Cyber Victor – a leading blog on cyber security

Hackers are offering for sale over 267 million Facebook profiles for 500 Euros ($540) on dark web sites and hacker forums.

In early March 2020, security expert Bob Diachenko uncovered an Elasticsearch cluster containing more than 267 million Facebook user IDs, phone numbers, and names. The archive was left exposed online for anyone to access without authentication. According to Diachenko, the data is the result of an illegal scraping activity by hackers in Vietnam, abusing Facebook API to collect the huge trove of data. A few days later, a second server was exposed by the same criminal group. The data on this server is identical to the data on the first server, but the data includes 42 million additional records. The records did not include passwords.

Read more about it here.

Tech giant Google said the COVID-19 (Coronavirus) pandemic has led to an explosion of phishing attacks, where cybercriminals lure users into revealing personal data.

Google said it is blocking almost 100 million phishing emails per day. Over the past week, 18 million of them were COVID-19 related.

Many of the emails impersonate as if they are coming from the World Health Organization.

So far in 2020, Americans lost $12 million to cybercriminals capitalizing on COVID-19.

Google’s gmail is used by 1.5 billion people.

Read more about it here.

The town of Jupiter, Florida, was hit on March 21, 2020 by ransomware REvil/Sodinokibi.

The town announced on March 23 that serveral online services, including utility payments, plan submission systems and all town email accounts, were down as a result.

The town decided not to pay the ransom. Instead, it is restoring its files from backups.

At least four Florida cities reported 2019 ransomware attacks:

• Pensacola suffered a Dec. 7 attack that disabled its phone systems, email system, 311 customer service line and online payments for Pensacola Energy and the city’s sanitation services;
• Lake City, a city of about 13,000 residents 65 miles west of Jacksonville, paid 42 Bitcoins, between $460,000 and $480,000, to end a June cyber-attack;
• The village of Key Biscayne, a community of 13,000 east of Miami, reported a ransomware “security event” in June;
• Riviera Beach, a city of 35,000 in Palm Beach County, paid 65 Bitcoins – approximately $600,000 – in May to regain access to its computer systems.

Read more about it here.

In a data-breach notice filed with the State of California, General Electric Company (GE) noted that it contracts with Canon to process various documents related to human resources matters.

“We are aware of a data security incident experienced by one of GE’s suppliers, Canon Business Process Services, Inc. We understand certain personal information on Canon’s systems may have been accessed by an unauthorized individual.” reads the statement sent by GE to BleepingComputer. “Protection of personal information is a top priority for GE, and we are taking steps to notify the affected employees and former employees.”

Breached data included divorce, death and marriage certificates; benefits information (beneficiary designation forms and applications for benefits such as retirement, severance and death benefits); and even medical child support orders. Other hacked info includes direct-deposit forms, driver’s licenses, passports, tax withholding forms, names, addresses, Social Security numbers, bank-account numbers, dates of birth and more.

The security breach did not impacted systems at GE or records of GE customers.

Read more about it here.

As Coronavirus-related attacks continue to increase, thousands of COVID-19 scam and malicious domains are being registered.

The web sites use a variety of attacks, such as phishing attacks, frauds, and malware-based attacks. The domains typically contain keywords such as Coronavirus, COVID, COVID19, pandemic, vaccine, and virus.

A security researcher who goes online by the name of DustyFresh published a list containing thousands of COVID19-related domains created between March 14 and March 23, 2020

Read more about it here.

US telecommunications giant T-Mobile disclosed on its web site that it recently suffered a data breach on its e-mail vendor.

“Our Cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees.” reads the data breach notification.

According to T-Mobile, the information access may have included customer names, addresses, phone numbers, account numbers, rate plans and features, as well as billing information. The company stressed that customers’ financial information (such as credit card information) and Social Security numbers were not breached.

T-Mobile didn’t disclosed how many users were impacted by the data breach.

T-Mobile disclosed a similar security breach in November 2019, that according to the company impacted a small number of customers of its prepaid service.

Read more about it here.

A recent ZDnet exclusive revealed that personal information of 10.6 million guests who stayed at MGM Resorts hotels was stolen by hackers last summer and posted on a hacking forum last week.

The 10,683,188 records included full names, home addresses, phone numbers, emails, and dates of birth. The list of customers whose data were stolen includes tech CEOs and celebrities, such as Twitter CEO Jack Dorsey and pop star Justin Bieber.

In a statement made by MGM: “We are confident that no financial, payment card or password data was involved in this matter.” None of the guests stayed at the hotel past 2017.

In November 2018, the Marriott hotel chain announced that data of 500 million hotel guests was hacked in 2014.
The Marriott incident is the biggest data breach for the hospitality industry.

Read more about it here.

The FBI’s Internal Crime Complaint Center (IC3) has released its FBI 2019 Internet Crime Report. The report highlights Cybercrime trends in 2019.

“IC3 received 467,361 complaints in 2019 – an average of nearly 1,300 every day – and recorded more than $3.5 billion in losses to individual and business victims. The most frequently reported complaints were phishing and similar ploys, non-payment/non-delivery scams, and extortion.”

“While email is still a common entry point, frauds are also beginning on text messages—a crime called smishing—or even fake websites—a tactic called pharming.”

“You may get a text message that appears to be your bank asking you to verify information on your account.”

Business email compromise (BEC), or email account compromise, recorded 23,775 complaints in 2019, causing $1.7 billion in losses – about half of the total losses.

Read more about it here.

The city of Racine, Wisconsin, joined the long list of US municipalities that were hit with ransomware attack. On January 31, 2020, the city’s computer systems were infected by ransomware.

As of this writing, the city’s website, email and online payment collection systems are still offline. Residents who needed services were asked to come to City Hall.

Racine Mayor Cory Mason said that the city hasn’t received a specific ransom demand, and even if they did, they wouldn’t pay it.

Racine has a cyber-insurance policy, which should cover most of the expenses incurred restoring computer services.

Read more about it here.

Popular researcher Bob Diachenko found an unprotected database containing over 250 million customer support records, including some personally identifiable information. The unprotected database contained support requests submitted to Microsoft from 2005 to December 2019.

A post published by Microsoft on January 22, 2020 says: “Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking it very seriously and holding ourselves accountable.”

Diachenko confirmed the presence of many records containing the following attributes:

• Customer email addresses
• IP addresses
• Locations
• Descriptions of CSS (Customer Service and Support) claims and cases
• Microsoft support agent emails
• Case numbers, resolutions, and remarks
• Internal notes marked as “confidential”

Most, but not all, personally identifiable information was redacted from the records.
Here is the timeline of the data breach:

• December 28, 2019: The databases were indexed by search engine BinaryEdge
• December 29, 2019: Diachenko discovered the databases and immediately notified Microsoft.
• December 30-31, 2019: Microsoft secured the servers and data. Diachenko and Microsoft continued the investigation and remediation process.
• January 21, 2020: Microsoft disclosed additional details about the exposure as a result of the investigation.

Read more about it here.