Cyber Victor – a leading blog on cyber security

Clubhouse is a social audio app for iOS and Android, where users can communicate in voice chat rooms that host groups of thousands of people.

On July 24, 2021, leading cybersecurity expert Jiten Jain wrote on Twitter that a database of 3.8 billion phone numbers (cellphones, fixed, private, and professionals numbers) of Clubhouse users is up for sale on the Darknet. The screenshot on the tweet claimed that “Clubhouse is connected in real time to all their users’ phonebooks meaning each time you add a new phone number in your phonebook, the number is automatically added into the secret database of Clubhouse. Each number is ranked by a score (the score corresponds to the number of Clubhouse users who have this specific phone number in their phonebook). With this score we are able to evaluate the level of network of each phone number in the world”.

In response, Clubhouse denied these claims, and said: “There has been no breach of Clubhouse. There are a series of bots generating billions of random phone numbers. In the event that one of these random numbers happens to exist on our platform due to mathematical coincidence, Clubhouse’s API returns no user-identifiable information. Privacy and security are of the utmost importance to Clubhouse and we continue to invest in industry-leading security practices.”

Several security experts have denied the hacker’s claims. Security researcher Rajshekhar Rajaharia said that the list of phone numbers can be generated very easily, and the data leak claim appears fake.

Read more about it here.

ENISA, the European Union Agency for Cybersecurity, published a guide for Subject Matter Experts, containing 12 practical, high level steps on how to better secure their systems and their business.

The 12 recommendations are:

• Develop good Cybersecurity culture
• Provide appropriate training
• Ensure effective third party management
• Develop an incident response plan
• Secure access to systems
• Secure devices
• Secure your network
• Improve physical security
• Secure backups
• Engage (securely!) with the cloud
• Secure online sites
• Seek and share information

Read more about it here.

Popular online employment LinkedIn has been the victim of what’s called a data-scraping attack. Data scraping occurs when a computer program extracts data from a web site

As a result of the data scraping of LinkedIn, security experts say the information of 700 million users, or about 92 percent of LinkedIn users, have been posted for sale on the dark web.

The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experience/background, genders, and other social media accounts and usernames. Passwords are not included in the archive, but security experts warn there’s enough information out there for criminals to create a fake identity of a person.

There are several ways you can protect yourself from identity theft, including making sure you have secure passwords on all your devices, using two-factor authentication where it’s offered, and other tips.

Read more about it here.

Wegmans Food Markets, the upscale grocery store that operates in the mid-Atlantic and Northeastern US, notified its customers in an e-mail this past week that some of their personal information was exposed due to a security data breach.

Wegmans operates 106 stores in New York, Pennsylvania, New Jersey, Virginia, Maryland, Massachusetts, and North Carolina. The store chain was founded in 1916, and is one of the largest private companies in the US, having over 50,000 employees.

Wegman said that two of its cloud databases used to keep internal customer data were “inadvertently left open to potential outside access.” Customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers, e-mails, and passwords for accessing Wegman.com accounts. The passwords were “hashed” and “salted”, meaning that the actual password characters were not contained in the databases. Social security numbers and banking data were not exposed, company officials said.

The configuration issue began in 2018, although Wegmans said that it didn’t find out about the breach until it was brought to its attention by a third-party security researcher on or about April 19, 2021.

Wegman corrected the issue, and is now recommending to its customers to update their Wegman.com accounrd password, as well as any other account that uses the same password.

Read more about it here.

McDonald’s, the largest fast food restaurant chain by revenue in the world, has disclosed a data breach that impacted customers and employees in the US, South Korea, and Taiwan.

In the US, the hackers compromised the system of the company and stole business contact information belonging to US employees and franchises. The hackers also stole personal information from customers in South Korea and Taiwan, including names, emails, phone numbers, and delivery addresses. McDonald’s stated that only a small number of customers was impacted, and their financial data was not exposed. Customer payment information wasn’t compromised in this data breach.

Read more about it here.

Volkswagen and Audi have suffered a data breach affecting 3.3 million customers, after a vendor exposed unsecured data on the Internet.

Volkswagen Group of America, Inc. (VWoA) is responsible for five marques: Audi, Bentley, Bugatti, Lamborghini, and Volkswagen cars. It also controls VW Credit, Inc. (VCI), Volkswagen’s financial services and credit operations

According to data breach notifications it filed, VWGoA disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.

The data included some or all of the following contact information: first and last name, personal or business mailing address, email address, or phone number. In some cases, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages.

“For approximately 90,000 Audi customers or interested buyers, the data also includes more sensitive information relating to eligibility for a purchase, loan, or lease. Nearly all of the more sensitive data (over 95%) consists of driver’s license numbers. A very small number of records include data such as dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers.” continues the letter.

For those customers 90,000 customers who had more sensitive information exposed, Volkswagen is offering free credit monitoring services.

Read more about it here.

CNA Financial, one of the largest US insurance companies, paid $40 million as ransom following a cyberattack that occurred in March 2021, according to a report from Bloomberg. Two people familiar with the attack who asked not to be named because they weren’t authorized to discuss the matter publicly, provided some details.

“According to the two people familiar with the CNA attack, the company initially ignored the hackers’ demands while pursuing options to recover their files without engaging with the criminals. But within a week, the company decided to start negotiations with the hackers, who were demanding $60 million. Payment was made a week later, according to the people.”

In a security incident update published on May 12, 2021, CNA said it did “not believe that the systems of record, claims systems, or underwriting systems, where the majority of policyholder data – including policy terms and coverage limits – is stored, were impacted.”

CNA is not commenting on the ransom.

Read more about it here.

Personal data of 270 million Indonesians was allegedly leaked and sold on a hacker platform this month, Indonesia authorities said on May 20, 2021.

A user that goes with the handle Kotz posted on hacker forum “Raid Forums” samples of data belonging to Indonesian citizens. The leaked records include names, citizenship identity numbers, residential addresses, and phone numbers of one million Indonesian citizens. A spokesman for the Communication and Information Ministry said that it was probing 100,002 samples, far fewer than claimed. The spokesman, Mr. Dedy Permadi, also said the data, such as card numbers, family information and payment status, was allegedly “identical” to those held by the Healthcare and Social Security Agency, BPJS Kesehatan, which runs Indonesia’s universal healthcare program.

The Healthcare and Social Security Agency, BPJS Kesehatan, is investigating the possible source of the leak.

Read more about it here.

A cyberattack forced the shutdown of one of the largest pipelines in the United States, the Colonial Pipeline facility. The pipeline carries gasoline, diesel and jet fuel over 5,500 miles from Texas to New York, and moves about 45% of all fuel consumed on the East Coast. The incident did not cause immediate disruptions because of reduced energy demand due to the ongoing COVID-19 pandemic.

“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our I.T. operations,” reads a statement issued by the company.

Russian criminal group DarkSide is suspected to be responsible for the attack.

Read more about it here.

Android users should be wary of messages that are being circulated on WhatsApp and other major messaging apps, and promise to provide a new color theme for WhatsApp. Disguised as an official update for the ubiquitous chat app, the “WhatsApp Pink” theme is actually a variant of malware. The tainted app includes malicious code that allows attackers to fully compromise a device. Most of the infections were reported by WhatsApp users in India.

Once the app is installed on the device, when the user clicks on its icon, the app disappears, claiming that it was never installed. The victim will then receive a message, to which they will have to reply in order to unwittingly cause it to propagate further.

The good news is that Android users that have installed the WhatsApp Pink app can simply remove it from their device.

Read more about it here.