Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/
News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.
Is this a harbinger of a worse hacking landscape in 2019?
The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also data-driven businesses simultaneously move into the “target zone” of cyber attacks.
On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.
Here are links to some articles that can hopefully help you to handle your cyber security better:
Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/
Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/
622 Comments
Tomi Engdahl says:
Hackers say they stole millions of credit cards from Banco BCR
https://www.bleepingcomputer.com/news/security/hackers-say-they-stole-millions-of-credit-cards-from-banco-bcr/
Hackers claim to have gained access to the network of Banco BCR, the
state-owned Bank of Costa Rica, and stolen 11 million credit card
credentials along with other data. This attack was allegedly conducted
by the operators of the Maze Ransomware, who have been behind numerous
cyberattacks against high-profile victims such as IT services giant
Cognizant, cyber insurer Chubb, and drug testing facility Hammersmith
Medicines Research LTD.
Tomi Engdahl says:
French daily Le Figaro database exposes users’ personal info
https://www.bleepingcomputer.com/news/security/french-daily-le-figaro-database-exposes-users-personal-info/
French daily newspaper Le Figaro exposed roughly 7.4 billion records
containing personally identifiable information (PII) of reporters and
employees, as well as of at least 42, 000 users. The data was exposed
by an unsecured database owned by Le Figaro and containing over 8TB of
data which was publicly accessible because of a misconfigured
Elasticsearch server.
Tomi Engdahl says:
Hacker leaks 15 million records from Tokopedia, Indonesia’s largest
online store
https://www.zdnet.com/article/hacker-leaks-15-million-records-from-tokopedia-indonesias-largest-online-store/#ftag=RSSbaffb68
The Tokopedia data has been published on a well-known hacking forum.
Tomi Engdahl says:
Home affairs data breach may have exposed personal details of 700, 000
migrants
https://www.theguardian.com/technology/2020/may/03/home-affairs-data-breach-may-have-exposed-personal-details-of-700000-migrants
Privacy experts have blasted the home affairs department for a data
breach revealing the personal details of 774, 000 migrants and people
aspiring to migrate to Australia, including partial names and the
outcome of applications.
Tomi Engdahl says:
Nintendo Source Code for N64, Wii and GameCube Leaked
https://itsecurity.org/nintendo-source-code-for-n64-wii-and-gamecube-leaked/
Nintendo Was Likely Anticipating the Dump After 2018 Intrusion
Gamers are poring over a massive leak of Nintendo data, including source code for older gaming systems, prototypes of games and extensive software and hardware documentation.
The material includes the source code for the Wii, N64 and GameCube systems, and demo games for the N64. Also leaked were extensive hardware and software engineering documents as well as software development kits.
The leak is “of biblical, rarely heard of proportions,” writes Alex Donaldson, a journalist and web developer who follows gaming, on Twitter.
So what?
Why does anyone care?
There’s a thriving community of enthusiasts for bygone Nintendo games and systems. Even today, new details about how the storied Japanese company designed games, including scrapped bits that never became public, are of high interest.
Most of the games whose source code was released – especially those from the 1990s – were actually already disassembled and reverse engineered years ago, says a source who asked to remain anonymous. That allowed gamers to make their own “fan” version of games, with their own tweaks, he says. “But now that the actual source code has leaked, it reveals a lot more stuff that couldn’t be revealed via disassembly,” the source says.
Tomi Engdahl says:
Tokopedia data breach exposes vulnerability of personal data
https://www.thejakartapost.com/news/2020/05/04/tokopedia-data-breach-exposes-vulnerability-of-personal-data.html
A recent data breach jeopardizing more than 15 million user accounts of Indonesian unicorn Tokopedia has exposed the vulnerability of personal data on digital platforms as Indonesians increasingly turn to e-commerce to meet their needs from home
The cybersecurity research collective Under the Breach told The Jakarta Post in an e-mail correspondence that large companies such as Tokopedia were at a disadvantage by having a lot of employees with access to the companies’ internal systems.
“Hackers often use social engineering tactics to send phishing emails to employees, which in return allows them access to different systems inside the company,” the e-mail reads.
Indonesia’s Tokopedia investigates alleged data leak of 91M users
https://www.dailysabah.com/world/asia-pacific/indonesias-tokopedia-investigates-alleged-data-leak-of-91m-users
Tomi Engdahl says:
India’s Jio Coronavirus symptom checker exposed test results
https://securityaffairs.co/wordpress/102698/data-breach/coronavirus-symptom-checker-data-leak.html
A security glitch in the self-test coronavirus symptom checker
developed by India’s Jio cell network exposed test results.
Tomi Engdahl says:
CAM4 adult cam site exposes 11 million emails, private chats
https://www.bleepingcomputer.com/news/security/cam4-adult-cam-site-exposes-11-million-emails-private-chats/
Adult live streaming website CAM4 exposed over 7TB of personally
identifiable information (PII) of members and users, stored within
more than 10.88 billion database records. The sensitive data was
leaked after one of the site’s production databases was left open to
Internet access on a misconfigured Elasticsearch cluster, with records
dating back to March 16, 2020.
Tomi Engdahl says:
Hacker Bribed ‘Roblox’ Insider to Access User Data
https://www.vice.com/en_us/article/qj4ddw/hacker-bribed-roblox-insider-accessed-user-data-reset-passwords
A hacker bribed a Roblox worker to gain access to the back end
customer support panel of the massively popular online video game,
giving them the ability to lookup personal information on over 100
million active monthly users and grant virtual in-game currency.
Tomi Engdahl says:
Godaddy Hacked : 19 Million Customers at Risk
https://hackernewsdog.com/godaddy-hacked-breached-stolen-data/?fbclid=IwAR2h5XuWSsnrC8HHsDqGSyF2S2GEIVQnxh0F-T5YkWNaSBiiBPZ35Yu5Bc4
Big Breaking News Just coming In
Godaddy Just confirmed its data breach on 5 May 2020 putting 19 million customers on risk.
One of the biggest domain registrar and web hosting firm godaddy today publicly announced its data breach that impacted millions of hosting account customers. This incident goes back to the date October 2019 when enabled one hacker to access some customer’s login information of SSH of hosting account. Later the security team of the godaddy company observed suspicious activity on some accounts.
Although the company said “It did not impact main customer accounts” , although why are not sure what do they mean by saying “main customers”.
Tomi Engdahl says:
Brian Barrett / Wired:
Adult livestreaming website CAM4 exposes 10B+ records, including names, sexual orientations, payment logs, and email transcripts, on an unsecure database — CAM4 has taken the server offline, but not before it leaked 7TB of user data. — It’s all too common for companies to leave databases chock full …
Hack Brief: An Adult Cam Site Exposed 10.88 Billion Records
CAM4 has taken the server offline, but not before it leaked 7TB of user data.
https://www.wired.com/story/cam4-adult-cam-data-leak-7tb/
Tomi Engdahl says:
Details of 44 Million Pakistani Mobile Users Leaked Online, Part of Bigger 115 Million Cache
https://it.slashdot.org/story/20/05/06/2058249/details-of-44-million-pakistani-mobile-users-leaked-online-part-of-bigger-115-million-cache?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
The details of 44 million Pakistani mobile subscribers have leaked online this week, ZDNet has learned. The leak comes after a hacker tried to sell a package containing 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin. Data contains names, phone numbers, national IDs, and home addresses among others, and is believed to have originated from Jazz, a local mobile provider. According to our analysis of the leaked files, the data contained both personally-identifiable and telephony-related information.
https://www.zdnet.com/article/details-of-44m-pakistani-mobile-users-leaked-online-part-of-bigger-115m-cache/
Tomi Engdahl says:
Hackers sell stolen user data from HomeChef, ChatBooks, and Chronicle
https://www.bleepingcomputer.com/news/security/hackers-sell-stolen-user-data-from-homechef-chatbooks-and-chronicle/
Three more high-profile databases are being offered for sale by the
same group claiming the Tokopedia and Unacademy breaches, and the more
recently reported theft of Microsofts private GitHub repositories.
Going by the name Shiny Hunters, the group is now selling user records
from meal kit delivery service HomeChef, from photo print service
ChatBooks, and Chronicle.com, a news source for higher education.
Tomi Engdahl says:
DigitalOcean Data Leak Incident Exposed Some of Its Customers Data
https://thehackernews.com/2020/05/digitalocean-data-breach.html
DigitalOcean, one of the biggest modern web hosting platforms,
recently hit with a concerning data leak incident that exposed some of
its customers’ data to unknown and unauthorized third parties. Though
the hosting company has not yet publicly released a statement, it did
has started warning affected customers of the scope of the breach via
an email.. Also:
https://www.zdnet.com/article/digital-ocean-says-it-exposed-customer-data-after-it-left-an-internal-doc-online/
Tomi Engdahl says:
A hacker group is selling more than 73 million user records on the
dark web
https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/
A hacker group going by the name of ShinyHunters claims to have
breached ten companies and is currently selling their respective user
databases on a dark web marketplace for illegal products. The hackers
are the same group who breached last week Tokopedia, Indonesia’s
largest online store. Hackers initially leaked 15 million user records
online, for free, but later put the company’s entire database of 91
million user records on sale for $5,000.. Also:
https://www.bleepingcomputer.com/news/security/hacker-group-floods-dark-web-with-data-stolen-from-11-companies/
Tomi Engdahl says:
Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’
Miscreants threaten to leak 756GB of allegedly stolen paperwork
https://www.theregister.co.uk/2020/05/12/papa_dont_breach/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/microsofts-github-account-hacked-private-repositories-stolen/
A hacker claims to have stolen over 500GB of data from Microsoft’s private GitHub repositories, BleepingComputer has learned.
This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full access to the software giant’s ‘Private’ repositories.
Tomi Engdahl says:
Over 4000 Android Apps Expose Users’ Data via Misconfigured Firebase
Databases
https://thehackernews.com/2020/05/android-firebase-database-security.html
More than 4,000 Android apps that use Google’s cloud-hosted Firebase
databases are ‘unknowingly’ leaking sensitive information on their
users, including their email addresses, usernames, passwords, phone
numbers, full names, chat messages and location data.
Tomi Engdahl says:
Sodinokibi drops greatest hits collection, and crime is the secret
ingredient
https://blog.malwarebytes.com/cybercrime/2020/05/sodinokibi-drops-greatest-hits-collection-and-crime-is-the-secret-ingredient/
When a group of celebrities ask to speak with their lawyer, they
usually dont have to call in a bunch of other people to go speak with
their lawyer. However, in this case it may well be a thing a little
down the line. A huge array of musicians including Bruce Springsteen,
Lady Gaga, Madonna, Run DMC and many more have had documents galore
pilfered by the Sodinokibi gang.
Tomi Engdahl says:
Colorado’s unemployment system, slammed with coronavirus claims, inadvertently exposed people’s private data
https://coloradosun.com/2020/05/18/colorado-unemployment-private-data-released/
The unauthorized access is blamed on a vendor’s technical issue and was identified and blocked within an hour after it was noticed on Saturday, according to the Colorado Department of Labor and Employment
Tomi Engdahl says:
“EasyJet has revealed that the personal information of 9 million customers was accessed in a “highly sophisticated” cyber-attack on the airline.
The company said on Tuesday that email addresses and travel details were accessed and it would contact the customers affected.
Of the 9 million people affected, 2,208 had credit card details stolen, easyJet told the stock market. No passport details were uncovered.
The ICO recommended easyJet contact everyone affected because of an increased risk of phishing fraud, the airline said.”
https://www.theguardian.com/business/2020/may/19/easyjet-cyber-attack-customers-details-credit-card?CMP=share_btn_fb
Tomi Engdahl says:
Hacker selling 40 million user records from popular Wishbone app
https://www.zdnet.com/article/hacker-selling-40-million-user-records-from-popular-wishbone-app/
A hacker has put up for sale today the details of 40 million users
registered on Wishbone, a popular mobile app that lets users compare
two items in a simple voting poll. Read also:
https://www.bleepingcomputer.com/news/security/hacker-shares-40-million-wishbone-user-records-for-free/
Tomi Engdahl says:
Toll’s stolen data finds itself on the ‘dark web’
https://www.zdnet.com/article/tolls-stolen-data-finds-itself-on-the-dark-web/
Toll Group has provided an update on the ransomware attack it suffered
following a January infection. The Australian transport giant said,
after revealing the extent of data theft it suffered earlier this
month, that the stolen information has found its way onto the “dark
web”.
Tomi Engdahl says:
Database Breaches Remain the Top Cyber Threat for Organizations
https://www.recordedfuture.com/database-breaches-analysis/
With the number of affected victims growing every year, some of
today’s most serious threats to organizations are database breaches
and releases. These breaches compromise millions of pieces of
sensitive information like personally identifiable information (PII),
credentials, payment information, and proprietary data. Criminals gain
access to the data through various tactics, techniques, and procedures
(TTPs), such as phishing, malware, exploiting existing vulnerabilities
in software, insider threats, password reuse, and a number of other
methods, taking advantage of holes in security infrastructure. After
breaching an organization’s network, criminals may access the data
themselves or sell the access off at dark web auctions. The
information gathered as a result in turn frequently leads to further
breaches through techniques like business email compromise (BEC). Read
also: https://go.recordedfuture.com/hubfs/reports/cta-2020-0521.pdf
Tomi Engdahl says:
Halpalentoyhtiö Easyjet ilmoitti hakkereiden varastaneen yhdeksän
miljoonan asiakkaan varaustiedot
https://www.hs.fi/ulkomaat/art-2000006512922.html
Tietomurto tapahtui jo tammikuussa. Samalla vietiin yli kahdentuhannen
Tomi Engdahl says:
Home Chef announces data breach after hacker sells 8M user records
https://www.bleepingcomputer.com/news/security/home-chef-announces-data-breach-after-hacker-sells-8m-user-records/
Home Chef, a US-based meal kit and food delivery service, announced a
data breach today after a hacker sold 8 million user records on a dark
web marketplace.
Tomi Engdahl says:
EasyJet: 9 million customers personal data accessed
https://www.pandasecurity.com/mediacenter/news/easyjet-data-breach/
EasyJet: A massive data breach. On May 19 this year, EasyJet announced
that it had suffered a “massive cyberattack” in which the attackers
had accessed the personal data of approximately nine million
customers. Among that data that the cybercriminals were able to access
were the victims’ email addresses and travel details. What’s more, the
attackers also managed to “access” the credit card details of 2, 208
customers. The company first learned of this incident in January this
year. Read also:
https://www.tivi.fi/uutiset/tv/a8e698bc-d840-4c37-a3dd-e1b0a3f4277c
and https://www.is.fi/digitoday/tietoturva/art-2000006513220.html. Or:
https://threatpost.com/easyjet-hackers-travel-details-9m-customers/155894/
Tomi Engdahl says:
Snake ransomware leaks patient data from Fresenius Medical Care
https://www.bleepingcomputer.com/news/security/snake-ransomware-leaks-patient-data-from-fresenius-medical-care/
Medical data and personally identifiable information belonging to
patients at a Fresenius Medical Care unit are currently available
online on a paste website. Fresenius is a large private hospital
operator in Europe and its systems were compromised as part of a
massive campaign from Snake ransomware that targeted organizations
across all verticals.
Tomi Engdahl says:
Home Chef announces data breach after hacker sells 8M user records
https://www.bleepingcomputer.com/news/security/home-chef-announces-data-breach-after-hacker-sells-8m-user-records/
The user records for Home Chef was one of the databases being sold and allegedly contained 8 million user records.
At the time of our reporting, BleepingComputer emailed Home Chef but never received a response.
Home Chef issues data breach notification
Now, almost two weeks later, Home Chef has officially disclosed the data breach in a “Data security incident” notice posted to their web site.
Tomi Engdahl says:
Original Xbox’s complete source code leaked online
The Windows NT 3.5 kernel has also been unearthed.
https://engt.co/2zTgtSr
The original Xbox was a new frontier for modders and tinkerers, as the included hard drive made it easy to install unofficial dashboards and pirated games. Those enthusiasts might be getting a flashback to 2002, as the official Xbox OS has leaked online, according to The Verge. This includes the Xbox dev kit, emulators, build environments, documentation and the kernel itself. These kinds of leaks have often enabled developers to create unofficial (and illegal) fan projects such as emulators. However, The Verge notes that some of this data has been available within the homebrew scene for a while, so it’s not clear how much of it will be a revelation to the Xbox modding and emulation community.
Tomi Engdahl says:
Hackers leak credit card info from Costa Rica’s state bank
https://www.bleepingcomputer.com/news/security/hackers-leak-credit-card-info-from-costa-ricas-state-bank/
Maze ransomware operators have published credit card data stolen from
the Bank of Costa Rica (BCR). They threaten to leak similar files
every week.
Tomi Engdahl says:
26 million LiveJournal credentials leaked online, sold on the dark web
https://www.zdnet.com/article/26-million-livejournal-credentials-leaked-online-sold-on-the-dark-web/
LiveJournal credentials were obtained in a 2014 hack, but leaked
online earlier this month.
Tomi Engdahl says:
Amtrak resets user passwords after Guest Rewards data breach
https://www.bleepingcomputer.com/news/security/amtrak-resets-user-passwords-after-guest-rewards-data-breach/
Amtrak, a high-speed intercity passenger rail provider and an
independent US government agency, operates a nationwide rail network
in 46 states, the District of Columbia, and three Canadian provinces,
with 30 million customers during the last nine years.
Tomi Engdahl says:
Hacker leaks database of dark web hosting provider
https://www.zdnet.com/article/hacker-leaks-database-of-dark-web-hosting-provider/
“This information could substantially help law enforcement track the
individuals running or taking part in illegal activities on these
darknet sites, ” Under the Breach told ZDNet.
Tomi Engdahl says:
Hacker leaks database of dark web hosting provider
https://www.zdnet.com/article/hacker-leaks-database-of-dark-web-hosting-provider/
Leaked data contains email addresses, site admin passwords, and .onion domain private keys.
A hacker has leaked online today the database of Daniel’s Hosting (DH), the largest free web hosting provider for dark web services.
The leaked data was obtained after the hacker breached DH earlier this year, on March 10, 2020. At the time, DH owner Daniel Winzen told ZDNet the hacker breached his portal, stole its database, and then wiped all servers.
On March 26, two weeks after the breach, DH shut down its service for good, urging users to move their sites to new dark web hosting providers. Around 7,600 websites — a third of all dark web portals — went down following DH’s shutdown.
Tomi Engdahl says:
Researchers find exposed data on millions of users of quiz app, TVSmiles
https://techcrunch.com/2020/06/02/researchers-find-exposed-data-on-millions-of-users-of-quiz-app-tvsmiles/?tpcc=ECFB2020
Security researcher UpGuard disclosed in a report today that it found an unsecured Amazon S3 bucket online last month — containing personal and device data tied to millions of the app’s users. According to TVSmiles’ marketing material the quiz app has up to three million users.
The storage bucket UpGuard found exposed to the Internet contained a 306 GB PostgreSQL database backup with “unencrypted personally identifiable information matched to individual users, profiling insights about users’ interests based on quiz responses, associations to smart devices, and accounts and login details for TVSmiles’ business relationships”, according to its report.
The exposed backup file appears to date back to August 2017.
Tomi Engdahl says:
Hackers Leak Data Stolen From UK Electricity Market Administrator Elexon
https://www.securityweek.com/hackers-leak-data-stolen-uk-electricity-market-administrator-elexon
The cybercriminals behind the recent attack on Elexon, which manages the electricity market in the United Kingdom, have started leaking data allegedly stolen from the company.
Elexon revealed in mid-May that its IT systems were targeted in a cyberattack, but it did not provide any additional details.
Tomi Engdahl says:
ZEE5 allegedly hacked by ‘Korean hackers’, customer info at risk
https://www.bleepingcomputer.com/news/security/zee5-allegedly-hacked-by-korean-hackers-customer-info-at-risk/
A hacker identifying themselves as “John Wick” and “Korean Hackers”
claim to have breached the systems for Indian media giant ZEE5 and are
threatening to sell the database on criminal markets.
Tomi Engdahl says:
Hackers breached A1 Telekom, Austria’s largest ISP
https://www.zdnet.com/article/hackers-breached-a1-telekom-austrias-largest-isp/
A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers.
Tomi Engdahl says:
Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More
https://www.wired.com/story/dating-apps-leak-explicit-photos-screenshots/
Security researchers Noam Rotem and Ran Locar were scanning the open
internet on May 24 when they stumbled upon a collection of publicly
accessible Amazon Web Services “buckets.”. Each contained a trove of
data from a different specialized dating app, including 3somes,
Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes
Dating, and GHunt. In all, the researchers found 845 gigabytes and
close to 2.5 million records, likely representing data from hundreds
of thousands of users. They are publishing their findings today with
vpnMentor. also:
https://www.vpnmentor.com/blog/report-dating-apps-leak/
Tomi Engdahl says:
https://yro.slashdot.org/story/20/06/16/2157228/dating-apps-exposed-845gb-of-explicit-photos-chats-and-more?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Security researchers Noam Rotem and Ran Locar were scanning the open internet on May 24 when they stumbled upon a collection of publicly accessible Amazon Web Services “buckets.” Each contained a trove of data from a different specialized dating app, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt. In all, the researchers found 845 gigabytes and close to 2.5 million records, likely representing data from hundreds of thousands of users. They are publishing their findings today with vpnMentor.
Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More
3somes, Gay Daddy Bear, and Herpes Dating are among the nine services that leaked the data of hundreds of thousands of users.
https://www.wired.com/story/dating-apps-leak-explicit-photos-screenshots/
Report: Niche Dating Apps Expose 100,000s of Users in Massive Data Breach
https://www.vpnmentor.com/blog/report-dating-apps-leak/
Tomi Engdahl says:
Approximately 300,000 Nintedo user accounts breached by hackers
https://www.pandasecurity.com/mediacenter/mobile-news/nintedo-accounts-breached/
Over the last few months, the account details of approximately 300,000
Nintendo users have been breached by hackers. In late April, the
Japanese consumer electronics and video game company announced that
160,000 members of its user database had been breached. In June, after
continuous investigation, Nintendo increased the number to the
staggering 300,000.
Tomi Engdahl says:
IT giant Cognizant confirms data breach after ransomware attack
https://www.bleepingcomputer.com/news/security/it-giant-cognizant-confirms-data-breach-after-ransomware-attack/
In a series of data breach notifications, IT services giant Cognizant
has stated that unencrypted data was most likely accessed and stolen
during an April Maze Ransomware attack. Cognizant is one of the
largest IT managed services company in the world with close to 300,000
employees and over $15 billion in revenue. As a managed service
provider (MSP), Cognizant remotely manages many of its clients to fix
issues, install patches, and monitor their security.
Tomi Engdahl says:
BlueLeaks: Data From Hundreds of Law Enforcement Organizations Leaked Online
https://www.securityweek.com/blueleaks-data-hundreds-law-enforcement-organizations-leaked-online
Hundreds of thousands of files belonging to more than 200 law enforcement organizations across the United States have been leaked online after they were stolen by hackers from a web development company.
The files were made available by Distributed Denial of Secrets (DDOS), a WikiLeaks-style organization that describes itself as a “transparency collective” whose goal is the “free transmission of data in the public interest.”
The leak, dubbed BlueLeaks, includes information collected and generated by over 200 police departments, fusion centers, the FBI and other law enforcement organizations in various U.S. states. The leaked files include images, documents, tables, web pages, text files, videos, audio files, and emails.
DDOS says the information was obtained by hackers that are part of the Anonymous hacktivist movement.
A document obtained by security blogger Brian Krebs shows that the National Fusion Center Association (NFCA) has confirmed the validity of the compromised data and revealed that it originates from Netsential, a web development company based in Texas. Fusion centers are responsible for the gathering, analysis and sharing of threat information, and the NFCA represents their interests.
‘BlueLeaks’ Exposes Files from Hundreds of Police Departments
https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/
Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals.
The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data.
Tomi Engdahl says:
An activist group has published on Friday 296 GB of data they claim have been stolen from US law enforcement agencies and fusion centers.
The files, dubbed [BlueLeaks](https://hunter.ddosecrets.com/datasets/102), have been published by Distributed Denial of Secrets ([DDoSecrets](https://ddosecrets.com/)), a group that describes itself as a “transparency collective.”
The data has been made available online on a searchable portal. According to the BlueLeaks portal, the leaked data contains more than one million files, such as scanned documents, videos, emails, audio files, and more.
Tomi Engdahl says:
BlueLeaks: Data from 200 US police departments & fusion centers published online
Activist group DDoSecrets published 296 GB of police data on Friday, June 19.
https://www.zdnet.com/article/blueleaks-data-from-200-us-police-departments-fusion-centers-published-online/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
Tomi Engdahl says:
BlueLeaks Exposes Files from Hundreds of Police Departments
https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/
Hundreds of thousands of potentially sensitive files from police
departments across the United States were leaked online last week. The
collection, dubbed BlueLeaks and made searchable online, stems from a
security breach at a Texas web design and hosting company that
maintains a number of state law enforcement data-sharing portals..
Also:
https://thehackernews.com/2020/06/law-enforcement-data-breach.html.
https://www.zdnet.com/article/blueleaks-data-from-200-us-police-departments-fusion-centers-published-online/.
https://www.bleepingcomputer.com/news/security/blueleaks-data-dump-exposes-over-24-years-of-police-records/.
https://www.wired.com/story/blueleaks-anonymous-law-enforcement-hack/
Tomi Engdahl says:
Warning: ‘Invisible God’ Hacker Sold Access To More Than 135 Companies In Just Three Years
https://www.forbes.com/sites/thomasbrewster/2020/06/23/warning-invisible-god-hacker-broke-into-more-than-135-companies-in-just-three-years/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696
Major antivirus companies, banks, insurance providers, government agencies, large hotels, wineries, restaurants, airlines. Think of almost any kind of company and there’s a good chance a prolific, financially-motivated hacker known as Fxmsp has broken into it, or attempted to, according to a report released Tuesday.
Tomi Engdahl says:
Hackers just leaked sensitive files from over 200 police departments that are searchable by badge number
https://news.yahoo.com/hackers-just-leaked-sensitive-files-154620446.html
Tomi Engdahl says:
A preventable security lapse exposed sensitive recordings of domestic abuse victims
https://www.inputmag.com/culture/a-terribly-basic-security-lapse-exposed-massive-domestic-abuse-data
Data breaches involving personally identifiable information always pose risks for individual safety. But it’s astronomically more terrifying for domestic abuse survivors.
Cybersecurity firm vpnMentor has discovered a data breach affecting the domestic violence prevention app known as the Aspire News App that it says could easily have been prevented with a few rudimentary security steps. The app appears as a news app on the user’s smartphone and can be activated to alert a trusted contact to potential and already-occuring domestic violence. With proper security, it can save lives.