Search This Blog

Showing posts with label Database Leaked. Show all posts

Raychat App Suffered a Data Breach of 150 Million Users

 

Around 7:20 a.m. on Monday, May 3, 2021, the database was first made public on a prominent Russian hacker website. It was unclear if these documents were stolen from the Raychat app's servers or whether they were a result of a recent data breach, which occurred on January 31st, 2021, as a consequence of a misconfigured database discovered by IT security researchers Bob Diachenko. 

Diachenko posted a series of tweets about the Raychat application on Twitter. He said that a misconfigured server leaked the entire database of the Raychat app. According to the researcher, the database contained over 267 million accounts with information such as addresses, addresses, passwords, metadata, encrypted messages, and so on. 

He also claimed that he had not received a response from the organization after Diachenko received a response from an Iranian Twitter user. He shared a screenshot of a tweet from the Raychat app confirming that no data had been compromised. 
 
The data was allegedly leaked by a threat actor on a well-known hacker website, Raid Forum. He said that they downloaded the data until the meow attack erased it. The data seems to be genuine, and millions of Iranians' personal information has been made public. The leaked data includes names, IP Addresses, email addresses, Bcrypt passwords, Telegram messenger IDs, etc.

Despite the fact that Iranian hackers have been blamed for increasingly advanced attacks against their adversaries, Iranian civilians have been one of the most overlooked victims of data breaches in recent years. For example, a database allegedly belonging to the Snapp app (Iranian Uber) leaked "astonishingly sensitive details" of millions of users on an unreliable MongoDB server in April 2019. 

52,000 Iranian ID cards with selfies were sold on the dark web in April 2020 and later leaked on the open web. The personal information and phone numbers of 42 million Iranians were sold on a hacker forum in March 2020. The database was first revealed on an Elasticsearch server by a misconfigured database. 

It's now up to the victims to be more cautious. They should be wary of email-based phishing attacks. Users should not click on links in texts or emails because they could be scams. By breaking into a user's phone, they could further intrude on their privacy.

Apple will pay $100 million to Russian hackers for leaking data on new products

Apple's database was hacked due to cybersecurity deficiencies of the Taiwanese equipment manufacturer. The stolen information is estimated at $50 million, and the Russian hacker group is to be blamed.

Quanta, which produces MacBooks and peripherals for Apple, reported hacking of its own system and theft of engineering, production schemes of current and future products. We are talking, in particular, about the Air 2020, M1 2020 model of laptops and an unreleased copy with additional ports.

The group, described as the most dangerous in global cyberspace, REvil, sent an extortion message to Apple with samples of stolen technical files. The hackers are demanding a ransom of $50 million if Quanta pays the full amount by April 27. After that date, the amount will double to $100 million. The message was distributed through the Tor anonymous network connection, protected from eavesdropping.

According to profile portal Bleeping Computer, by Saturday, April 24, REvil had published more than a dozen schematics and diagrams of laptop components on its Darknet leak site. However, no links were found to the fact that the data relate to Apple products.

Quanta confirmed that its servers had been hacked. As Bloomberg reported, Quanta Computer's information security team is working with outside IT experts to review several cyberattacks on a few Quanta servers. The manufacturer says the hack will not significantly affect the company's future operations

The company also said that it has not yet figured out the extent of the leak. The images that leaked to the Net include the schematics of the redesign of the iMac just presented by Apple, which until this situation has not been seen by anyone outside of Apple's sphere of influence. This confirms the fact that the documents are indeed accurate.

Recall that REvil's largest illegal extortion profit was $18 million. The money was anonymously cashed and laundered through a cryptocurrency exchange.

Data from thousands of Russian companies have been made publicly available on the web

The data of several hundred Russian companies that used the free online project manager Trello has been made publicly available. Among the hundreds of thousands of leaked boards are those containing confidential information.

Data from boards of free online project manager Trello, which were maintained by Russian companies, was made publicly available. Leaked data of several hundred large companies and thousands of small and medium-sized businesses were found by analysts of Infosecurity a Softline company.

The company specified that in Russia, Trello boards are mainly used by small and medium-sized businesses, and there are representatives of large organizations, including banks.

Kirill Solodovnikov, CEO of Infosecurity, called the entry of corporate data in the network "an illustration of a leak, which occurred not due to hacker attacks, but as a result of inattention or negligence of company employees". 

According to Infosecurity, organizations post lists of employees and customers, contracts, passport scans, documentation related to participation in tenders and product development, as well as credentials of corporate accounts and passwords to various services. 

"Usually it is not difficult to determine from which organization the information leaked. Its name often appears either in the name of the board or in the description of tasks," added the experts.

Analysts Infosecurity found that nearly a million public boards of service Trello are currently indexed by search engines, and thousands of them contain confidential information. So, now, according to thematic queries in search engines, there are more than 9000 boards with mentions of logins and passwords.

Trello belongs to the Australian software developer Atlassian, other similar free services include Evernote, Wunderlist, XMind, Notion. Data from Trello boards were already in the public domain, but this was the first time such a large-scale leak occurred.

Sergei Novikov, deputy head of the Kaspersky Lab's Threat Research and Analysis Center, noted that the service is used by cyber groups to coordinate their activities. Infosecurity told about detecting a board in Trello, which belonged to a group of fraudsters who specialize in deceiving credulous foreigners under the "Russian brides" scenario when the hunt is conducted for those willing to meet young girls from Russia.

"Hackers could use data from the boards, for example, to attack companies' clients or hack corporate Instagram accounts, as in the fall of 2020," added Infosecurity.

Experts warned that data leaks could also lead to fines for violations of the law on personal data, for example, it contradicts the storage of scans of clients' passports in public storage located abroad.

Database containing e-mail addresses of Navalny's supporters leaked onto the Internet

Navalny's team is now investigating and identifying the source of the leak. The team assured them that they did not collect any personal data other than email addresses of their supporters

Attackers gained access to the email database of the "Freedom to Navalny!"(free.navalny.com), created as part of the campaign in support of the politician. The site registers supporters of the opposition leader who are ready to go out to rally. Alexei Navalny's team promised to announce it when the number of people ready to join "at least" 500,000. The authenticity of the leaked addresses was confirmed by Ivan Zhdanov, director of the Anti-Corruption Foundation (included by the Ministry of Justice in the register of foreign agents).

"A database of emails from free.navalny.com has now appeared on the Internet. It corresponds to reality, unlike the previously issued fakes," Mr. Zhdanov wrote in the Team Navalny Telegram channel.

The director of the Anti-Corruption Foundation explained that the base for the email newsletter had leaked. "We use third-party services to send out emails because when working with a large number of emails it is impossible to avoid using third-party services. In this case, we use the mailing service mailgun.com", said he.

Ivan Zhdanov noted that only the base of email addresses was leaked. It does not contain any names or other identifying data. Mr. Zhdanov added that this was the first time in the Anti-Corruption Foundation work, the Foundation will try not to repeat such a situation and later will report the results of the investigation. He urged to send the emails received from intruders to spam.

Several journalists found their mailboxes in the base. In addition, the base includes email addresses of state bodies. Among them are domains of accreditation department of Press Service and Information of the President of Russia, press-services of Ministry of Internal Affairs, party "United Russia", Federal Tax Service and also those of the Government of Chechnya. There are 529,000 mailboxes in the database.

We remind you that on February 2, 2021, the Moscow court replaced Alexei Navalny's suspended sentence in the Yves Rocher case with a real one due to violation of the conditions of the probationary period. In mid-March, the politician was taken to the penal colony, where he must spend two years and eight months. 

Data from the Russian cybercriminal forum Maza (Mazafaka) leaked to the network

Attackers hacked the Russian-language forum Maza, which was used by the hacker "elite". According to experts, competitors or an anti-hacker group may be behind the hacking

The forum of elite Russian-speaking hackers Maza was hacked in February, as a result of the attack, the data of more than 2 thousand cybercriminals were freely available.

This is a community of cybercriminals and financial fraudsters, many of whom began their criminal activities in the mid-1990s.

According to the US cybersecurity company Flashpoint Intel, the forum was hacked on February 18. As a result, "usernames, passwords, e-mails of users and alternative ways of communicating with them, such as contacts in ICQ, Skype, Yahoo and Msn," leaked to the network.

The message about the hacking of the site appeared on the forum itself, and it was translated into Russian with the help of an online translator. Experts believe that this is either proof that the forum was hacked by non-Russian-speaking criminals, or it may be an attempt by attackers to "send analysts on a wild goose chase."

The experts suggest that anti-hacker groups or so-called white hackers working on behalf of the authorities may be behind the cyberattack on Maza. The forum could also be hacked by competitors.

Mikhail Kondrashin, Technical Director of Trend Micro Russia and the CIS, notes that Maza was already hacked ten years ago.

"But this has not shaken the stronghold of the cybercrime underground," said the expert.

According to him, the data from this forum is "invaluable information" for law enforcement agencies, and with the proper operational application, this information can help reduce the overall level of cyber threats in the world.

According to Ilya Tikhonov, an expert of the information security department of Softline, the data obtained can be very valuable for combating cyber attacks, even if there was no hacker software on the forum.

"The correspondence and user credentials will also be useful," added he.

At the same time, the founder of the DLBI data leak intelligence service, Ashot Hovhannisyan, doubts that such a leak will affect the fate of hackers. In his opinion, the disclosure of email addresses on the forum is not proof that they participated in illegal activities.

At the same time, Hovhannisyan noted that usually hacker forums are hacked by competitors. Hacking Maza, in his opinion, could be a warning to the owners of the forum from competitors.

Other experts suggested that, most likely, the reason for the attack was personal or financial interest. It is possible that some of the participants were insulted or someone has underpaid the money promised from the fraudulent scheme.


Database of 21 million users of popular VPN services leaked

The database contains email addresses, passwords and usernames of Russian users. This information can be used by hackers to obtain bank card data.

A database of 21 million users of free VPN services GeckoVPN, SuperVPN, and ChatVPN for the Android operating system was put up for sale on Darknet.

According to the SuperVPN page in the Google Play Store, the app has been installed more than 100 million times. GeckoVPN has over 10 million installs, and ChatVPN has over 50,000.

The database contains e-mail addresses, passwords and usernames of users. One of the archived samples for sale contains data about VPN users' devices, including serial numbers, phone types, and brands.

SuperVPN users' data was already in the public domain as a result of a large-scale leak last summer. The founder of the company "Internet-search" Igor Bederov, in an interview with the publication, said that the new data leak of free VPN users occurred due to "obvious negligence in handling confidential information." “Service owners have not trite to change the default passwords on their database servers,” he explained.

According to experts, user data can be used by fraudsters for phishing and man-in-the-middle attacks, when a hacker puts malicious tools between the victim and the target resource, thus intercepting the user's web sessions.

Alexei Kubarev, an expert at the Solar Dozor Product Center, told that such attacks endanger confidential data transmitted from devices over the Internet, including passwords and CVV codes of bank cards.

According to Denis Batrankov, an independent information security expert, users of VPN services need to set unique passwords so that in the event of a leak, fraudsters cannot brute force access to other services with the same password.

The data of 1.3 million Russian Hyundai customers are on sale

The database, which contains information about 1.3 million Russian owners of Hyundai cars, is put up for sale on Darknet. This is reported by Telegram-channel "Information Leaks".

According to him, the data of 1.3 million registered users of the hyundai.ru website were put up for sale. The database contains the full names, phone numbers, email addresses and home addresses of the automaker's customers, as well as information about the vehicles they purchased, spare parts orders and participation in the brand's marketing activities.

Ashot Hovhannisyan, the founder of the DLBI data leak intelligence service, said in an interview that the database with Hyundai customer data is sold for about $2 thousand. According to him, the seller of the database has a high rating and has not previously been seen selling fake data. Hovhannisyan clarified that the latest data on user operations contained in the "testers" of the database refers to 2019.

The seller of the database, as other interviewed information security experts told, has a good reputation, so the leak is similar to the real one. One of the interlocutors claims that the seller of the base is a Russian who lives in Moscow.

According to Hovhannisyan, the database is a "dump" of the SQL server that serves the site of the Russian office of Hyundai, so most likely the source of the leak was a vulnerability in this server found by an automatic scanner or a backup copy of the data accessed by cybercriminals.

According to KELA analyst Viktoria Kivilevich, the seller of the database has many ads in which he offers databases of other companies in the same format, so it is likely that the hacker massively scans vulnerable networks, "selects those that are more delicious" and exploits vulnerabilities.

Korean Dating App Leaks Private Images and Information of 1 Million Users

 

Korea is a country where incidents of data breach have significantly risen in number, becoming the new normal. Due to this, Data Protection has become a subject of concern in Korea. Massive-scale data leakage incidents have caused the residents great trouble as their resident registration numbers are easily accessible on the internet. For instance, while using various online platforms for shopping a person provides the required information that is not regarded safe as small business owners pay little attention to the protection of the database while on the other hand big business owners at times lack efficient data control system. 

This data breach mostly leaks the private information of the users such as explicit content or certain images that should not be out in the public domain. The data that gets easily accessed due to the misconfigured and unsecure services, includes user information such as personally identifiable information and other sensitive data like private messages or images. 

Lately, one such incident took place in Korea again where a dating app has leaked highly sensitive NSFW picture and information of the app users that are nearly 1 million in the count. This one was free of cost dating app that goes by the name “ Sweet Chat” belonging to Sweet Talk. 

The aforementioned incident is a bit of a déjà vu, as the nearly same incident was reported in November last year. Though that incident had images, videos, and audios that were extremely explicit and private for the user and that particular database contained 130,000 files in total. Articulating about the incident that transpired this year the database only had NSFW images and only half of the total images were explicit. The count of the images and messages leaked this time was 1 million. 

The era of technology accords with a wide range of approaches that can harm a user caught in such cases. The user ID’s are easily connected to the leaked images by a Reverse Image search process, which is very handy for cybercriminals who later on blackmail the users. Wrongdoers even get imprisonment for up to 40 years for such blackmailing cases in Korea.

These cases are very sensitive, as they breach the wall of privacy for the user. It’s the responsibility of the owners and the app developers to make sure that all such private information and the confidential database remains safe and private. The consequences of such cases are highly amplified for the victims as now anybody could access their personal information. 

The users need to use these dating apps with proper care and change their passwords every now and then. Users are also advised to keep an eye on the personal information stored in the app. One must always be cautious about permissions that the apps ask for its proper working on the device. And cases carrying such sensitivity must be reported to the concerned authorities as soon as possible.

A Russian-speaking hacker put up for sale the accounts of the heads of the world's largest companies

 A Russian-speaking hacker under the pseudonym Byte leaked passwords from the personal profiles of managers of many large companies in the world

Data for accessing the personal accounts of Microsoft's online services and the email addresses of several hundred senior executives are put up for sale on a Russian-language hacker forum.  This was done by a Russian-speaking hacker under the pseudonym Byte. The seller claims that he has hundreds of passwords of different top managers from all over the world. He is ready to confirm the authenticity of the data to the buyer.

Offer to sell credentials appeared on a private forum Exploit.in for Russian-speaking cybercriminals. The description states that you can purchase email addresses and passwords to access the accounts of Office 365 and other Microsoft services of presidents, their deputies, CEOs, and other high-ranking executives of companies from around the world.

Byte asks for each address from $100 to $1500, the price directly depends on the size of the company and the position held by the account owner.

An information security specialist entered into negotiations with the seller to confirm how relevant the database offered for sale is. For verification, he received the credentials of two accounts: the CEO of an American software development company and the CFO of a chain of retail stores in one of the EU countries. As a result of verification, he got access to the data of these people. 

The attacker did not disclose the source of the data but claims that it can provide access to hundreds of accounts.

Analysts at KELA reported that the person selling these credentials previously tried to purchase information collected from computers infected with the Azorult malware. It usually contains usernames and passwords that the program extracts from victims' browsers.

This incident once again highlights the need for better data protection. Two-factor authentication or 2FA is often recommended.

Here's why a Greece Hacker Easily Hacked Croatian University?

 

A hacker from Greece has published the database of the University of Rijeka in the context of Croatia supporting the anti-Serb movement. Reportedly, the hacker was fueled by the prevailing situation in the Balkans, and his acts were motivated by the same; addressing his Serbian brothers he wrote, "it's time to defend our land and our history". 

Hashing is a one-way road to security and a reliable password storage strategy that makes storing passwords less risky and complex by creating a strong foundation for securely storing passwords.
 
The database contains a table that compares every username with a password. The server receives a request for authentication with a payload containing a username and a password when a user logs in; then the username is being looked up in the database and matched with the stored password, and when the right match is being found, the user gets the access to the application or the website. 
 
The strength of security depends upon the format of storing the password, one of the most basic ways of password storage is 'cleartext', which however is also the least secure of all as it is readable data stored in the clear, for instance, unencrypted. To say, using cleartext for storing passwords is the real-world equivalent of writing them down on paper – here a digital one.  
 
Notably, the University website has been using Md5 to store the passwords which is yet another outdated format that can be easily cracked. Now coming back to hashing – it uses an algorithm to map data regardless of its size to a fixed length, one must not confuse hashing with encryption as encryption is a two-way function and hence reversible while hashing is a one-way function and hence is not reversible. The computing power required to reverse-hash something is unfeasible. 
 
What is salting?
 
Salting is a unique value that is added at the end of the password to distinguish its hash value from that of a similar password, without salting the same hash will be created for two identical passwords. It is done to strengthen security by complicating the cracking process. However, in the abovementioned hash, there are no additional values added to the passwords. 

They have simply used the md5 method without salting and as the main virtue of a secure hash function is to make its output difficult to predict, this method used by the University defies the whole purpose – making passwords weak and easy to crack. Some of the pre-cracked passwords are shown below. 



The data of 55 thousand clients of Russian banks were publicly available


 The Bank of Russia and the Visa payment system have notified credit institutions about the leakage of bank customer card data.

The database with the data of 55 thousand users of the Joom marketplace, specializing in the delivery of goods from China, was publicly available. 

- The database was available for free download on the Darknet and in Telegram channels last week. It contained the first six and last four digits of the card number, its expiration date, the payment system and the Bank that issued the card, as well as the user's full name, phone number, email address and residential address.

A representative of the company said that the leak occurred back in March. The company has terminated cooperation with the counterparty due to which the incident occurred.

It is noted that only those banks whose cards were used by customers from the database received messages from a center for monitoring and responding to computer attacks in the credit and financial sector (FinCERT). A number of banks have already taken measures to prevent the threat, some of them have informed customers about the reissue of cards.

According to Ilya Tikhonov, Head of Compliance and Audit at Softline Group of Companies, online stores are traditionally one of the most poorly protected segments, since their creators do not pay enough attention to the issue of protection from cyber attacks. 

"Based on the nature of the data, I can assume that it was obtained by an external attack: malware was used to intercept data during the payment process”, added he.

"The database is freely available in several places, it could have been downloaded by hundreds of people, so it will be difficult for fraudsters to use it", said Ashot Hovhannisyan, founder and technical Director of DeviceLock.

Databases of users of Russian ad services Avito and Yula have appeared on the network


Six files with tables in CSV format are in the public domain, which means that anyone can download them. Each file contains the data of about 100 thousand users (three databases with information from Avito users, and three more from Yula users). Each record contains information about the user's region of residence, phone number, address, product category, and time zone. The first database was uploaded to the hacker Forum on June 26, and the last one appeared there on July 22.

Russian media writes that they confirmed the relevance of at least part of the published data by calling users at the specified phone numbers.

A representative of Yula said that the uploaded files do not contain personal data of users of the service.

"They only contain information that anyone could get directly from the site, or by parsing (copying using scripts) ads.

Yula is extremely attentive to the security of our users and the safety of their data. We do not disclose information about addresses from ads even when parsing (and this is visible in the files) and allow our users to completely hide their phone numbers, accepting calls only through the service's app," said the service.

The press service of Avito also reported that the user data contained in the databases was publicly available and this is not a leak of information.

The head of the Zecurion analytical center, Vladimir Ulyanov, noted that it may even be a manual data collection since user numbers on Avito and Yula websites are usually covered with stars. The published information, in his opinion, can be used by fraudsters in social engineering.

'ShinyHunters', a Hacker Group Selling Databases of 10 Organization on the Dark Web for $18,000


A group of hackers has put the user databases of 10 companies for sale on the dark web, a part of the internet world that requires specialized software to be accessed, it isn't normally visible to search engines. 

The group that is selling more than 73.2 million user records goes by the name of 'Shinyhunters' and was reportedly behind the breach of Indonesia's biggest online store, Tokopedia. Notably, it's the success of Tokopedia's breach that has encouraged the hackers to steal and sell data from various organizations including Zoosk (online dating app, 30 million records), Minted (online marketplace, 5 million records), Chatbooks (Printing service, 15 million records), Mindful (Health magazine, 2 million records), Bhinneka (Indonesia online store, 1.2 million records), Home Chef (Food delivery service, 8 million records) and others. The samples of the aforementioned stolen records have been shared by the hackers; security experts have verified the same to confirm the authenticity of most of the databases that are being sold separately by the hackers for almost $18,000. However, the legitimacy of some of the enlisted user records is yet to be proved. Despite the ambiguity and confusion, ShinyHunters seems to be a well-founded threat actor as per community sources. 

In the last week's breach targeting Tokopedia, initially, hackers published 15 million user records for free, however, later on, the organization's full database containing around 91 million records was put on sale for $5,000. 

Allegedly the hacker group has also been involved in the data breach of a very popular Facebook-funded education initiative, Unacademy, the breach affected a total of 22 million user records. 

Reports indicate that the data posted by hackers contain authentic databases that could lead to serious concerns for all the affected organizations, although there are limited insights available about ShinyHunters, the modus-operandi of the hacker group resembles that of Gnosticplayers, a computing hacking group that made headlines for selling stolen data of the dark web with its latest victim being Zynga Inc, a mobile social game company.

The prosecutor's office identified a leak of the full database export and import operations in Russia for eight years


Yekaterina Korotkova, the representative of the Moscow Interregional Transport Prosecutor's Office reported that the Northern Transport Prosecutor’s Office revealed a leak on the Internet of a full database of export-import operations of Russian companies at customs posts over eight years.
“It was established that one of the Darknet sites has on sale a complete, regularly-updated customs database for all export-import operations of Russian companies for 2012-2019 (data for all customs posts of the Russian Federation),” said Korotkova.

According to her, the site contains full declarations of all participants in foreign economic activity of Russia, TIN of recipients, senders, information about the processed goods, indicating the Declaration numbers, the country of origin of the goods, surnames, first names, patronymics of their representatives, vehicle numbers, contact numbers, as well as information about risks.

"The customs authorities' databases on the website for acquiring contain information of limited access and personal data," added the representative of the Ministry of Transport and Trade of Ukraine.

The Prosecutor's office through the court demanded to recognize this information prohibited on the territory of Russia.

The court granted the claim. After entering into force, the court's decision will be sent to Roskomnadzor to include the resource in the Unified register of information, the distribution of which is prohibited on the territory of the Russian Federation.

In December 2019, the Investigative Committee reported that during operational activities it was possible to establish a hacker who was to blame for the leak of personal data of several hundred thousand employees of the Russian Railways company on the Internet. A 27-year-old hacker from Krasnodar was charged with illegally obtaining and disclosing trade secrets and illegally accessing protected information.

Investigators found that in June 2019, the accused was able to access internal resources of the Russian Railways computer network. He copied the personal data of several hundred thousand employees, including managers, of Russian Railways and posted it on the Internet. The young man pleaded guilty to committing this cyberattack.

Hackers stole half a million profiles from a Russian job search site


The hacker forums got a database of users of the portal jobinmoscow.ru. According to the founder and technical director of Device Lock, Ashot Hovhannisyan, the database has logins and passwords for 500,000 users in addition to the publicly available information.

Media noted that some logins and passwords were relevant, if you enter some of them, you could get to the pages of portal users. After the journalist informed the site representative about this, it became impossible to enter the accounts.

However, the company owning the site from which the leak occurred confirmed the information about the data leak.

"A quick analysis of the situation showed that there are no violations of the law on our part. Our experts analyze any possible threats to the technical security of the site and take the necessary steps to prevent unauthorized use of the site," commented on the leak, Forex Consulting CEO Yuri Mozgovenko.

Experts reported that the personal data of customers of the site can be used in the black market of fake employment. Scammers can call applicants and promise a job, but for the final stage of hiring, they will ask to pay a small amount.

In addition, the leak of passwords creates a vulnerability for social networks of users, they can be hacked. Experts also note that the resume contains not only personal information about the applicant but also data about former employers. As a result of such a leak, it becomes possible to replace the resume or vacancies of a particular company to damage its business reputation.

However, experts do not see significant threats in such data leaks.
According to jobinmoscow.ru, more than 566,000 vacancies from 209,000 companies were posted, as well as more than 195,000 resumes.

One Plus found leaking user data

Chinese smartphone brand OnePlus has been reportedly leaking data of OnePlus phone users for years. According to a report by 9to5 Google, OnePlus has been ‘unknowingly’ leaking crucial personal information of its users publicly for quite a considerable amount of time and it is only when the major security flaw was pointed out to the company recently that it has started to investigate. Here is everything you must know about this breach in privacy.
According to the report, OnePlus has been leaking names and email addresses of hundreds of its users, through the ‘Shot on OnePlus’ application that allegedly carries a security flaw. The app offers you a place to upload photos taken by your OnePlus device to be featured as wallpapers by OnePlus users globally.
As the name suggests, ‘Shot on OnePlus’ allows users to upload their photos from the phone or from a website (for which they need to be logged in to the OnePlus account) and set user-submitted photos as their wallpaper. Users can also adjust their profile, including their name, country, and email address from the app and the website. OnePlus chooses one photo every day to feature in the app and on the website. According to 9to5Google, the API OnePlus used to make a link between their server and the app was “fairly easy to access” despite carrying private information about users. It said anyone with an access token could “do most actions” with the API. An API, or Application Programming Interface, is a software intermediary that allows two applications to talk to each other.

9to5Google said it discovered the “somewhat major” vulnerability in the API OnePlus uses for the app a couple of months ago, and that the company had already fixed it. It said it was unclear for how long users’ data had been leaking in this way, but believed it had been happening since the launch of the ‘Shot on OnePlus’ app many years ago.

The leak was reported taking place because of a flaw which was communicated to the company in early May but hasn’t been completely patched despite a fix being rolled out.

Hackers released around 845GB of username and password dump from old breaches



According to Kaspersky Lab, the database of users with billions of passwords, published at the end of January, was collected from well-known old leaks.

On January 31, Wired reported that hackers released a giant database that contains 2.2 billion unique usernames and passwords. In total, the entire archive of stolen data was the size of 845 gigabytes.

Kaspersky Lab studied this database and concluded that it does not contain any new information.

"This is a database of already known old leaks," said a representative of Kaspersky Lab.

It’s interesting to note that among the stolen data were accounts for such popular services as Yahoo, LinkedIn, Dropbox. All three of these companies previously reported major leaks of their bases. Russian hackers were suspected of involvement in the thefts.

However, Experts of Kaspersky Lab advised to check the availability of email in the database through the website https://haveibeenpwned.com and change passwords for the most important accounts.

Two financial institutions investigating hacks, customer data may have been leaked


Bank of Montreal (BMO) and CIBC-owned Simplii Financial on Monday revealed that data of thousands of customers may have been breached in recent hacks on Canada’s two of the largest financial institutions.

The banks warned that “fraudsters” may have accessed some customer accounts.

Simplii Financial, which is CIBC’s direct banking brand, revealed that data from 40,000 client accounts may have been electronically accessed by fraudsters. BMO similarly said that it received a tip on Sunday that claimed the confidential information of “a limited number of customers” had been accessed.

Simplii said that it has “implemented additional online security measures”, which include online fraud monitoring and online banking security measures.

“We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures,” said Michael Martin, senior vice president of Simplii Financial, in a statement. “We feel that it is important to inform clients so that they can also take additional steps to safeguard their information.”

BMO said the hack appeared to have originated outside Canada. The tipsters, in BMO’s case, were reportedly the hackers themselves.

"We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off," BMO said. "We have notified and are working with relevant authorities as we continue to assess the situation. We are proactively contacting those customers that may have been impacted and we will support and stand by them."

"If a client is a victim of fraud because of this issue, we will return 100 per cent of the money lost from the affected bank account," a press release by Simplii said, adding that there is no indication that clients who bank through CIBC have been affected.

The bank also told customers to send any suspicious correspondence to fraud@simplii.com.

Moonpig hacked, Emial IDs, passwords compromised


The online personalized card company, Moonpig, has blocked an unspecified number of accounts of customers after users’ details were published online.

According to the company’s website, customers’ email addresses, passwords and account balance had been made public. However, they stress that the source of passwords was not their site, but from other online sites where users use similar passwords.

“As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue. Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from Moonpig.com."

"This data was then used to access the account balances of some of our Moonpig.com customers. As a reminder, we do not store full credit card information ourselves so this data was not accessible in any event.”

Moonpig  has contacted affected customers, and advised  them to  reset their passwords and ensure that they are not reusing the same passwords anywhere else on the net

Team GhostShell are back with a bang

 
They are back again after almost three years! Team GhostShell, a well-known hacking group, has returned with hacks and database leaks.

The hacking group claims to have leaked data from various websites within 24 hours.

On June 29, the team posted on twitter links to a number of Korean and Japanese websites, educational portals, university websites and travel websites which they claim to have hacked.

The posted websites and services do not appear to follow a particular trend or pattern so it is believed that the sites have been hacked.

Lee J, a security researcher, posted on Cyber War News that when he contacted TeamGhostShell, they had explained that not all data is going to be leaked from targeted sites and as an example of this got shown an exclusive set of data from an Australian cloud provider (redacted for now) which contains 1,500+ full banking information such as full names, home addresses, mobile contact numbers, contract dates and probably worst of all Tax file number (TFN). The provider has been contacted at time of publishing.

According to him, till the date, 444 different databases have been dumped from various sites and sub-domains mostly being education and government based.

“A basic scan of these sites has shown that there is a heap of accounts leaks, over 17,700 have email and password combinations as well as many other user name and password combinations as well,” he added.

“I have been told in a conversation with TeamGhostShell that they plan to leak data until they are caught,” he said.

He said that the team has added pastebin.com account with a paste titled “Dark Hacktivism- Information is everything”.

It is said that this is not the end. There are a lot more data to come over in coming days or weeks.