A major data breach has impacted the online survey platform SurveyLama, putting the sensitive data of over four million individuals at risk. The breach, which occurred in February of this year, was confirmed by the company to Troy Hunt, the creator of the well-known website Have I Been Pwned?, which tracks email addresses exposed in data breaches.
What Happened:
Unknown attackers gained unauthorised access to SurveyLama's database, compromising users' names, dates of birth, email addresses, IP addresses, passwords, phone numbers, and postal addresses. This breach leaves users vulnerable to identity theft and phishing scams.
Implications for Users:
SurveyLama rewards its users for completing surveys, making them potential targets for phishing emails. While passwords were stored in encrypted forms (salted SHA-1, bcrypt, and argon2 hashes), some could still be susceptible to brute-force attacks, especially those hashed with SHA-1, which has known vulnerabilities. Users are strongly advised to update their passwords immediately as a precautionary measure.
Protective Measures:
SurveyLama has reportedly notified affected users via email about the breach. However, users should remain cautious of any suspicious emails, particularly those promising rewards in exchange for quick action. Although the stolen information has not yet been publicly posted or sold on the dark web, proactive steps should be taken to secure accounts.
Expert Insight:
Troy Hunt, upon receiving information about the breach, independently verified the data's authenticity. SurveyLama confirmed the security incident and assured users that passwords were stored in encrypted forms. Nonetheless, users are encouraged to reset their passwords not only on SurveyLama but also on other platforms where similar credentials may have been used.
While SurveyLama has taken steps to address the breach and notify affected users, the potential risks remain significant. The possibility of the stolen data being exploited privately or leaked to cybercriminals underscores the importance of immediate action by users to safeguard their personal information.
All in all, the SurveyLama data breach serves as a reminder of the ever-present threats to online security and the importance of vigilance in protecting personal data. Users must stay informed, remain cautious of suspicious activities, and take proactive measures to enhance their online security posture.
In a recent data breach, what came to be known as the ‘mother of all breaches,’ a whopping 12 terabytes (TB) of data was compromised. This data involved 26 billion records. The records were gathered through sales, breaches, and leaks.
The discovery was made by Bob Dyachenko, a cybersecurity researcher at SecurityDiscovery.com along with the team at Cybernews.com.
As of right now, researchers believe that this is a combination of various breaches and leaks rather than coming from a single source. Some of the data in this collection are duplicates. They have yet to completely rule out the possibility that any new data will be included.
Given the discovery of the data set, credential-stuffing assaults are anticipated to occur shortly. For those unaware, credential stuffing is the practice of malicious actors using a user's login credentials from one website to try them on another. When a person uses the same password across several websites, these assaults are typically successful.
One thing that a user can do is check whether they were a part of any leak, not only this one. One can do so by going to Have I Been Pwned or Cybernews’ lookup tool.
The best thing one can do in case they have been compromised or not is to follow these rules from the Tech Talk Commandments:
Orrick, Herrington & Sutcliffe, the San Francisco-based company revealed last week that that during an attack in March 2023, threat actors stole personal information and critical health data of more than 637,000 data breach victims.
Orrick said that the hackers had taken massive amounts of data from its systems related to security incidents at other organizations, for which he provided legal assistance, in a series of letters notifying those impacted of the data breach.
Orrick informs that the data involved in the breach involved its customers’ data, including those with dental policies with Delta Dental, a major healthcare insurance network that covers millions of Americans' dental needs, and those with vision plans with insurance company EyeMed Vision Care.
The company further added that it had contacted with the U.S. Small Business Administration, the behavioral health giant Beacon Health Options (now Carelon), and the health insurance provider MultiPlan that their data was also exposed in Orrick's data breach.
Apparently, the stolen data includes victims’ names, dates of birth, postal address and email addresses, and government-issued identification numbers, such as Social Security numbers, passport and driver license numbers, and tax identification numbers. Also, information about patient’s medical treatment and diagnosis details, insurance claim like date and service-charges, and healthcare insurance numbers and provider details have been compromised.
Orrick further says that credit or debit card details as well as online account credentials were also involved in the breach.
Since the initial announcement of the breach, the number of affected individuals have been on the rise. In its recent breach notice, Orrick states that it “does not anticipate providing notifications on behalf of additional businesses,” however the company did not specify how it came to this conclusion.
Orrick said in December to a federal court in San Francisco that it reached a preliminary settlement to end four class action lawsuits that claimed Orrick failed to disclose the breach from victims for months after it had occurred.
“We are pleased to reach a settlement well within a year of the incident, which brings this matter to a close, and will continue our ongoing focus on protecting our systems and the information of our clients and our firm,” added Orrick’s spokesperson.
The companies – TransUnion and Experian – were the ones that were hit by the cybercrime attack.
According to Times Live, the hackers, the Brazil-based N4ughtySecTU Group, who had previously breached TransUnion's security and firewalls, claimed to have successfully evaded the safeguards of the company once again, following which they stole the data.
Apparently, the hackers have demanded $30m [about R565m] from TransUnion and $30m from Experian.
The hackers, in a message sent to the managers and directors of the impacted companies, stated: “Ensure your response teams contact us on Session [a private communication platform] for payment instructions.”
While acknowledging the demands, TransUnion and Experian refuted the group's allegations of an ongoing hack on their systems.
“Following recent media coverage, TransUnion South Africa confirms it is aware of a financial demand from a threat actor asserting they have accessed TransUnion South Africa’s data. We have found no evidence that our systems have been inappropriately accessed or that any data has been exfiltrated,” TransUnion said.
“We’ve likewise seen no change to our operations and systems in South Africa related in any way to this claim. We are continuing to monitor closely. We treat matters regarding our information security seriously, and data security remains our top priority,” they continued.
Previously, in March 2022, N4ughtysecTU claimed responsibility for targeting TransUnion in their ransomware campaign.
TransUnion South Africa later confirmed the hack, confirming that at least 3 million individuals were affected.
Apparently, the threat actors gained access to the personal data of over 54 million people, which included information about their dates of birth, ID numbers, gender, marital status, and other sensitive facts.
Experian also suffered a data breach in August 2020, reported by the South African Banking Risk Centre (SABRIC). The data breach compromised the personal information of around 24 million individuals and several business entities to a fraudster.
Karabo Phungula, an Experian data fraudster, was given a 15-year prison sentence in March by the Specialized Commercial Crimes Court for obtaining the dataset under false pretence.
DNA security is a concern that is often not talked about in the cybersecurity landscape. Personal information is what's buzzing these days.
The latest 23andMe data breach serves as a sharp reminder of a terrifying reality: our most important, private data may not be as safe as we believe. It's a striking picture of the blatant ignorance of corporations that profit from users’ DNA while overlooking to protect it.
Hackers gained access to 6.9 million users' personal information, like birth years, geographic locations, and family trees, due to the 23andMe breach. It raises several of important questions: Are organizations doing anything to safeguard our data? Should we put our most personal information in their hands?
The boldness of 23andMe and similar companies is amazing. They position themselves as defenders of our genetic heritage, as guardians of our ancient histories and possible medical destinies.
But when the trees are falling and our information is compromised, they use the excuse "It was because of the users' old passwords that led to hacking, not us."
Organizations that manage such private information should be pushed to the highest levels possible. This isn't only about credit card numbers or email addresses. We are talking about DNA, the template for our life. If whatever should be regarded as holy in the age of technology, it has to be this.
The DNA testing industry must do more. It has to guarantee that safety precautions are not only sufficient but also exceptional. They should be at the forefront of cybersecurity, setting the standard for all other industries to follow.
This is much more than just stronger passwords and multi-factor authentication. This is about an important change in how these organizations see the data with which they have been entrusted. It's about acknowledging their enormous duty, not only to their customers but to society as a whole.
It is past time for 23andMe and the DNA testing business to recognize that they are dealing with more than just data. They are concerned with people's lives, history, and futures. It's about time they begin handling users' data with respect.
The codes, which are a digital jumble of white and black squares that are frequently used to record URLs, are apparently commonplace; they may as well be seen, for example, on menus at restaurants and retail establishments. The Federal Trade Commission cautioned on Thursday that they could be dangerous for those who aren't cautious.
According to a report by eMarketer, around 94 million US consumers have used QR scanner this year. The number is only increasing, with around 102.6 million anticipated by 2026.
As per Alvaro Puig, a consumer education specialist with the FTC, QRs are quite popular since there are endless ways to use them.
“Unfortunately, scammers hide harmful links in QR codes to steal personal information,” Puig said.
The stolen data can be misused by threat actors in a number of ways: According to a separate report by FTC, the identity thieves can use victim’s personal data to illicitly file tax returns in their names and obtain tax refunds, drain their bank accounts, charge their credit cards, open new utility accounts, get medical treatment on their health insurance, and open new utility accounts.
In some cases, criminals cover the legitimate QR codes with their own, in places like parking meters, or even send codes via text messages or emails, luring victims into scanning their codes.
One of the infamous tactic used by scammers is by creating a sense of urgency in their victims. For example, they might suggest that a product could not be delivered and you need to reschedule or that you need to change your account password because of suspicious activity.
“A scammer’s QR code could take you to a spoofed site that looks real but isn’t,” Puig wrote. “And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realize it.”
According to FTC, some of the measures one can follow to protect themselves from scams are:
Nearly a million confidential data were stored in a DigitalOcean storage bucket that was accessible to everybody without the need for authentication. Given that the majority of the compromised files reveal children, leaking private information online in this instance is extremely dangerous.
The stolen data included:
The company's 96 school-specific apps are designed to facilitate online learning and allow parents and schools to communicate directly about their child's daily activities and academic progress. Over a million parents and over half a million pupils use the platform, according to the company's website.
Cybernews attempted to contact Appscook over the issue, but did not receive any response.
The data leak has raised concerns over the possible exploitation of the personal information by the cyber criminals. The disclosure of personal details, including home addresses and images, raises the unsettling possibility that unscrupulous individuals may try to coerce parents out of their children by taking advantage of their vulnerability.
According to Vincentas Baubonis, Information Security Researcher at Cybernews, “The leaked data about minors could have dire consequences, as this information can put children at physical risk by revealing their daily whereabouts. It can also be used by someone with malicious intent to impersonate school officials or manipulate children and parents.”
Threat actors could use the compromised personal information for identity theft, fraud, and targeted phishing attacks against the parents of these children, even though children might not be as vulnerable to digital fraud as adults are.
However, in the worst-case scenario, this data breach can increase the risk of child abuse. The researcher claims that uploading photos of kids online can draw unwelcome attention, even from predators.
The database, on the other hand, has been released in a popular cybercrime forum, Breach Forums.
It is significant to note that USDoD is the same hacker who compromised the FBI's InfraGard security platform last year, revealing 87,000 members' personal information.
In a post on Breach Forums, the hacker verified that web scraping was used to access the most recent LinkedIn information. Web scraping is a software-driven, automated process that extracts data from websites, usually with the purpose of obtaining certain information from web pages.
As revealed by Hackread, the leaked data included publicly available information regarding the victims’ LinkedIn profiles, such as full names and profile bios. While this data also contains millions of email addresses, the hackers could not get hold of the passwords.
Email addresses from senior US government officials and organizations are exposed in the leak. Email addresses from other international government agencies have also been found.
After analyzing more than 5 million accounts in the database, Troy Hunt of HaveIBeenPwned came to the conclusion that the data was a combination of information from other sources, including fraudulent email addresses and public LinkedIn profiles. Troy notes that the individuals, businesses, domain names, and a large number of email addresses are real, even though some of the information may be anecdotal or largely made up.
"Because the conclusion is that there’s a significant component of legitimate data in this corpus, I’ve loaded it into HIBP[…]But because there are also a significant number of fabricated email addresses in there, I’ve flagged it as a spam list which means the addresses won’t impact the scale of anyone’s paid subscription if they’re monitoring domains," Hunt explained.
This however was not the first time when the LinkedIn information was being leaked online by threat actors. A similar case happened back in April 2021, where 2 scrapped LinkedIn databases went on sale with 500 million and 827 million records. Also, in June 2021, a hacker sold a LinkedIn database that contained information about around 700 million users.
Protecting our online profile has become crucial in the current digital era. Keeping up with the most recent technologies and techniques is essential to safeguarding personal data and privacy in light of the constantly changing technological landscape. To assist you in navigating the complicated world of digital security, this article offers a succinct summary of key tools and procedures.
The help desk system, which is used by some of the largest companies in the world, such as FedEx and Zoom, is accessed by hackers using a password that was stolen, according to a statement released by Okta on October 20. Okta provides software that other businesses use to manage login accounts. The attack on Okta, which has already cost the company $2 billion in market valuation, has the potential to spread into a more serious issue because this data occasionally contains files that can be used to secretly access the systems of Okta clients.
There are already indications of this happening. On Monday, popular password management company 1Password revealed that hackers had gained access to some parts of Okta's computer network by using data they had taken from the help-desk portal. The company notes that the brief intrusion was limited to a system that manages “employee-facing apps” and that “no 1Password user data was accessed.”
Depending on how they utilize the service and the internal systems they have connected to it, other Okta customers might be at greater risk. Gruhbhub, Tyson Foods, T-Mobile, the pharmaceutical firm McKesson, the diagnostics company LabCorp, and Main Street merchants like Crate & Barrel and Levi's are among Okta's prime customers.
According to Kyrk Storer, a spokesman for Okta, the hack of the company's help-desk portal impacted about 1% of its more than 18,000 users. These victims have now been notified of the hack, the company confirms.
Supply-chain attacks are cyber breaches that use access to one organization to target other partners, suppliers, or customers of that company. Exploiting a victim’s supply chain to reach more targets has become a popular cyberattack tactic among hackers, taking into account the digital connectivity among companies. In recent years, cyber intrusion on IT management firms like SolarWinds and Kaseya and file-transfer software manufacturer MOVEit had severe global repercussions.
In most supply-chain assaults, hackers either discover or introduce a weakness in a popular software product, which they then utilize to access the systems of the firms that employ it. However, Okta attacks are not supported by any evidence that they involved software flaws. Instead, the hackers took advantage of extremely private consumer complaint submissions by utilizing login credentials they had obtained from a business that offered secure login software.
Customer service records are frequently mistakenly dismissed as being insignificant and obscure when compared to other types of data that companies maintain. Few organizations place the same emphasis on preserving this data as they do on safeguarding their clients' credit card information. However, a help desk system has an array of information about a business's clients and technological flaws, and the Okta attack indicates that hackers are becoming more aware of this.
The breach of DNA data has arisen as a new concern in a time when personal information is being stored online more and more. Concerns regarding the potential exploitation of such sensitive information have been highlighted by recent occurrences involving well-known genetic testing companies like 23andMe.
Apparently, the cyberattack has affected millions of customers worldwide, with the exception of individuals in the United States, Australia, Ukraine, and Tunisia. On September 30, Lyca Mobile learned of the intrusion and took immediate measures, including isolating and shutting down the vulnerable systems.
The company further confirmed that it has reported the issues to security experts, and an investigation is ongoing.
Lyca Mobile stressed in its official statement its commitment to minimize customer damage and pledged continued efforts to securely restore affected services.
The company has informed the appropriate regulatory authorities and is working closely with them. Lyca Mobile cautioned impacted users to be on the lookout for any unusual activity and to take extra precautions to protect their information.
The measures include resetting Lyca Mobile passwords, especially in case the user is using more than one account. Also, the company has urged online users to be cautious of unsolicited emails or any form of communication that asks for personal or financial information.
"Be suspicious of unsolicited requests for your personal or financial details. If you receive an e-mail which you're not sure about, treat it with caution, or if you have been a victim of fraud or cyber crime, contact your bank immediately and you should report this to the police," the company said in the statement.
"The security of your personal information is very important to us. As our investigation progresses, we will consider whether we need to take any further steps to help protect that information. While we hope to bring all of our systems back online as soon as possible, we are doing so carefully to minimize any further issues," it added.
The data compromised in the breach include identification information, such as names, addresses, and contact details, and interactions with customer service, recorded for up to 60 days.
Also, the online accounts include information of customer’s credit card information, where Lyca Mobile records the last four digits and expiration date, with the full number encrypted for enhanced security. However, the company does not retail the 3-digit CVV code.
Additionally, the issue has disrupted the operation of Lyca Mobile’s number porting functionality, temporarily preventing PAC code issuing. The company stated that it is attempting to resolve this problem and fully restart all services.
Users and the larger online community have recently expressed worry in the wake of stories of Starlink account hijacking. Because Starlink's account security framework does not use two-factor authentication (2FA), a vulnerability exists. Due to this flagrant mistake, customers are now vulnerable to cyberattacks, which has prompted urgent calls for the adoption of 2FA.
Cybercriminals have been able to take advantage of this flaw and get unauthorized access to user accounts because Starlink's security protocol does not include 2FA. A recent PCMag article that described numerous account hacks brought attention to this vulnerability. Users claimed that unauthorized access had occurred, raising worries about data privacy and possible account information misuse.
Online forums such as Reddit have also witnessed discussions surrounding these security lapses. Users have shared their experiences of falling victim to these hacks, with some highlighting the lack of response from Starlink support teams. This further emphasizes the critical need for enhanced security measures, particularly the implementation of 2FA.
As noted by cybersecurity experts at TS2.Space, the absence of 2FA leaves Starlink accounts vulnerable to a variety of hacking techniques. The article explains how cybercriminals exploit this gap in security and provides insights into potential methods they employ.
It's important to note that while 2FA is not infallible, it adds an additional layer of security that significantly reduces the risk of unauthorized access. This system requires users to verify their identity through a secondary means, typically a unique code sent to their mobile device. Even if a malicious actor gains access to login credentials, they would still be unable to access the account without the secondary authentication.
Addressing this issue should be a top priority for Starlink, given the sensitive nature of the information linked to user accounts. Implementing 2FA would greatly enhance the overall security of the platform, offering users peace of mind and safeguarding their personal data.
Recent Starlink account hacking events have brought to light a serious security breach that requires quick correction. Users are unnecessarily put in danger by the lack of 2FA, and this situation needs to be fixed very soon. Two-factor authentication will enable Starlink to considerably increase platform security and give all users a safer online experience.
An X post (previously tweeted) by user @vx-underground stated that a threat actor scraped data of over 2.6 million Duolingo users and posted it on the latest version of the hacking forum ‘Breached.’ BleepingComputer confirmed the breach in its recent post.
Apparently, the hackers gathered the data by manipulating existing vulnerabilities present in the Duolingo API, enabling access to user’s personal data, contact details, addresses, and much more, all by sending a valid email to the API.
The hackers further succeeded in finding active Duolingo users by feeding millions of email addresses to the vulnerable API. The email IDs were then used to create a dataset that contained public and non-public information. As an alternative, it is also feasible to supply a username to the API in order to obtain JSON output that contains sensitive user information.
But this is not the first time that this information has surfaced online. Falcon Feeds raised awareness of this problem via an X post in January. The scraped database was offered for sale for $1,500 on a previous iteration of the Breached hacker forum. Personal information about individuals, including email addresses, phone numbers, photographs, privacy settings, and much more, was revealed in the data.
Earlier, Duolingo had confirmed the data breach to TheRecord, assuring that it was investigating the issue. However, they did not mention that among the data was the private information of its users.
The most worrying aspect of this problem is that the corrupted API is still publicly accessible on the internet even though Duolingo first became aware of it in January. And, regrettably, this is not unexpected. Since most scraped data involves already-available information and is not the simplest to assemble into a credible threat, businesses frequently tend to ignore it.
In case of Duolingo, the breached data also involved sensitive data, that was not available publicly. While Duolingo is yet to address the issue, the most a user can do in this situation is modify their login credentials and/or delete their Duolingo accounts.