts, promising high returns for small, thinly-traded companies that supposedly will reap huge profits from recovery and cleanup efforts. Fraudsters may likely target individuals receiving compensation from insurance companies

One of the best ways to avoid investment fraud is to ne skeptical and ask questions. Individuals should ask anyone approaching them with an investment opportunity if they’re licensed and if their investment is registered with the SEC or with a US state securities regulator. This can be easily checked by contacting the SEC or the state securities regulator. “Know that promises of fast and high profits, with little or no risk, are classic signs of fraud” says the SEC alert.

Read more about it here.

Telecommunications giant T-Mobile has issued a warning that following a security breach, personal data of more than 50 million customers has been compromised. The data includes names, dates of birth, phone numbers, addresses, US Social Security Numbers, and driver’s license information of customers.

The seller was asking for 6 bitcoin (around $270,000) for a subset of the data containing 30 million Social Security Numbers and driver’s licenses, and said that they were looking to sell the remaining information privately.

T-Mobile said that the data breach affected about 7.8 million current customers and 40 million records of former or prospective customers. Both prepaid and postpaid customers were affected.

Read more about it here.

Global IT and consulting giant Accenture has allegedly been hit by a LockBit 2.0 ransomware attack. Accenture acknowledged in an internal memo that on July 30, 2021, attackers stole client information and work materials in “security incident.”

The ransomware cybercriminals have stolen databases containing over 6TB of data, are demanding a $50M ransom. They further claim that the hack was the result of an insider job.

Accenture did not initially disclose the ransomware attack, and later downplayed it. Accenture said it “fully restored” the affected servers from backups.

Read more about it here.

The city of Joplin, Missouri, US, announced a few days ago that it was hit in July by a ransomware attack. Computer servers and programs that operated the city’s online services were closed down on July 7, 2021. Joplin’s internet-based telephone system was restored two days later. Cybersecurity firms hired to recover the city’s information technology systems have restored nearly every system needed to resume normal operations, including the city’s COVID-19 dashboard, online utility payments and court functions, Edwards said.

“An insurer has paid $320,000, to someone not identified, to keep any sensitive information obtained as a result of the cyberattack from being exposed”, said City Manager Nick Edwards in the statement.

“No additional information about the breach will be disclosed now because making more information available to the public could harm the investigation and expose the city to future risks or attacks”, the statement said.

Read more about it here.