Search This Blog

Showing posts with label Data Leaked. Show all posts

Ghana’s National Service Secretariate Exposed 700K Individuals Data Due to Cloud Misconfiguration

 

Noam Rotem and Ran Locar researchers for VPNMentor stated that Ghana's National Service Secretariat – NSS – has encountered a significant database malfunction that compromised data of up to 700,000 individuals from and around the country, totaling 55GB of data. 

According to researchers, this leak poses a serious risk to Ghanian government employees affiliated with the organization as well as thousands of its people. The exposed database was identified on September 29, 2021, and the NSS and CERT-GH were contacted between October 6th and 12th, 2021. 

NSS is essentially a government initiative that oversees a year of mandatory public service for Ghana-based graduates of selected educational institutions. Every year, thousands of students enroll in this program to work in various public areas such as healthcare. 

As per the VPNMentor research, the NSS used Amazon Web Services (AWS) to store approximately 3 million files from its various applications. 

Although some of the documents in the cloud storage account were password-protected, the majority of the files were still accessible to the public as well as the database. 

“While the NSS had password-protected many documents stored on the S3 bucket, the bucket itself was left completely open, leaving the contents totally exposed and easily accessible to anyone with a web browser and technical skills,” VPNMentor’s report read. 

This breach exposes the personal information of at least 700,000 people, leaving them vulnerable to fraud, identity theft, and hacking scams. Furthermore, employees working for the government agency have become subject to a variety of threats. 

The compromised database contains participants' program membership cards and identity documents, such as the Ghana National Health Insurance Scheme, professional IDs based on the candidate's placement industry, and so on. 

Moreover, the organization saved several types of passport photographs submitted by participants. The Computer Emergency Response Team of Ghana (CERT-GH) has acknowledged that the database was compromised and has stated that the problem will be resolved as soon as possible.

16.17 GB of User Data Stored in Fitness Bands, Exposed

 

The development and sudden boom in IoT equipment in the healthcare sector have resulted in the surge of cyber attacks. The use of wearable equipment such as health trackers and fitness bands has recently grown common. The safety and security features of these fitness trackers are an ongoing worry since they have a lot of important information about the user. 

Recently, 16.18 GB of unencrypted database disclosing over 61 million records of users stored in their fitness wearables was identified in the latest security analysis at WebsitePlanet. A substantial percentage of disclosed records were all related to IoT fitness and health monitoring devices. 

Following additional research, several references were made to "GetHealth," a New York City-based firm that claims a unified solution for hundreds of wearables, healthcare devices, and apps to access health and wellness data. The GetHealth database was not encrypted by default and allows easy accessibility for everyone. After researchers have notified GetHealth, the database is now encrypted. 

GetHealth platform can synchronize health-related information from a multitude of sources, such as Fitbit, Misfit Wearables, Microsoft Band, Strava, Google Fit, 23andMe, Daily Mile, FatSecret, Jawbone UP, Life Fitness, MapMyFitness, MapMyWalk, Moves App, PredictBGL, Runkeeper, Sony Lifelog, Strava, VitaDock, Withings, Apple HealthKit, Android Sensor, and S Health.

Plenty of the information leaked comprised the first and last names of users, date of birth, body weight, height, sex, geolocation, etc. “This information was in plain text while there was an ID that appeared to be encrypted. The geolocation was structured as in America/New_York, Europe/Dublin and revealed that users were located all over the world,” WebsitePlanet said. 

Whereas the researchers analyzed a sample of 20,000 records, the majority of leaked data were from Fitbit (2.766 times) as well as from Apple HealthKit (17,764). This security flaw affects a majority of the customers of Apple Healthkit because Healthkit gathers deeper health information than any other instruments or applications, like blood pressure, body weight, sleep levels, and blood glucose. 

Fitness trackers are equipped with vital information to monitor the user's health. This might also lead to several privacy problems, regrettably. The confidential material of users is a financial enterprise for individuals in charge of threats. In tailored phishing attacks, identity thefts, or social engineering attacks, the data may be abused by cybercriminals. 

“This case sets an example of how lack of care with sensitive data can make risks escalate indefinitely, as millions of people were exposed simply by wearing tracking devices during their workout sessions,” WebsitePlanet added.

Millions Of Indonesians Personal Information Leaked Over a Data Breach

 

In their COVID-19 test-and-trace application, Indonesia investigated a probable security vulnerability that left 1.3 million individuals' data and health status exposed. 

On Friday 3rd of September, following a week-long cyber-attack, PeduliLindungi became the country's second COVID-19 tracking app following eHAC to suffer a data breach. The PeduliLindungi leak has not been identified yet, but the eHAC violation has impacted 1.3 million users. These 2 data breaches occurred in succession within a week. 

The eHAC Data Breach 

According to a Health Ministery official, the government is suspecting its partner as the likely source of infringement in the eHAC app ( electronic health alert card), which has been disabled since July 02. 

The EHAC is a necessary prerequisite for travelers entering Indonesia, which was launched this year. It maintains the records of the health condition of users, personal information, contact information, COVID-19 test results, and many others. 

Researchers from the vpnMentor encryption provider who perform a web mapping operation have discovered a breach to detect unauthorized data stores with confidential material. 

On 22nd July, researchers informed Indonesia's Emergency Response Team and have revealed their conclusions. The Ministry of Communications and Information Technology published a statement on August 31, more than one month after the disclosure, which stated that the data violation would be investigated according to the Electronic Systems and Transactions Regulations of the country. 

Anas Ma'ruf, a health ministry official said, "The eHAC from the old version is different from the eHAC system that is a part of the new app”. "Right now, we're investigating this suspected breach". 

PeduliLindungi Leak

A data search function on the PeduliLindungi-application enables anybody to search for personal data and information on COVID-19 vaccination for Indonesians, including that from the president, Damar Juniarto, a privacy rights activist who also is the vice president of regional government relations at technology firm Gojek, as per a Twitter thread. 

Zurich-based cybersecurity analyst Marc Ruef has shared a screenshot with the President of a compromised COVID-19 vaccination certificate, as it includes his national identity number. However, Ruef did not specifically mention whether PeduliLindungi's data was disclosed. All this explicates that personal identification data and confidential information is scattered everywhere. 

While the Government admitted the breach of the eHAC data and presented a plan of action for the analysis and restoration of flaws, PeduliLindungi has been exonerated. 

The Ministery of Communications and Information Technology of the state, called Kominfo, states that the data on the president's NIK and vaccination records did not originate in the database of PeduliLindungi.

Experts claim such data violations highlight the inadequate cyber security architecture in Indonesia. In May, the officials also conducted a survey on the alleged violation by the state insurer of the country of social security data.

800+ Million WordPress Users Records Leaked Online

 

On 16 April 2021, security researcher Jeremiah Fowler together with the Website Planet Research Team revealed a non-password secured database with less than one billion records. The leaked documents included WordPress account user names, display names, and emails. 

Over 800 million WordPress-linked records are leaked in this misconfigured cloud database. There are many internal documents leaked that should not be available to the general public in the monitoring and file logs. 

Multiple references to DreamHost were discovered upon further study. The well-known hosting company for over 1.5 million websites is also an easy way to install, the famous WordPress blog platform. DreamPress is Dream Host's Managed WordPress hosting, as per their website. It's a scalable solution that can administer WordPress websites for users. 

They uncovered 814 million records from the managed WordPress hosting company DreamPress, which appeared to be from 2018. 

Allegedly, there were administration and user data in the 86GB database, containing URLs for WordPress login, first and last names, email addresses, user names, roles, IP addresses of the Host, time stamps, and settings and security information. 

Fowler said that some of the disclosed data were associated with users using .gov and .edu email addresses. 

Nevertheless, within hours of receiving a timely notice by Dream Host from Fowler, the database was secured. 

However, the study stated the duration of exposure was not apparent, and users could be in danger of phishing. Threat actors that scan for unprotected databases such as this have also seized and ransomed the data contained within. 

Fowler also pointed out "actions," for example domain registers and renewals, in a database record.

“These could potentially give an estimated timeline of when the next payment was due and the bad guys could try to spoof an invoice or create a man-in-the-middle attack,” he argued. “Here, a cyber-criminal could manipulate the customer using social engineering techniques to provide billing or payment information to renew the hosting or domain registration.” 

This type of problem becomes increasingly widespread due to the complexity of modern cloud environments.

5.6 Million Customer Records Leaked as Music Marketplace Giant Reverb Suffers Data Breach

 

The sensitive information of some leading artists has been compromised in data breaches witnessed by the world's biggest online music market. Reverb was infringed after an unprotected database containing consumer details has been leaked online. 

Reverb.com is a marketplace for modern, used, and antique music equipment online. David Kalt founded this website in 2013, shortly after acquiring Chicago Music Exchange, but was disappointed with the then available choices for online acquisition and sale of guitars. With even more than 10 million monthly visitors and $47 million in revenue, it has developed into a multimillion-dollar company. 

Reverb clients recently received data breach notices which stated that customer details, comprising customer names, addresses, telephone numbers, and email addresses, were leaked as millions of records of the company were found on the web by an independent cybersecurity advisor Volodymyr "Bob" Diachenko on the unprotected Elasticsearch servers. 

Although the notice from Reverb does not clarify how the data was disclosed, Bob Diachenko, Security Researcher puts a different spin on what has happened. Diachenko claims he found a publicly revealed Elasticsearch server, which had over 5.6 million documents. 

"To confirm my thought, I ran a quick check and was able to find several high-profiled sellers’ details, including Bill Ward of Black Sabbath, Jimmy Chamberlin of the Smashing Pumpkins, Alessandro Cortini of Nine Inch Nails and more," explained a report by Diachenko. 

The researcher presumes that it refers to sellers instead of tourists because of the scale of the database and its layout. Specifically aimed phishing attacks are the principal threat to users whose data have been exposed. These include e-mails, texts, or even phone calls. To convince victims to disclose additional information, including usernames and passwords for their account or payment details, scammers can pose as reverb or a related business. It is a problem that consumer shopping IDs are revealed as they can be used to legitimize fraudulent letters. 

One must bear in mind that cybercriminals may use other data exposure information to learn more about possible suspects. This might make phishing attempts particularly persuasive. Customers must check for such messages and prevent opening links or attachments in unwanted emails or texts. 

If a database researcher can locate the database, it might also be detected by a threat actor if the database were not guarded. In this context, it is better to presume that user information has been exposed and that they are looking for potential e-mails with this information. Reverb does not reset user passwords as seen in this violation, since they have not been exposed. Reverb further suggests that users must reset their passwords regularly for increased protection.

Furniture Retailer Vhive's Data Breach: Customer Information Leaked Online, Under Investigation

 

The officials are investigating a data breach at local furniture retailer Vhive, which resulted in customer’s personal information such as phone numbers and physical addresses being leaked online. In response to questions from The Straits Times on Saturday, April 3, police confirmed that a report had been filed on the matter.

According to the company, information compromised in the hack includes customers' names, physical and e-mail addresses, and mobile numbers, but it did not include identification numbers or financial information.

In a Facebook post on March 29, Vhive announced that its server was hacked on March 23 and that it was working with police and other relevant agencies, as well as IT forensic investigators, to investigate the breach. 

"All financial records in relation to purchases made with Vhive are held on a separate system which was not hacked," said Vhive. 

"We are truly sorry for the incident and stand ready to assist you if you require immediate help," Vhive told customers. 

According to ST's checks on Saturday afternoon, Vhive's e-mail servers were also compromised. The website only displayed a warning of the cyber attack, while the company's stores on the online shopping platforms Lazada and Shopee were open for business. 

The Altdos hacking group, which operates mainly in Southeast Asia, has claimed responsibility for the breach. In an email to affected customers on Saturday, Altdos said it had hacked into Vhive three times in nine days and claimed to have stolen information of over 300,000 customers as well as nearly 600,000 transaction records. 

The group announced that it will publish 20,000 customer records daily until its demands to Vhive’s management are met. In its Facebook statement, Vhive said it would be closely guided by the forensic investigator and authorities on the steps to protect its systems and ensure that customers can conduct transactions securely. 

In previous hacking incidents, Altdos has stolen customer data from companies, blackmailed the compromised company, leaked the data online if its requirements were not met, and publicized the violations. The cyberattacks were mainly focused on stock exchanges and financial institutions. 

In January, Altdos claimed to have broken into the IT infrastructure of the Bangladeshi conglomerate Beximco Group and stole data from 34 of its databases. 

Last December, it hacked a Thai securities trading firm and posted stolen data online when the firm allegedly failed to confirm her emails and claims.

Zee5 Once Again Caught In Data Breach; Info Of 9 Million Users Exposed

 

Zee5, an Indian Leading giant over-the-top (OTT) platform has witnessed a data breach. According to the information, the data breach has exposed sensitive credentials of the 9 Million customers of the network. Screenshots of the stolen database which were accessed by Inc42 have disclosed that hacked information contained the names of the clients, IP addresses, phone numbers, email addresses, and their usernames of the Zee5 accounts. 

At first, the incident has been reported to the Inc42 by an independent Cybersecurity researcher ‘Rajshekhar Rajaharia’. Additionally, it has also been confirmed that the leaked data of at least a few clients were genuine and that of Zee5 customers. 

An unidentified threat actor had uploaded a sample of the full stolen database that included descriptive information of 1 Million customers of Zee5 on an AnonFiles link. Whilst the leaked data has not directly compromised the accounts of victims, but there's a high likeability in the future that the details of contact that are contained in the database could be used for large-scale phishing attacks and for various scams in cyberattacks such as taking advantage of the stolen database to try to find similarities on other vulnerable platforms. 

A Zee5 spokesperson responded to Inc42, “We have noted some reports claiming about the data breach at Zee5’s end and we are investigating it further. We would like to confirm that all the sensitive information of our subscriber user base has not been compromised and is fully secured.” 

In July 2020, cyber attackers had affirmed to have stolen a 150 GB sized database that they had planned to sell online privately. 

However, at that time, the organization had responded to the public regarding an attack in negative, even though the intelligence warned that the information is being sold on the dark web. 

As of December 2020, the Zee5 had confirmed that the network has a monthly 65.9 Million active users (MAUs) and 5.4 Million daily active users (DAUs). 

Meanwhile, in June 2020, a Sensor Tower had revealed in its report that the Zee5 OTT platform was the ninth most downloaded streaming app worldwide with 4.16 Million downloads in the month of July itself.  Active users are from India, Pakistan, and the United Arab Emirates; they constitute 96% of the userbase for the platform.