Monthly Breach Report: January 2020 Edition on Jan 17, 2020
Protecting organizations against data breaches, where valuable personal information and intellectual property are compromised, is both a global economic issue as well as a critical management issue for every business. With a hacking attack happening every 39 seconds, organizations need data protection measures in place to survive.
Most organizations simply didn’t know where their most sensitive data exists or to what degree it could be impacted in a breach (step #1 in being able to protect sensitive data). These organizations could have been more prepared – The Top Questions You Should be Asking >>
Below, we outline some of the top data hacks that took place in December of 2019:
1. iPR Software
Dec 10, 2020: US-based iPR Software, PR and marketing provider, became the target of a data breach when it leaked personal information of several global brands like GE, Dunkin’ Donuts, Forever 21 and more.
UpGuard researchers in October 2019 discovered the data leak when it found a misconfigured Amazon S3 storage bucket originating from iPR Software. Reports claim that the database comprised of key information related to 477,000 clients’ media contacts, business entity account information, 35,000 hashed user passwords, assorted documents and administrative system credentials who leveraged the iPR Software’s platform.
According to UpGuard, “In addition to the database files, the storage bucket contained documentation from iPR developers, documents which appear to be marketing materials for client companies, and credentials for iPR accounts on Google, Twitter and a MongoDB hosting provider.”
UpGuard claimed apart from the user accounts, the files stored in these customers’ directories and data of large businesses such as California Courts, CenturyLink, Nasdaq, Xerox and Mercury Public Affairs.
Dec 13, 2020: Mixcloud, British online music streaming service, admitted to a data hack that compromised the personal information of approximately 20 million users.
An official statement from Mixcloud said, “We received credible reports this evening that hackers sought and gained unauthorized access to some of our systems. Our understanding at this time is that the incident involves email addresses, IP addresses and securely encrypted passwords for a minority of Mixcloud users. The majority of Mixcloud users signed up via Facebook authentication, in which cases we do not store passwords.”
While the business didn’t share details regarding the scale of the breach, it divulged that the hacker put the users’ personal data on sale on the dark web for 0.5 Bitcoin ($3,650).
The UK-based business further stated that the users with a separate password to access their Mixcloud account were safe from this attack and the users who signed up to their account using their Facebook details were the ones impacted by this breach. Meanwhile, Mixcloud has advised all customers to reset their passwords.
3. Love, Bonito
Dec 17, 2020: Looking at the growing data breach trend, it appears that no business is safe from cybercriminals. Last month, Singapore-based online fashion label, Love, Bonito encountered a nasty data breach as well. The incident came to light when a “malicious code” made its way into the retailer’s e-commerce website. The compromised personal information included details, such as, customer’s first and last names, shipping addresses, dates of birth, e-mail addresses, phone numbers, order details, billing addresses, payment type and credit card information.
The fashion giant has clarified that the breach affected approximately 3% of its overall customers.
To avoid such data breaches from happening again, Love, Bonito has inked collaboration with a data security expert to carry out a forensic probe and scrutinize security controls.
Apart from informing the Personal Data Protection Commission and the police about the breach, the business major has decided to set up a credit monitoring service and advised clients to undertake a detailed review of their payment card and bank statements to identify the gaps.
Source: The Straits Times
Dec 9, 2020: India-based telecom giant Airtel, currently ranked the third-largest mobile network in India, witnessed a massive security breach last month that exposed the personal information of over 300 million users.
Bengaluru-based security researcher, Ehraz Ahmed, identified the breach. While Airtel rectified the security flaw in its app when informed, Ahmed said that the incident poses a security threat to every user part of Airtel network.
While confirming the breach, Airtel said that the security flaw associated with its app’s API (application programming interface) offered access to important user data, such as name, emails, date of birth, residential address, and the IMEI number of the device. The IMEI number helps to identify the used device.
Source: The Week
5. City of Pensacola
Dec 10, 2020: A cyberattack hit the city of Pensacola, FL impacting the computer networks, landlines, the 311 customer service lines, and online bill payments for Pensacola Energy and City of Pensacola Sanitation Services. Pensacola is home to over 50,000.
According to an official statement, “The City of Pensacola’s Technology Resources Department is continuing to work diligently to address a cyberattack that occurred early Saturday morning, Dec. 7. As a result of the incident, Technology Resources staff disconnected computers from the city’s network until the issue can be resolved.”
Reports said that emergency dispatch services and 911 were available uninterrupted along with the city’s website (cityofpensacola.com) and online permitting services (mygovernmentonline.org). Until now, details related to how the breach happened, what type of data got compromised or if it was a malware or ransomware driven attack are not clear.
Source: Search Security
6. British American Tobacco
Dec 4, 2020: UK-based British American Tobacco (BAT) broke the news of a ransomware attack and data breach on its web platform that impacted close to 352 GB of data.
The hacked Elasticsearch server, located in Ireland, comprised of a readme file with a ransom request that threatened to delete the data in case demand of Bitcoin was not fulfilled. The breach involved users sensitive Personally Identifiable Information (PII), such as, full name, phone number, date of birth, gender, source IP, cigarette and tobacco product preferences.
Noam Rotem and Ran Locar, internet privacy researchers from vpnMentor, discovered the breach on a server connected to the web platform YOUniverse.ro. According to vpnMentor, the web platform is part of a BAT Romania promotional campaign aimed at adult smokers.
7. New Orleans
Dec 16, 2020: Just a few days back after the Pensacola government faced cyber-attack, a ransomware attack hit the New Orleans government impacting over 4,000 of the city’s computer systems.
Most city employees were unable to access the information they rely on to do their jobs. For example, the police were unable to run background checks during this time.
The Chief Administrative Officer, Gilbert Montano said, “the cost of rebuilding the city’s computer network is nearing $1 million.”
Dec 16, 2020: Security researchers last month uncovered a massive data leak comprising highly sensitive web browsing records stored in the Elasticsearch database owned by South Africa –based IT company Conor. As part of a web mapping project, vpnMentor’s research team identified the breach in Conor’s databases comprising more than 890GB of data and over 1 million records.
The breach exposed data related to user activity logs comprising website URLs, IP address, index names, and MSISDN codes which identify the mobile users on a particular network.
Conor develops software products for customers in Africa and South America from different sectors comprising finance, mobile internet, SMEs and data monetization. Conor’s list of clientele comprises Vodafone and Telkom.
Source: SC Magazine
Dec 2, 2020: A database belonging to TrueDialog became the target of a data leak when it allowed unauthorized access to information comprising text messages, names, addresses. VPNMentor researchers identified the security loophole and notified TrueDialog after which the closure of the database happened.
TrueDialog is an Austin-based SMS provider that allows the US companies, colleges and universities to send bulk text messages.
Since the compromised information includes more than 10 million SMS messages sent and the technical log, it poses threats like corporate espionage, account takeover, identity theft, and phishing attempts.
Dec 17, 2020: China-based retailer LightInTheBox became the target of a data hack after it allowed open access to 1.3TB of data containing 1.6 billion shopper records for three months last year.
VPNMentor in November 2019 discovered this major data lapse. Soon after identifying the security gap, VPNMentor notified LightInTheBox. VPNMentor also said that the Chinese enterprise could have been successful in avoiding this security breach if they would have implemented correct access rules and secured the servers.
VPNMentor’s Noam Rotem and Ran Locar, said, “The exposed data makes those affected vulnerable to many forms of fraud and online attacks. With access to user emails, cybercriminals could create convincing phishing campaigns with emails imitating LightInTheBox. With a website user’s IP address, we were able to identify their city of residence. If a criminal hacker had access to this, along with the other data exposed, they could trick a victim into revealing their home address, and target them for theft and home robbery.”
Dec 17, 2020: Prominent British designer jewellery brand Missoma reported a data leak last month when a third-party malicious software targeted the online platform’s payments page.
According to a notification issued by Missoma, customers’ Personal Information (PI), which may have included name, address, email address, long card number and CVV number, were put at risk following the data hack.
The customers who bought items through PayPal were not impacted and clients who used debit or credit cards face the risk of identity theft. The popular jewellery brand inked collaborated with external forensic experts to resolve the issue.
Source: Jewellery Focus
Dec 19, 2020: Facebook is in the news again. Over 267 million Facebook users became the target of a data breach last December when their Personal Information (PI) got exposed in an online database that collected names, Facebook IDs and phone numbers. Cybersecurity firm Comparitech in partnership with security researcher Bob Diachenko found this gigantic data leak.
Reports state that the database made its first online appearance on Dec 4th and the public sharing of the data happened on Dec 12th. Although the database isn’t available online currently, there are chances that the leaked information could get misused.
Researchers traced the origin of the database to Vietnam. The database was no longer available for access from Dec 19th after the researchers informed the internet service provider managing the IP address of the server.
Comparitech issued an advisory to Facebook users to modify their privacy settings to “friends” or “only me” option.
2019 proved to be a tough year for Facebook. In September last year, a similar database breach hit the social media giant that compromised over 400 million Facebook user IDs and phone numbers.
Source: Digital Trends
Dec 19, 2020: Pennsylvania-based Wawa Inc. confirmed a countrywide malware attack on its payment processing servers. The information security team of Wawa discovered the gap. The convenience store and gas station chain are expecting that the data hack may have gathered key customer information such as card numbers, customer names as early as March 4th.
Wawa CEO Chris Gheysens said that the breach impacted customers who used in-store payment terminals and fuel dispensers. He further added that the malware doesn’t pose a threat to the customers who use credit cards now because on Dec 12th the issue was resolved.
According to an official statement issued by Gheysens, “We take this special relationship with you and the protection of your information very seriously. I can assure you that throughout this process, everyone at Wawa has followed our longstanding values and has worked quickly and diligently to address this issue and inform our customers as quickly as possible.”
Presently, Wawa enjoys presence across 850 locations in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington, D.C.
Meanwhile, Wawa suggested customers get in touch with its toll-free call center 1-844-386-9559 for any issues and assistance.
Dec 19, 2020: Smart home security company Ring were in for a rude shock when information of 3.672 users was available online for unauthorized access. The breach impacted the Ring Camera users as the breached information comprised data related to usernames, emails, passwords, time zones and details related to camera locations used at their homes.
California-based Amazon-owned business informed the impacted customers and requested them to reset passwords and opt for two-factor authentication to ensure account protection.
Security experts believe that the breached data format follows the company’s database format.
Dataguise understands the importance of data privacy and how frustrating data breaches can be for consumers and the businesses entrusted with their data. Although anyone can be a target, Dataguise DgSecure provides enterprise solutions for businesses small and large to combat these threats while ensuring all sensitive data across an organization is accounted for, protected, and compliant with industry and global data privacy laws. To learn more about Dataguise DgSecure, contact us for additional information.