Hacker uploads about 1 billion user data in 2 months

A serial hacker who goes by the name of Gnosticplayers has released another 65.5 million records of users last week taking his grand total of 932 million records overall, with the consequences of the data pool as yet unknown. Since mid-February, Gnosticplayers has been putting batches of hacked data on Dream Market, which is a dark web marketplace for selling illegal products like hacking tools guns and drugs.

"The hacker's name is Gnosticplayers, and he's responsible for the hacks of 44 companies, including last week's revelations," the ZDNet reported late on Monday. The names of big companies that were hit included UnderArmor, 500px, ShareThis, MyHeritage and GfyCat. The releases have been grouped in four rounds -- Round 1 (620 million user records), Round 2 (127 million user records), Round 3 (93 million user records), and Round 4 (26.5 million user records).

"Last week, the hacker notified ZDNet about his latest release -- Round 5 -- containing the data of 65.5 million users, which the hacker claims to have been taken from six companies: gaming platform Mindjolt, digital mall Wanelo, e-invitations and RSVP platform Evite, South Korean travel company Yanolja, women's fashion store Moda Operandi, and Apple repair center iCracked," the report added.

Earlier in March, the serial hacker stole and posted personal data of close to 843 million users of various popular websites. The companies impacted include GameSalad, Estante Virtual, Coubic, LifeBear, Bukalapak and Youthmanual.

Facebook leaves passwords unencrypted



Facebook said there is no evidence its employees abused access to this data. The company said the passwords were stored on internal company servers, where no outsiders could access them. However, privacy experts suggested that users change their passwords.

The security slip left the passwords readable by the social networking giant's employees.

The issue was first reported by security researcher Brian Krebs, who published a blog post-Thursday detailing that Facebook employees built applications that captured the passwords of users and stored them as plain text, meaning a password would be readable just the same as it is entered to log in.

The blunder was uncovered during a routine security review early this year, according to Canahuati.

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," vice president of engineering, security, and privacy Pedro Canahuati said.

"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems," Pedro Canahuati, vice president of engineering for security and privacy at Facebook, wrote in a blog post. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable."

Most companies encrypt passwords to prevent them from being stolen in the event of a data breach or used for nefarious purposes by company employees.

The incident reveals yet another huge and basic oversight at a company that insists it is a responsible guardian for the personal data of its 2.3 billion users worldwide.

By storing passwords in readable plain text, Facebook violated fundamental computer-security practices. Those call for organizations and websites to save passwords in a scrambled form that makes it almost impossible to recover the original text. The blunder was uncovered during a routine security review early this year, according to Canahuati. 

Citrix Discloses Data Breach By International Cyber Criminals


An enormous data breach by "international cyber criminals" of the famous enterprise software company Citrix was unveiled a weekend ago, reporting the breach of its internal network.

The software company which is known to provide its services, especially to the U.S. military, the FBI, numerous U.S. organizations, and different U.S. government offices was cautioned by the FBI of foreign hackers compromising its IT systems and sneak "business documents," likewise including that the company did not know exactly which records and documents the hackers acquired nor how they even got in, in the first place.

In a blog post Citrix says that, “While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords. Once they gained a foothold with limited access, they worked to circumvent additional layers of security...”
"Password spraying” is an attack where the attackers surmise weak passwords to pick up an early toehold in the company's system in order to launch more extensive attacks.

The enormous data breach at Citrix has been distinguished as a part of "a sophisticated cyber espionage campaign supported by nation-state due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of the economy," said Rescurity, an infosec firm in a blog post.

The researchers at Resecurity shed all the more light on the episode when Citrix refused to disclose the numerous insights regarding the breach, guaranteeing that it had prior cautioned the Feds and Citrix about the "targeted attack and data breach."

In spite of the fact that Resecurity says that the Iranian-backed IRIDIUM hacker group hit Citrix in December a year ago and yet again on Monday i.e. the 4th of March and purportedly stole approximately 6 terabytes of sensitive internal files including messages, emails, blueprints and various other documents as well.

While this Florida-based company focused on the fact that there was no sign that the hackers bargained any Citrix product or service, and that it propelled a "forensic investigation," procured the best cyber security company, and took "actions" to skilfully secure its internal network.


Since the consequences of the Citrix 'security incident' are grave and they could influence a more extensive scope of targets, as the company holds sensitive data on other companies as well, including critical infrastructure, government and enterprises, therefore,  strict measures will be thusly taken to secure it inside-out.


Enterprise VPN Provider Citrix, Hacked; 6TB of Sensitive Data Stolen



Enterprise VPN provider, Citrix, was subjected to a hack which is doubted to have stolen private data pertaining to the company’s technology.

On Friday, Citrix told that FBI informed them about "international cyber criminals" working their way into the organization’s networks.

They were further told that most probably the criminals resorted to the technique of “password spraying” to break into the company’s networks. They did do by appropriately guessing the password to an account which belongs to the company.

The hackers involved are reported to be a part of an Iranian Hacking group which has attacked over 200 companies, along with multiple government agencies, technology firms and gas, and oil companies.

Referenced from a blog post by Resecurity, the cybersecurity firm contacted Citrix in an attempt to warn them about the hack which was on the way.

And, while refraining from telling the origins of the source from where the firm learned of the hack, it said that it "has shared the acquired intelligence with law enforcement and partners for mitigation."

While FBI denied commenting on the matter, Resecurity drew a connection between the hackers and a nation state, "due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy."

Citrix expressed a probability of business documents being acquired and downloaded by the attackers and told in a notice, "The specific documents that may have been accessed, however, are currently unknown."

"Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cybersecurity firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI," the company further included in the notice.



Asia Pacific is No 1 hunting ground for hackers

Global data from last year found that 64 per cent of all FireEye-managed detection and response customers were targeted again by the same or similarly motivated attack group -- up from 56 per cent in 2017 and Asia Pacific tops the list of malware report for 2019.

As organisations get better at detecting data breaches, hackers have become increasingly persistent, retargeting the firms they earlier broke into, US-based cybersecurity firm FireEye said on Monday.

A US-headquartered firm, Malwarebytes estimated an increase of 270% of malware detections amongst business in the Asia-Pacific region.

The financial services sector was seen to have the largest number of retargeted victims in 2018, particularly in the Asia-Pacific region, revealed the "FireEye 2019 Mandiant M-Trends Report". This trend is particularly relevant for the Indian market, given last year's cyber attack incidents at Cosmos Bank and State Bank of Mauritius.

Among the top ten countries that pose the biggest threat to malware, Asia Pacific tops the list with five countries.

Country                                          Biggest Threat

1. United States                              Information Theft
2. Indonesia                                    Backdoors
3. United Kingdom                         Information Theft
4. France                                         Information Theft
5. Malaysia                                     Backdoors
6. Thailand                                      Backdoors
7. Australia                                     Cryptomining
8. Germany                                     Information Theft
9. Brazil                                          Adware
10. Philippines                                Information Theft

"I encourage Indian firms to reassess their security posture and determine whether they can quickly detect and respond to intrusions," said Steve Ledzian, Vice President and APAC CTO, FireEye.

The Indian businesses must also determine whether "they know who is likely to attack them and how, and whether they have tested their security against human attackers in a red team scenario to try to spot weaknesses before their real world adversaries do," Ledzian said in a statement.

Singapore, a prized target

In Singapore alone, Malwarebytes saw a 180% increase in malware detections amongst the business sectors.

In the meantime, organisations appear to be getting better at discovering breaches internally, rather than being notified by an outside source such as law enforcement.

Hackers Targeting Retail Websites and Online Shoppers via Formjacking



With the advent of online shopping, the e-commerce market has skyrocketed and by 2022, the figures are expected to touch a whopping $150 billion. The ever-expanding arena of e-shopping has given cybercriminals even more reasons to exploit user data employing all new ways. The most recent hacking method which affects online shoppers is known as ‘Formjacking’.

What is Formjacking?

It is a virtual ATM skimming method which is employed by cybercriminals to insert malicious codes into retail websites. These codes are programmed to leak payment details of the shoppers along with their card details.

A report from Symantec suggests that every month, over 4,800 different websites fall prey to Formjacking. It has also been observed that the number of Formjacking attacks has been increased over the past year and the data is also being sold on the dark web.
Referencing from the report, “By conservative estimates, cybercriminals may have collected tens of millions of dollars last year, stealing consumers’ financial and personal information through credit card fraud and sales on the dark web, with a single credit card fetching up to $45 in the underground selling forums,”
Expressing concern on the matter, Greg Clark, CEO, Symantec, said “Formjacking represents a serious threat for both businesses and consumers,”
 “Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in Formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised,”



Massive HIV Data Leak: Thousands of Detailed Records Compromised.












In a recent major data leak in Singapore, thousands of HIV positive people’s records were compromised.


One of the victims of this leak was informed via a phone call that her record was out in the open along with those of approx. 14,000 others.

This enormous leak came off as really shocking to people as many of them were reluctant to let the fact surface in outer world.

The main target which has emerged in this database leakage incident is the Singaporean media.

The government said that a local doctor who had an American partner, who had access to all the records in question, is the main person who’s at fault.

Reportedly, according to the authorities the leak has been contained but an extreme emotional damage has been caused to the HIV infected.

In Singapore, as mandated by the law, the aforementioned victim’s HIV status was added to the national database.

The HIV registry was set up in 1985 by the ministry of health to keep a check on the infection and potential cases’ status.

The previously mentioned database is the one which got compromised accompanied by the names and addresses of more than 14,000 people.

According to the sources the name of the American partner has been reported to be as, Mikhy Farrera-Brochez. The data and the access to the registry had been wrested from his Singaporean doctor partner.

Mikhy couldn’t work in Singapore because as the Singaporean law states so. But he got convicted of fraud because he used someone else’s blood to pass a mandatory HIV test.

According to Mikhy there is more to the story of the leakage and it’s not just him who’s behind it all. He also said that he had contracted HIV in prison and that he was denied medication.

He also blamed Singapore for using the HIV database for keeping track of gay men in the country because same-sex sex there is illegal.

To this accusation Singaporean authorities have replied negatively and cited that the statement is absolutely untrue.

Singapore’s health minister is working with the authorities of the US regarding the case.
Earlier there was a total ban on people with HIV entering the borders of Singapore, which got lifted in 2015.

But the people who have married Singaporean citizens or have permanent residencies in the country could dodge it.

This leak has come as a shock as well as emotionally degrading. This chaotic circumstance has made the citizens question the way records are kept in security.

One of the senior doctors who have been working on safeguarding the interests of the HIV patients in Singapore said that many implementations exist which restrict the doctors from accessing such records.

This incident has wreaked a lot of emotional havoc to people who are infected and whose names are in those compromised records.

The victims aren’t even sure that whether the leak has actually been contained or not.

This leaked information could ruin a lot of lives and careers for the infected.

The victims are seriously concerned about the diaspora of the detailed information and the compromised records.



Over 30 Thousand Patient Records Exposed; Third-Party Breach To Blame




Cyber-cons recently targeted another health target. ‘Managed Health Services of Indiana Health Plan’ in recent times went public regarding the third-party data breach they had gotten imperiled by, which exposed 31,000 patients’ personal details out in the open. 


This breach was the result of one of the two security incidents that the institution had to face.



There are two major healthcare programs, namely, ‘Indiana’s Hoosier Healthwise’, and ‘Hooseir Care Connect Medicaid’ which this organization runs.


The MHS were informed about the breach by one of its vendors. The information was regarding someone having illegitimately gained access to their employees’ email accounts.


Disconcertingly, according to the reports, the unauthorized accessed had occurred between the month of July and September, last year.


During the investigation initiated by the MHS, it was found out that patients’ personal data including their names, insurance ID numbers, dates of birth, dates of services provided and their addresses were all potentially out in the open.


As the investigation unfolded, it was discovered that the incident was caused due to a phishing attack on the vendor’s system.


Rapid steps were taken by the vendor to counter the attack by the aid of a computer forensic company.


Some of the information in the email accounts that were affected was laid out pretty bare to be accessed. The email accounts “hacked” were the main source of information.


The easiest trick to harvesting personal data is performing a phishing attack. The phishing attack anywhere in the entire chain could affect all the people involved.


As a result of the overall effect on the chain, 31,ooo people got affected and had their data exposed and out in the open.


 Reportedly, this has been the 4th in the list of attacks made on the health plans, that too in the last month alone.


It gets evident after such an attack, that the health-care industry exceedingly requires better management and security cyber systems.

NASA On Hack Alert: Personal Data And Servers Compromised!




NASA’s recently been victimized by a data breach on its server that laid bare Personally Identifiable Information (PII) of its former and present employees alike.



The breach surfaced as a result of an internal security audit conducted by NASA. It was realized that the social security numbers and other PII was available on the compromised server.


 It was only after a couple of months that the NASA employees were notified about the unfortunate issue, given that the security experts had gotten wise about it in the month of October.


When the employees came up with the concern regarding their stolen data, that’s when they were alerted about it all.


The matter will take a lot of looking into and is a concern of top agency priority. The examining of the servers is going on at full speed.


Needless to say, NASA and federal cyber-security are keenly trying to settle on the severity of the exfiltration and the identity theft of the possibly affected.


According to what NASA has cited, none of its missions or secret data was compromised and everything is under control. Identity protection has also been offered to those who were supposedly affected by the compromised data.


NASA has also alluded that the civil service employees of NASA who were detached from the actual agency may have been subject to this hacking attack.


Reportedly, Instantaneous efforts were made to safeguard the servers and it was affirmed that individuals’ security is being taken very sincerely; also for NASA, as its spokespersons have mentioned, data security is paramount.


‘Aaron Smith’ Sextortion Scam Appears To Leverage On The Necurs Botnet Infrastructure




Sextortion scam campaigns that seem to leverage on the Necurs botnet infrastructure have been as of late revealed by security specialists from Cisco Talos. The specialists investigated the two campaigns, and named them 'Aaron Smith' sextortion scams after the 'From: header' of the messages.

In October the specialists the Cybaze ZLab detected a scam campaign that was focusing on a few of its Italian clients, crooks used credentials in Break Compilation Archive.

These law breakers utilize email addresses and cracked passwords acquired through phishing attacks and information breaches to convey the scam messages to potential unfortunate victims putting on a show to be in control of videos and indicating them while viewing these explicit videos and the scammer in turns requesting an installment in cryptocurrency for not sharing the video.

The Aaron Smith campaigns conveyed an aggregate of 233,236 sextortion messages from 137,606 unique IP addresses as revealed by the Cisco Talos.





 “Talos extracted all messages from these two sextortion campaigns that were received by SpamCop from Aug. 30, 2018 through Oct. 26, 2018 — 58 days’ worth of spam.” reads the analysis published by Talos.
Every message sent as a part of these two sextortion campaigns contains a From: header matching one of the following two regular expressions:
From =~ /Aaron\d{3}Smith@yahoo\.jp/
From =~ /Aaron@Smith\d{3}\.edu/ “

In total, SpamCop received 233,236 sextortion emails related to these “Aaron Smith” sextortion campaigns. The messages were transmitted from 137,606 unique IP addresses. The vast majority of the sending IP addresses, 120,659 senders IPs (87.7 per cent), sent two or fewer messages as a part of this campaign. “

As indicated by them, every sextortion spam message incorporates an installment request that arbitrarily differs from $1,000 up to $7,000 and the quantity of distinct email addresses targeted in the campaigns was 15,826, every beneficiary accepting by and large a 15 sextortion messages. In one case, a beneficiary alone got 354 messages.

Researchers found that around 1,000 sending IP addresses utilized in the Aaron Smith campaigns were additionally engaged with another sextortion campaign dissected by the experts from IBM X-Force in September and that ultimately leveraged the Necurs botnet as well.

Some of the top nations sending sextortion messages incorporate Vietnam (15.9 per cent), Russia (15.7 per cent), India (8.5 per cent), Indonesia (4.9 per cent) and Kazakhstan (4.7 per cent).


BrahMos Engineer Arrested on Charges of Spying for Pakistan’s Intelligence Agency ISI





Nishant Agrawal, an engineer from the BrahMos Aerospace Private Limited in Nagpur was arrested in a joint operation by the Military Intelligence and the Uttar Pradesh and Maharashtra police, following a tip.

Arrested on Monday on charges of spying for Pakistan's intelligence agency ISI and various other countries, Nishant was accused of passing on classified and secret information to the Inter-Services Intelligence of Pakistan in addition to other countries as well. Experts, in any state, clarified that he worked at the integration facility and were uncertain whether he had access to any classified information or not.

Nonetheless he will be charged under the Official Secrets Act, following which his home and office computers have already been seized. The police are still investigating whether he was "honey-trapped" by Facebook IDs in the name of women, which have been traced to Pakistan.

"Very sensitive information was found on his personal computer. We found evidence of him chatting on Facebook with Pakistan-based IDs," said Aseem Arun, the chief of the anti-terror squad of Uttar Pradesh.

Nishant has worked in the technical research section of the missile centre for four years, studied at the National Institute of Technology in Kurukshetra, and was also a gold medallist, described as a very bright engineer.

Presently there are two other scientists working in a Defence Research and Development Organisation (DRDO) lab in Kanpur who are being monitored for more suspicious activity and the situation is being monitored as this is occurrence is the first spy scandal to hit the Brahmos Aerospace, considered the world's fastest cruise missile.



42 Million Emails And Passwords Uploaded To A Free, Public Hosting Service

 

A database comprising of a collection of a total number of 42 million records was uploaded on an anonymous file hosting service kayo.moe. recently. The collection included unique email addresses and plain text passwords alongside partial credit card data.

Troy Hunt, Australian security researcher and creator of the Have I Been Pwned data breach index site, was requested to analyze and check whether it was the aftereffect of an obscure data breach. He could determine that more than 91% of the passwords in the dataset were at that point already accessible in the Have I Been Pwned collection and that the filenames in the said collection don't point to a specific source in light of the fact that there is no single example for the breaches they showed up in.

In light of the format of the data, the list are in all probability expected for credential stuffing attacks, which consolidate into a single list cracked passwords and email addresses and run them consequently against different online services to hijack the user accounts that match them.

Sample of data from lists sent to Hunt

The reason for the utilization of the credential stuffing attacks lies behind the fact that these attacks, while exploiting the users, for convenience are probably going to reuse those credentials on various other sites.

"When I pulled the email addresses out of the file, I found almost 42M unique values. I took a sample set and found about 89% of them were already in HIBP which meant there was a significant amount of data I've never seen before.” Hunter wrote on a blog post.

The database contained an overall of 755 documents totalling 1.8GB.

Users are constantly encouraged though to utilize solid as well as diverse passwords for various accounts. Continuously empower multifaceted validation.


Two financial institutions investigating hacks, customer data may have been leaked


Bank of Montreal (BMO) and CIBC-owned Simplii Financial on Monday revealed that data of thousands of customers may have been breached in recent hacks on Canada’s two of the largest financial institutions.

The banks warned that “fraudsters” may have accessed some customer accounts.

Simplii Financial, which is CIBC’s direct banking brand, revealed that data from 40,000 client accounts may have been electronically accessed by fraudsters. BMO similarly said that it received a tip on Sunday that claimed the confidential information of “a limited number of customers” had been accessed.

Simplii said that it has “implemented additional online security measures”, which include online fraud monitoring and online banking security measures.

“We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures,” said Michael Martin, senior vice president of Simplii Financial, in a statement. “We feel that it is important to inform clients so that they can also take additional steps to safeguard their information.”

BMO said the hack appeared to have originated outside Canada. The tipsters, in BMO’s case, were reportedly the hackers themselves.

"We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off," BMO said. "We have notified and are working with relevant authorities as we continue to assess the situation. We are proactively contacting those customers that may have been impacted and we will support and stand by them."

"If a client is a victim of fraud because of this issue, we will return 100 per cent of the money lost from the affected bank account," a press release by Simplii said, adding that there is no indication that clients who bank through CIBC have been affected.

The bank also told customers to send any suspicious correspondence to fraud@simplii.com.


Data Breach leads to leak of personal details of cryptocurrency users

Researchers at Kromtech Security have discovered a MongoDB database that contains the personal details of over 25,000 users who have invested in the John McAffee-backed bezop (BEZ) cryptocurrency.

The leak exposed confidential information of investors such as full names, home addresses, email addresses, encrypted passwords, wallet information, and even scanned passports, driver's licenses, or IDs.

The leak reportedly occurred while the firm’s dev team was dealing with a DDoS attack on January 8, according to an announcement on Bezop’s Medium account.

The information stored on the database is related to a “bounty programme” that was run earlier this year where Bezop handed out tokens (about 4,045,343 Bez) to users promoting their cryptocurrency on social media.

The database reportedly contained personal and confidential details of over 6,500 ICO investors, while the rest were from users who were given tokens as part of the bounty programme.

The server has been secured, according to Bezop.


"That database has since been closed and secured," the Bezop team said this week. "Investor identity cards were also not stored on the database rather a URL link to them. This is also offline now."

Bezop also said that the team had already notified users of the breach in January.

The data was supposedly exposed online until March 30, when Kromtech researchers found the MongoDB database on a google cloud server without any authentication system in place, allowing easy access to anyone who was able to connect to it.

150 million MyFitnessPal users affected in Under Armour data breach

Under Armour on Thursday announced that over 150 million customers using MyFitnessPal, its nutrition tracking app, were hit by a data breach in late February, earlier this year.

According to Under Armour, they discovered the breach earlier this week and said that an “unauthorised party” had acquired this data. Once they were aware of the breach, they took steps to alert the users using in-app messages as well as email.

They are currently working with data security firms and coordinating with law enforcement authorities to get to the bottom of the breach.

"The investigation indicates that the affected information included usernames, email addresses, and hashed passwords—the majority with the hashing function called bcrypt used to secure passwords," the company said in a statement.

Under Armour said that the attackers would not have been able to access information such as users' Social Security numbers and driver's license numbers, or payment information, in the breach but usernames, email addresses, and password data were taken.

The company is now urging MyFitnessPal users to change their passwords immediately, along with reviewing any suspicious activity in their account. It has also warned its users to be cautious of any emails or unsolicited messages in light of the breach, and to not give away personal data.

The app lets people track their calorie intake, diet, and exercise routines, and was acquired by Under Armour in 2015 for $475 million.

Hacker Group threatens students and schools

According to a warning issued by the Cyber Division of the FBI and the Department of Education's Office of the Inspector General on 31 January, a hacker group called “TheDarkOverlord” (TDO) has tried to sell over 100 million private records and as for January, is responsible for over 69 attacks on schools and other businesses.

TDO is also allegedly responsible for the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms.

The warning describes the group as “a loosely affiliated group of highly trained hackers” who, since April 2016, have “conducted various extortion schemes with a recent focus on the public school system.”

The warning says that TDO uses remote access tools to breach school district networks and steal sensitive data, which they then use to extort money from its victims, including students.

According to the report, TDO has also threatened violence in case of failure to meet demands.

Initially, TDO communicated their demands via email with threats of publicly releasing stolen data, but the warning notes that in September 2017, “TDO escalated its tactics by threatening school shootings through text messages and emails directed at students, staff, and local law enforcement officials.”

This caused several schools to shut down for few days as a precaution.

TDO was allegedly connected to multiple threats of violence on school campuses, however, the report says that while these threats caused panic, they “provided TDO with no apparent monetary gain.”

In a recent incident, TDO threatened to publicize the sensitive behavioral reports and private health information of students.

The FBI also recommends that victims do not give in to the ransom demands, as it does not guarantee regaining access to sensitive data. Rather, they advice to contact law enforcement, retain the original emails as evidence, and maintain a timeline of the attack, if possible.

Hacker sold Comcast's customers account information online

If we had to believe news reports, one hacker had sold , Comcast Corporation, formerly registered as Comcast Holdings is an American multinational mass media company and the largest broadcasting and largest cable company in the world by revenue, customers’ account information.

A news published in Chicago Tribune confirms that the concerned company has notified its 200,000 customers to change their email passwords after discovering their account information had been sold online via one website named “the dark web”, which is a collection of websites using anonymity tools to evade surveillance.

The spokesperson of Comcast confirmed that some 590,000 customers’ email accounts, including their names and passwords were put online for selling.

"The vast majority of the information that's out there was not accurate," Comcast spokeswoman said. "We discovered that about a third of the 590,000 were accurate.”

The hacker, who sold the account information, dubbed Orion said that he obtained the credentials when he popped a Comcast mail server in December 2013.

He told Vulture South that the breach yielded 800,000 Comcast credentials of which 590,000 contained cleartext passwords.

"So in 2013 December the f****s at NullCrew came across an exploit for Zimbra which Comcast used at this domain *****.comcast.net ," Orion says. "NullCrew only got [about] 27k emails with no passwords lol while I got 800k with only 590k users with plaintext passwords."

However, the company said it had "no evidence" of the December breach in which the then Zimbra directory traversal vulnerability (CVE-2013-7091) was exploited to gain access to the credentials.

The Recent TalkTalk security breach affects 157,000

Cyber attack on TalkTalk website has affected nearly 157,000 of its customers’, revealing  their personal details, company wrote on their website.

 The company said that customers should continue to reject any phone calls, text messages and emails. More than 15,600 bank account numbers and sort codes have been accessed.

TalkTalk have lost about a third of their share value since the news of the cyber-attack.

According to the firm  4% of their customers data are at risk. TalkTalk said: “Our ongoing forensic analysis of the site confirms that the scale of the attack was much more limited than initially suspected. It was a difficult decision to notify all our customers of the risk before we could establish the real extent of any data loss. We believe we had a responsibility to warn customers ahead of having the clarity we are finally able to give today.”

TalkTalk issued an updated statement stating:

  • In The total number of customers whose personal details were accessed is 156,959;
  • Of these customers, 15,656 bank account numbers and sort codes were accessed;
  • The 28,000 obscured credit and debit card numbers that were accessed cannot be used for financial transactions, and were ‘orphaned’, meaning that customers cannot be identified by the stolen data.

The company said that they have contacted the customers whose financial details were stolen, and will contact other affected customers “within the coming days”.

The cyber attack on TalkTalk's website happened on 21 October. Initially the firm described attack as "significant and sustained",  and stolen data includes names, addresses, dates of birth, telephone numbers and email addresses.

A 16-year-old  has been released this week, who was fourth accused in this case.

Till today four people have been arrested, includes three teenagers: a boy of 15 in Northern Ireland, a 16-year-old boy from west London, a 20-year-old Staffordshire, and a 16-year-old boy in Norwich. All four have been released on bail.


Cyber Attack on America’s Thrift Stores exposes credit card numbers

A charity store chain, America’s Thrift Stores discovered on Friday (October 09), that it had been become the victim of a malware-driven security breach which originated from a third-party service provider’s software to process credit card payments in Alabama, Georgia, Louisiana, Mississippi and Tennessee.

America’s Thrift Stores is a for-profit organization which operates 18 donations-based thrift stores throughout the southeast United States that collects used clothing and household items from local communities and sells them for a profit, which it shares with Christian charities.

The Birmingham-based company’s CEO, Kenneth Sobaski declared ina statement released that no customer names, phone numbers, addresses or emails were exposed, but credit card numbers were revealed.

The hack appears to have affected transactions between September 01 and September 27.
The organization cautioned the customers who feared for their data to be compromised to contact their card issuer or bank immediately, and to report any suspicious activity was discovered.

The malware has been removed from the stores’ computers, and purchases outside of those dates should not be at risk.

Security journalist, Brian Krebs stated in his blog that there were indications that data stolen from America's Thrift Store was already being used to create new counterfeit cards with details obtained from several banking sources who confirm a pattern of fraud on cards used at America’s Thrift Stores.

The company assured that U.S. Secret Service is investigating the breach.

The store chain employs over 1,000 employees and turns donated items into revenue to its non-profit partners for their causes. The store chain is estimated to pay out over $ 4 million annually toward its partners.

This store chain is not the only charity organization whose systems have been targeted by cyber criminals.

Last year, Goodwill Industries International’s system was breached which processed payments for twenty Goodwill members, representing roughly 10 percent of all stores.

Its investigation revealed that the attackers had access to the third party vendor’s systems for a year and a half, and leveraged point-of-sale (PoS) malware to steal data which they used for fraudulent purchases.

In these breaches, the problem does not arrive with the Operating system but the biggest problems have to do with various levels of access being given to third party businesses. The organizations fail miserably in protecting their level of access that makes these breaches possible and damaging.

The breach of America’s Thrift stores may be the repetition of Target breach that took place recently. Using easy passwords across the gamut of critical systems lead to such hacks. The Target’s security breach should have been a huge wake-up call for businesses everywhere to adapt and evolve their IT security practices.

Huge card breach at Hilton Hotel properties


Hilton Worldwide Holdings, Inc., an American global hospitality company formerly known as Hilton Worldwide and Hilton Hotels Corporation, has started its investigation after a security researcher Brian Krebs claimed that some hackers had compromised credit card data in gift shops and restaurants at a “large number” of Hilton Hotel and franchise properties across the United States.
   
The researcher said that the hackers broke into point-of-sale machines.

However, it is not clear that how many Hilton properties might get affected by the incident, that might have happened date back to November 2014, and may still be ongoing.

“In August, Visa sent confidential alerts to numerous financial institutions warning of a breach at a brick-and-mortar entity that is known to have extended from April 21, 2015 to July 27, 2015. The alerts to each bank included card numbers that were suspected of being compromised, but per Visa policy those notifications did not name the breached entity,” the researcher added.

He said that other five different banks had said that the common point-of-purchase for cards included in that alert had only one commonality. They were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts.

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” the company said in a statement. “We have many systems in place and work with some of the top experts in the field to address data security.  Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace.  We take any potential issue very seriously, and we are looking into this matter.”