Cyber breaches abound in 2019
https://techcrunch.com/2018/12/26/cyber-breaches-abound-in-2019/
News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters.
Is this a harbinger of a worse hacking landscape in 2019?
The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in this new year 2019 as chronically improving malware will be deployed more aggressively on more fronts. Also data-driven businesses simultaneously move into the “target zone” of cyber attacks.
On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses.
Here are links to some articles that can hopefully help you to handle your cyber security better:
Cybersecurity 101: Why you need to use a password manager
https://techcrunch.com/2018/12/25/cybersecurity-101-guide-password-manager/
Cybersecurity 101: Five simple security guides for protecting your privacy
https://techcrunch.com/2018/12/26/cybersecurity-101-security-guides-protect-privacy/
622 Comments
Tomi Engdahl says:
https://www.securitynewspaper.com/2019/12/20/honda-is-hacked-personal-details-of-more-than-976-million-customers-leaked/
Tomi Engdahl says:
FBI Seizes Website Suspected Of Selling Access To Billions Of Pieces Of Stolen Data
https://www.npr.org/2020/01/17/797282149/fbi-seizes-website-suspected-of-selling-access-to-billions-of-pieces-of-stolen-d?utm_source=facebook.com&utm_campaign=npr&utm_medium=social&utm_term=nprnews
U.S. authorities have seized the domain name of a website that allegedly sold access to billions of usernames, email addresses, passwords and other sensitive information stolen in data breaches.
Now, visitors to the not-so-subtle website – weleakinfo.com — are greeted with a homepage that reads, “This Domain Has Been Seized.”
The Justice Department and the FBI took control of the site as part of a “comprehensive law enforcement action” involving authorities in Germany, Northern Ireland, the U.K. and the Netherlands. Two men in Europe have been arrested so far in connection with the site.
WeLeakInfo billed itself as a “search engine” that subscribers could use to pore over data illegally obtained from more than 10,000 data breaches, U.S. authorities said in a statement.
WeLeakInfo.com Domain Name Seized
https://www.justice.gov/usao-dc/pr/weleakinfocom-domain-name-seized
Site Had Sold Access to Hacked Personal Information and Account Logins
The website had claimed to provide its users a search engine to review and obtain the personal information illegally obtained in over 10,000 data breaches containing over 12 billion indexed records – including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts. The website sold subscriptions so that any user could access the results of these data breaches, with subscriptions providing unlimited searches and access during the subscription period (one day, one week, one month, or three months).
Tomi Engdahl says:
THE FBI JUST NOW FINDS THIS SITE WITH 12 BILLION STOLEN RECORDS?!!
https://www.tacticalshit.com/the-fbi-just-now-finds-this-site-with-12-billion-stolen-records/
Things are getting spicy in the internet world and we are filling you in on it!
Storm clouds are gathering in the world of cybersecurity.
We’ve written lots about the site Have I Been Pwned, which maintains a massive database of leaked credentials so that victims can see if they’re affected. The bizarro world version of that is sites like WeLeakInfo, which takes that same data breach data and sells it for rock bottom prices to hackers who want to exploit it. This week, the FBI announced that it had seized WeLinkInfo
Tomi Engdahl says:
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
The list was shared by the operator of a DDoS booter service.
https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/
A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) “smart” devices.
The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.
Tomi Engdahl says:
Adult Site Leaks 20GB of Porn Cam Models Data, Including Names, Passport Scans
https://news.softpedia.com/news/adult-site-leaks-20gb-of-porn-cam-models-data-including-names-passport-scans-528892.shtml
More than 875,000 files that included data belonging to over 4,000 models working on adult websites have been exposed in a nearly 20GB data publicly available on an Amazon server located in Virginia.
Security researchers at vpnMentor reveal in an analysis of the leak that the server belongs to adult affiliate network PussyCash, owner of ImLive and having more than 66 million members.
The exposed data includes extremely sensitive information belonging to the cam models, including full names, birth date and birth place, nationality, passport ID numbers and details, ID photo, signature, fingerprints, and emergency contacts. Furthermore, the researchers discovered photographs and scans of full passports and national identification cards with visible data such as full home addresses and ID photos.
Unsecured and unencrypted database
Some of the folders are likely to be up to 20 years old, but at the same time, the most recent folders are believed to have been created approximately a few weeks ago.
The database was completely unsecured and unencrypted, vpnMentor says, and a browser was the only tool required to access all files hosted on the server.
Tomi Engdahl says:
Liza Lin / Wall Street Journal:
An unsecured facial-recognition database with info on thousands of children from 20 schools in China, half in areas with large Tibetan populations, found online
Thousands of Chinese Students’ Data Exposed on Internet
Information leak from facial-recognition database raises questions about school surveillance and cybersecurity in China
https://www.wsj.com/articles/thousands-of-chinese-students-data-exposed-on-internet-11579283410
A Chinese facial-recognition database with information on thousands of children was stored without protection on the internet, a researcher discovered, raising questions about school surveillance and cybersecurity in China.
Tomi Engdahl says:
Mitsubishi Electric discloses security breach, China is main suspect
https://www.zdnet.com/article/mitsubishi-electric-discloses-security-breach-china-is-main-suspect/
In a short statement published today on its website, Mitsubishi
Electric, one of the world’s largest electronics and electrical
equipment manufacturing firms, disclosed a major security breach..
Although the breach occurred last year, on June 28, and an official
internal investigation began in September, the Tokyo-based corporation
disclosed the security incident today, only after two local
newspapers, the Asahi Shimbun and Nikkei, published stories about the
hack.. Both publications blamed the intrusion on a Chinese-linked
cyber-espionage group named Tick (or Bronze Butler), known to the
cyber-security industry for targeting Japan over the past few years
Tomi Engdahl says:
Hanna Andersson Data Breach: Hackers Compromise Website of Children’s Clothier
https://www.securityweek.com/hanna-andersson-data-breach-hackers-compromise-website-childrens-clothier
Portland, Oregon-based children’s clothing maker Hanna Andersson has quietly disclosed a breach to affected customers. Very few details of the breach have been made public.
Tomi Engdahl says:
https://www.securityweek.com/fbi-takes-down-site-selling-subscriptions-stolen-data
Tomi Engdahl says:
https://www.securityweek.com/hackers-steal-employee-and-corporate-information-mitsubishi-electric
Tomi Engdahl says:
https://etn.fi/index.php/13-news/10341-microsoft-paljasti-250-miljoonaa-asiakastietoa
Uuden vuoden aikaan Microsoft paljasti verkossa lähes 250 miljoonaa asiakaspalvelu- ja tukitietoa (CSS). Tietueissa oli lokit keskusteluista Microsoftin tukiasiamiesten ja asiakkaiden välillä ympäri maailmaa, ja ne ulottuivat 14 vuoden ajanjaksolle vuodesta 2005 joulukuuhun 2019. Kaikki tiedot olivat kenen tahansa luettavissa pelklllä webbiselaimella.
Bob Diachenkon johtama Comparitech-tietoturvatutkimusryhmä paljasti viisi Elasticsearch-palvelinta, joista jokainen sisälsi ilmeisesti samanlaisen 250 miljoonan tietueen sarjan. Diachenko ilmoitti heti Microsoftille paljastuneen tiedon löytämisestä, ja Microsoft ryhtyi pikaisiin toimiin sen turvaamiseksi.
Tietokantojen paljastuminen on aika tavallista. Esimerkiksi viime vuoden lopulla 267 miljoonan Facebook-käyttäjän nimet ja puhelinnumerot olivat netissä vapaasti luettavissa.
Tomi Engdahl says:
https://www.securityweek.com/microsoft-exposed-250-million-customer-support-records
Tomi Engdahl says:
China steals ‘massive amounts’ of data in West, US official says
Iran has allegedly hacked ‘almost 200 universities
https://www.foxbusiness.com/technology/china-steals-massive-amounts-of-data-in-west-us-official-says
Robert Strayer, deputy assistant secretary of state for cyber and international communications, said in Paris that the data theft “happens on a regular basis.”
Over the last few years, the Chinese “compromised the largest of the global service providers and cloud providers … and they use that to gain access to the corporate databases of major, large companies,” he told reporters. The stolen data is “in some cases” given to private industry within China “to compete against” the companies they stole from, Strayer said.
Tomi Engdahl says:
China is stealing “massive amounts” of data from Western companies and Iran has stolen data from some 200 universities, the top U.S. cybersecurity diplomat said Wednesday
China steals ‘massive amounts’ of data in West, US official says
Iran has allegedly hacked ‘almost 200 universities
https://www.foxbusiness.com/technology/china-steals-massive-amounts-of-data-in-west-us-official-says
PARIS — China is stealing “massive amounts” of data from Western companies and Iran has stolen data from some 200 universities, the top U.S. cybersecurity diplomat said Wednesday.
Tomi Engdahl says:
Sodinokibi Ransomware Threatens to Publish Data of Automotive Group
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/
The attackers behind the Sodinokibi Ransomware are now threatening to
publish data stolen from another victim after they failed to get in
touch and pay the ransom to have the data decrypted.. Sodinokibi
claims that this data was stolen from GEDIA Automotive Group, a German
automotive supplier with production plants in Germany, China, Hungary,
India, Mexico, Poland, Hungary, Spain, and the USA.
Sodinokibi Ransomware Threatens to Publish Data of Automotive Group
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-threatens-to-publish-data-of-automotive-group/
The attackers behind the Sodinokibi Ransomware are now threatening to
publish data stolen from another victim after they failed to get in
touch and pay the ransom to have the data decrypted.. Sodinokibi
claims that this data was stolen from GEDIA Automotive Group, a German
automotive supplier with production plants in Germany, China, Hungary,
India, Mexico, Poland, Hungary, Spain, and the USA.
Tomi Engdahl says:
Maze Ransomware Not Getting Paid, Leaks Data Left and Right
https://www.bleepingcomputer.com/news/security/maze-ransomware-not-getting-paid-leaks-data-left-and-right/
Maze ransomware operators have infected computers from Medical
Diagnostic Laboratories (MDLab) and are releasing close to 9.5GB of
data stolen from infected machines.. This action was prompted by the
company’s refusal to pay a ransom of 200 bitcoins (a little over $1.7
million today) that would buy from the attacker the file decryption
key from the attacker and the promise to destroy the data.
Tomi Engdahl says:
Tietovuoto Porin rakennusvalvonnassa noin 2 000 asiakkaan lupatiedot
olivat ulkopuolisten ulottuvilla
https://yle.fi/uutiset/3-11173114
Järjestelmään on asetettu suojaus, eikä kaupungin mukaan
väärinkäyttötapauksia ole havaittu.
Tomi Engdahl says:
WindiLeaks: 250 million Microsoft customer support records dating back to 2005 exposed to open internet
Quickly shuttered partially redacted leaky DB included ‘internal notes marked as confidential’
https://www.theregister.co.uk/2020/01/22/microsoft_support_database_leak/
Tomi Engdahl says:
Amazon Engineer Leaks Encryption Keys To Public GitHub Repo
https://gizmodo.com/amazon-engineer-leaked-private-encryption-keys-outside-1841160934
An Amazon Web Services (AWS) engineer last week inadvertently made public almost a gigabyte’s worth of sensitive data, including their own personal documents as well as passwords and cryptographic keys to various AWS environments.
While these kinds of leaks are not unusual or special, what is noteworthy here is how quickly the employee’s credentials were recovered by a third party, who—to the employee’s good fortune, perhaps—immediately warned the company.
On the morning of January 13, an AWS employee, identified as a DevOps Cloud Engineer on LinkedIn, committed nearly a gigabyte’s worth of data to a personal GitHub repository bearing their own name. Roughly 30 minutes later, Greg Pollock, vice president of product at UpGuard, a California-based security firm, received a notification about a potential leak from a detection engine pointing to the repo.
“In reviewing this publicly accessible data, I have come to the conclusion that data stemming from your company, of some level of sensitivity, is present and exposed to the public internet,” he told AWS by email.
AWS responded gratefully about four hours later and the repo was suddenly offline.
At least some of the documents in the cache, however, are labeled “Amazon Confidential.”
UpGuard says it chose to make the incident known to demonstrate the importance of early detection and underscore that cloud security is not invulnerable to human error.
Tomi Engdahl says:
No big deal, Rogers, your internal source code and keys are only on the open web. Don’t hurry to take it down
https://www.theregister.co.uk/2020/01/24/rogers_code_exposed/
‘Closed source’ blueprints available for all to gawp at – and potentially exploit
Source code, internal user names and passwords, and private keys, for the website and online account systems of Canadian telecoms giant Rogers have been found sitting on the open internet.
The leaked software, seemingly uploaded to GitHub by a Rogers engineer before they left the telco, is written in Java and powered various components of Rogers.com. The materials are marked “closed source” and copyright Rogers, yet can be found on the web if you know where to look. Details of and credentials for services and systems on the ISP’s internal networks are included.
Tomi Engdahl says:
Microsoft exposes 250M customer service records via misconfigured Elasticsearch database
https://siliconangle.com/2020/01/22/microsoft-exposes-250m-customer-service-records-via-misconfigured-elasticsearch-database/
“Misconfigurations are unfortunately a common error across the industry,” Microsoft’s Security Response Center noted. “We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database. As we’ve learned, it is good to periodically review your own configurations and ensure you are taking advantage of all protections available.”
Tomi Engdahl says:
Wawa customer’s hacked info being sold, cybersecurity firm says
https://6abc.com/firm-says-wawa-customers-hacked-credit-card-info-being-sold/5886283/
Wawa said Tuesday it is responding to reports that hacked information from its customers’ credit cards may be being sold on the dark web.
The company said in a news release that customers who may be affected can obtain free credit monitoring and identity theft protection.
Cybersecurity firm Gemini Advisory said information from the Wawa theft began to show up for sale on the dark web this week. Gemini said the data breach ranks among the largest ever, potentially exposing 30 million sets of payment records.
The breach affected all of Pennsylvania-based Wawa’s stores, which stretch along the East Coast.
https://6abc.com/5769537/
Tomi Engdahl says:
A Christian-friendly payments processor spilled 6 million transaction records online
https://techcrunch.com/2020/01/28/cornerstone-payments-credit-cards/?tpcc=ECFB2020
A little-known payments processor, which bills itself as a Christian-friendly company that does “not process credit card transactions for morally objectionable businesses,” left online a database containing years’ worth of customer payment transactions.
The database contained 6.7 million records since 2013, and was updating by the day. But the database was not protected with a password, allowing anyone to look inside.
Security researcher Anurag Sen found the database. TechCrunch identified its owner as Cornerstone Payment Systems
Although there was some evidence of tokenization — a way of replacing sensitive information with a unique string of letters and numbers — the database itself was not encrypted.
Tomi Engdahl says:
According to the researchers’ report, the breach allowed them to access information about more than 30,000 buyers, including scans of government-issued photo IDs and details about the amount and types of cannabis products customers purchased
30,000 MARIJUANA BUYERS’ PERSONAL INFO EXPOSED IN DATA BREACH
https://futurism.com/the-byte/30000-marijuana-buyers-personal-info-exposed-data-breach
A team of data privacy researchers discovered a major breach in a platform used by multiple marijuana dispensaries in the United States to manage sales.
According to the researchers’ report, the breach allowed them to access information about more than 30,000 buyers, including scans of government-issued photo IDs and details about the amount and types of cannabis products customers purchased.
Report: Cannabis Users’ Sensitive Data Exposed in Data Breach
https://www.vpnmentor.com/blog/report-thsuite-breach/
Tomi Engdahl says:
LabCorp security lapse exposed thousands of medical documents
https://tcrn.ch/38J4Eu2
A security flaw in LabCorp’s website exposed thousands of medical documents, like test results containing sensitive health data.
It’s the second incident in the past year after LabCorp said in June that 7.7 million patients had been affected by a credit card data breach of a third-party payments processor. That breach also hit several other laboratory testing companies, including Quest Diagnostics.
Using computer commands, we determined the approximate number of exposed documents by asking the exposed server if a document existed by returning certain properties about the file — such as its size — but not the document itself. This allowed us to see if a document was on the server without accessing large amounts of patient information, and thus preventing any further exposure to the patient’s privacy.
The results showed at least 10,000 documents were exposed.
Running afoul of HIPAA can result in heavy fines.
“This is a massive privacy issue — and one that could impact affected users and patients for years to come,” said Rachel Tobac, a hacker, social engineer and founder of SocialProof Security. “The sensitive nature of those documents and the leak of private medical status is a huge privacy violation for those patients for obvious reasons, but also sadly for some possibly less glaring reasons, as well.”
Tomi Engdahl says:
“There were lengthy delays in security projects, and, internally, departments were ignoring compliance efforts……over the nearly 1,500 websites and web apps identified only a single one had carried out a security assessment.”
UN didn’t patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it
https://www.theregister.co.uk/2020/01/29/un_covered_up_hack/
For an organization accused of being ‘all talk, no action’, there’s not even enough talking – to its own employees
The United Nations’ European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants’ fingertips. Incredibly, the organization decided to cover it up without informing those affected nor the public.
That is the extraordinary claim of The New Humanitarian, which until a few years ago was an official UN publication covering humanitarian crises. Today, it said the UN has confirmed both the hack and the decision not to divulge any details.
Dozens of UN servers were impacted in an attack that began in mid-July 2019 but was only noticed one month later, according to a confidential report dated September 20. The publication gained access to that report, which outlines a series of security holes discovered by an external forensic company as well as internal efforts to contain the hack.
A senior IT official dubbed the attack a “major meltdown,” in which personnel records – as well as contract data covering thousands of individuals and organizations – was accessed
Tomi Engdahl says:
Cannabis Data Breach Leaks 85,000 Dispensary Files
https://www.ganjapreneur.com/cannabis-data-breach-leaks-85000-dispensary-files/
A data breach discovered in the cannabis point-of-sale system THSuite has reportedly leaked more than 85,000 files from dispensaries, including patient info, throughout the U.S.
Tomi Engdahl says:
Dozens of companies have data dumped online by ransomware ring seeking
leverage
https://arstechnica.com/information-technology/2020/01/dozens-of-companies-have-data-dumped-online-by-ransomware-ring-seeking-leverage/
Maze operators “gift” Pensacola by removing data dump, but others not
so lucky.. The Maze ransomware ring has taken extortion to new heights
by publicly posting breached data on the Internetand threatening full
dumps of stolen data if the ring’s “customers” don’t pay for their
files to be unencrypted.
Tomi Engdahl says:
Twitter warns hackers exploited an API bug on its platform to inappropriately match and learn linked phone numbers of millions of users. Based on IP addresses engaged in the attack, Twitter believes some of them may have ties to state-sponsored actors.
An Incident Impacting your Account Identity
https://privacy.twitter.com/en/blog/2020/an-incident-impacting-your-account-identity
On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers. We immediately suspended these accounts and are disclosing the details of our investigation to you today because we believe it’s important that you are aware of what happened, and how we fixed it.
Tomi Engdahl says:
Millions of Israeli voters’ data leaked by election management app
https://www.slashgear.com/millions-of-israeli-voters-data-leaked-by-election-management-app-09609144/
Elections are one of the oldest sociopolitical activities of humanity and, given its rather sensitive nature, has been slow to change over the centuries. Attempts to modernize elections and the systems around them have always been met with suspicion and scrutiny due to fears of data and security breaches. In Israel, those fears materialized in what may be the worst case the country has faced, and it isn’t even due to the election system itself and only a third-party app for managing voters
“one-off incident that was immediately dealt with”. It might have been too late, however, as unrestricted access to data of 6,453,254 citizens in Israel may have been available for an undisclosed period of time. Those pieces of information included full names, identity card numbers, addresses, genders, phone numbers, and other pieces of personal data
Israeli newspapers Haaretz reports that this isn’t the first time the Likud has been involved in security breaches but this may be one of the most massive.
Various parties, advocates, and experts have pointed out the security risks of the system in the past
Tomi Engdahl says:
Horrible but hilarious… #CampaigningTheRightWay #RightClickViewSource
Personal Data of All 6.5 Million Israeli Voters Is Exposed
https://www.nytimes.com/2020/02/10/world/middleeast/israeli-voters-leak.html
Tomi Engdahl says:
Misconfigured Docker Registries Expose Thousands of Repositories
https://www.securityweek.com/misconfigured-docker-registries-expose-thousands-repositories
Thousands of code repositories were found exposed in over one hundred Docker registries that are accessible from the Internet without authentication, Palo Alto Network reports.
Containing critical business data such as application source code and historical versions, these registries could put an organization’s entire cloud infrastructure at risk. Exposure could result in stolen proprietary intellectual property, hijacked operation critical data, or malicious code being injected.
Docker registries are servers where Docker images are stored and organized into repositories, with each repo containing images of one application and multiple versions of the application, each with a unique tag. Docker registries include support for three primary operations: pushing, pulling, and deleting images.
Of 941 Docker registries found to be exposed to the Internet, 117 do not require authentication, Palo Alto Networks’ security researchers say. Of the misconfigured registries, 80 allow the pull operation, 92 the push operation, and 7 the delete operation.
Tomi Engdahl says:
Software Error Exposes the ID Numbers For 1.26 Million Danish Citizens
https://yro.slashdot.org/story/20/02/10/2022246/software-error-exposes-the-id-numbers-for-126-million-danish-citizens?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
A software error in Denmark’s government tax portal has accidentally exposed the personal identification (CPR) numbers for 1.26 million Danish citizens, a fifth of the country’s total population.
Software error exposes the ID numbers for 1.26 million Danish citizens
Danish tax portal accidentally shares tax payer identification numbers with Google and Adobe analytics services.
https://www.zdnet.com/article/software-error-exposes-the-id-numbers-for-1-26-million-danish-citizens/
Tomi Engdahl says:
App Used by Netanyahu’s Likud Leaks Israel’s Entire Voter Registry
https://www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696
The Likud has uploaded the full register of Israeli voters to an
application, causing the leak of personal data on 6,453,254 citizens.
The information includes the full names, identity card numbers,
addresses and gender of every single eligible voter in Israel, as well
as the phone numbers and other personal details of some of them..
Also:
https://www.zdnet.com/article/netanyahus-party-exposes-data-on-over-6-4-million-israelis/
Tomi Engdahl says:
Beauty and the Breach: Estée Lauder Exposes 440 Million Records in Unprotected Database
https://www.securityweek.com/beauty-and-breach-est%C3%A9e-lauder-exposes-440-million-records-unprotected-database
Cosmetic company Estée Lauder exposed 440 million records to the Internet in a database that was left accessible without proper protection, a security researcher says.
Headquartered in New York, Estée Lauder sells products in more than 135 countries and territories. The Estée Lauder Companies owns multiple internationally renowned brands.
The exposed database was discovered on January 30 by Security Discovery security researcher Jeremiah Fowler, who attempted to contact Estée Lauder immediately after identifying user email addresses in the database.
In total, 440,336,852 records were inadvertently exposed to the Internet, including audit logs containing a large number of email addresses in each document.
The exposed data, Fowler says, included user email addresses in plain text. Internal email addresses from the @estee.com domain were also present in the database.
Additionally, there were production, audit, error, CMS, and middleware logs left widely accessible to anyone with an Internet connection. References to reports and other internal documents were also found in the database.
Tomi Engdahl says:
Estee Lauder Data Leak, 440 Million Records Exposed
http://on.forbes.com/61871itDT
On January 30, security researcher Jeremiah Fowler discovered a database online that contained what he says was “a massive amount of records.” That internet-facing database had no password protection in place, contained a total of 440,336,852 records, and was connected to the New York-based cosmetics giant, Estee Lauder.
Last year I reported how 198 million car buyer records had been exposed online in a massive data leak. The man behind that story was Jeremiah Fowler, a senior security researcher at Security Discovery. So, when Fowler contacted me earlier today with news of a leak more than twice as big, you can bet I sat up straight and paid attention.
Estee Lauder quick to close down access to the database
It proved far more difficult than it should do to report such a thing, but this isn’t unusual when dealing with large companies in the experience of Fowler. “When I call a company or organization, the first thing I ask is ‘who can I speak with to report a data incident,’ but you would be shocked at how many companies do not have a protocol when it comes to exposed data.” I am not shocked.
“They were responsive and restricted public access the same day I notified them,” Fowler says, adding, “they closed it so fast that I was unable to get a real in-depth look inside many of the folders.” However, the entire database was accessible to anyone with an internet connection, so anyone could have potentially had access or stolen the data while it was unprotected, Fowler says. “Only a full cyber forensic investigation will determine who else gained access.”
Such exposed databases appear to be increasingly common. I have reported on how 250 million Microsoft custromer records were exposed, data on 419 million Facebook users was found on unsecured databases and, most shocking of all, the entire 16.6 million population of Ecuador was leaked online in a similar fashion.
Tomi Engdahl says:
Jailcore database leaks PII of inmates & correctional officers across US
https://www.hackread.com/jailcore-database-leaks-us-inmates-pii-correctional-officers/
A new data breach has taken place involving the information of inmates this time as opposed to conventional cases. The data exposure was discovered though an Amazon s3 bucket that belongs to a company named JailCore which is a “correctional facility management and compliance cloud-based application” as they advertise themselves.
Yet, the latter part of their service offering focused on creating a cloud-based application has resulted in this crisis in the first place. You see, to offer such a service, they needed to create a database online.
Initially, the database was discovered this year on January 3 and reported to the firm 2 days later on January 5. However, due to a lack of action on behalf of the company, the researchers had to notify the USA’s Pentagon on January 15 which eventually led to the bucket being taken down.
According to vpnMentor’s blog post, containing 36,077 files to be precise, it hosted personally identifiable information (PII) of inmates that were present in specific detention centers along with the correctional officers.
Report: Inmates’ Prescriptions & PII Leaked in Breach Spanning Multiple Jailhouses
https://www.vpnmentor.com/blog/report-jailcore-leak/
Tomi Engdahl says:
Over 15.1 Billion Records Exposed in Data Breaches in 2019
https://www.securityweek.com/over-151-billion-records-exposed-data-breaches-2019
More than 15.1 billion records were exposed in 2019 as part of the data breaches that were publicly reported, Risk Based Security reveals.
The number of exposed records registered a massive 284% spike compared to the previous year (which had 5.3 billion records exposed), and also marked a 91% increase compared to 2017 (7.95 billion records).
A total of 7.2 billion records were compromised between October 1 and December 31, 2019, with four events accounting for 93.5% of these records. All four involved open, misconfigured databases that were made publicly accessible.
The number of reported data breaches was of 7,098 last year, representing only a 1% increase compared to the 7,035 breaches reported in 2018.
Tomi Engdahl says:
PhotoSquared app exposed customer photos and shipping labels
https://techcrunch.com/2020/02/14/photosquared-shipping-labels-exposed/
At least 10,000 shipping labels were stored in a public Amazon Web Services (AWS) storage bucket. There was no password on the bucket, allowing anyone who knew the easy-to-guess web address access to the customer data. All too often, these AWS storage buckets are misconfigured and set to “public” and not “private.”
The exposed data included high-resolution user-uploaded photos and generated shipping labels, dating back to 2016, and was updating by the day. The app has more than 100,000 users, according to its Google Play listing.
It’s not known how long the storage bucket was left open.
Tomi Engdahl says:
App used by Netanyahu’s Likud leaks Israel’s entire voter registry
https://www.haaretz.com/israel-news/elections/.premium-app-used-by-netanyahu-s-likud-leaks-israel-s-entire-voter-registry-1.8509696
Names, identification numbers and addresses of over 6 million voters were leaked through the unsecured Elector app
The Likud has uploaded the full register of Israeli voters to an application, causing the leak of personal data on 6,453,254 citizens. The information includes the full names, identity card numbers, addresses and gender of every single eligible voter in Israel, as well as the phone numbers and other personal details of some of them.
Tomi Engdahl says:
Facebook was repeatedly warned of security flaw that led to biggest data breach in its history
https://www.telegraph.co.uk/technology/2020/02/09/facebook-repeatedly-warned-security-flaw-led-biggest-data-breach/
Exclusive: Employees described feeling remorse and ‘guilt’ that they ‘could have prevented’ the cyber attack that affected 29 million people
Facebook knew about a huge security flaw that let hackers to steal personal data from millions of its users almost one year before the crime, yet failed to fix it in time, the Telegraph can reveal.
Legal documents show that the company was repeatedly warned by its own employees as well as outsiders about a dangerous loophole that eventually led to the massive data breach in September 2018.
Tomi Engdahl says:
Ever stayed here for DEFCON?
Yeah about that…. you just got pwned…
Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum
https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/
MGM Resorts said security incident took place last summer and notified impacted guests last year.
The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.
Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world’s largest tech companies.
MGM RESORTS SAYS THEY NOTIFIED CUSTOMERS LAST YEAR
Within hours, the MGM Resorts team was able to verify the data and track it to a past security incident.
An MGM spokesperson told ZDNet the data that was shared online this week stems from a security incident that took place last year.
“Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts,”
A POTENTIAL DANGER OF SIM SWAPPING AND SPEAR-PHISHING
However, while MGM’s security incident went under the radar last year, the publication of this data dump on a very popular hacking forum this week has brought it to many hackers’ attention.
Tomi Engdahl says:
US defense agency says personal data ‘compromised’ in 2019 data breach
https://tcrn.ch/32mPqsV
A U.S. defense agency charged with providing information technology and communications support to the U.S. government, including the president and other senior officials, says its network may have been “compromised.”
The Defense Information Systems Agency sent letters to possible victims earlier this month to warn of a “data breach” involving a system run by the agency.
It’s believed Social Security numbers and other sensitive information may have been taken in the data breach between May and July 2019, the letter said. But it’s not known if the data was stored on a classified system.
DISA, a division of the Dept. of Defense., has about 8,000 military staff and contractors.
Tomi Engdahl says:
Celeb Shout-Out App Cameo Exposes Private Videos and User Data
https://www.vice.com/en_us/article/akwj5z/cameo-app-exposed-private-videos-user-data-passwords
Motherboard wrote basic code to compile lists of videos that users had explicitly marked as private on the app.
Cameo, the increasingly popular app for paying celebrities to record short personal videos, exposed a wealth of user data including email addresses, hashed and salted passwords and phone numbers, and messages via a misconfiguration in its app. The site also has an issue where videos that are supposed to be private are actually available for anyone to find and download.
Tomi Engdahl says:
U.S. agency that handles Trump’s secure communication suffered data breach
https://www.reuters.com/article/us-usa-defense-breach/u-s-agency-that-handles-trumps-secure-communication-suffered-data-breach-idUSKBN20E27A
The letters, dated Feb. 11, 2020, say that between May and July 2019, personal data may have been compromised “in a data breach” of a system hosted by the Defense Information Systems Agency.
The agency provides direct telecommunications and IT support for the president, Vice President Mike Pence, their staff, the U.S. Secret Service, the chairman of the Joint Chiefs of Staff and other senior members of the armed forces, according to its website.
Tomi Engdahl says:
https://techcrunch.com/2020/01/30/spicejet-breach-millions-passengers/
SpiceJet, one of India’s largest privately owned airlines, suffered a data breach involving the details of more than a million of its passengers, a security researcher told TechCrunch.
Tomi Engdahl says:
US: 2019 Healthcare Data Breach Report
https://www.hipaajournal.com/2019-healthcare-data-breach-report/
Figures from the Department of Health and Human Services Office for
Civil Rights breach portal show a major increase in healthcare data
breaches in 2019. Last year, 510 healthcare data breaches of 500 or
more records were reported, which represents a 196% increase from
2018.
Tomi Engdahl says:
Third-Party Breaches and the Number of Records Exposed Increased
Sharply in 2019
https://www.darkreading.com/attacks-breaches/third-party-breaches—and-the-number-of-records-exposed—increased-sharply-in-2019/d/d-id/1337037
Third-party risks are quickly mounting for enterprise organizations if
the number of data breaches and total number of records exposed as a
result are any indication. In a recent analysis of data pertaining to
security breaches in 2019, Risk Based Security uncovered a sharp
increase in incidents involving companies handling sensitive data for
business partners and other clients. The total number of such
third-party breaches hit 368 in 2019, up from 328 in 2018 and 273 in
2017 a 35% increase in two years.
Tomi Engdahl says:
Slickwraps Discloses Data Breach
https://www.securityweek.com/slickwraps-discloses-data-breach
Slickwraps, a company that provides protection solutions and accessories for phones, computers and other devices, has revealed that user data was compromised recently after a third party accessed an unprotected database left accessible from the Internet.
The Kansas-based company says user names, email addresses, and physical addresses were included in the databases, although no passwords or financial details were stored there.
According to Slickwraps, the incident impacted “some of our non-production databases,” all of which were immediately secured after learning of the exposure. However, the company recommends that users reset their passwords and be wary of phishing emails.
Tomi Engdahl says:
Samsung Says it Leaked Data on Handful of UK Customers
https://www.securityweek.com/samsung-says-it-leaked-data-handful-uk-customers
Samsung said Tuesday that a “technical error” caused its website to display other customers’ personal information.
The technology company said the error affected only its U.K. website at http://samsung.com/UK and affected fewer than 150 customers.