Search This Blog

Showing posts with label Sensitive data Leaked. Show all posts

Hackers Gain Access to Sensitive Data; Release Veterans’ Stolen Data Related To PTSD Claims


Hackers become increasingly serious in their game as they begin targeting sensitive data that incorporates pain diary entries from veterans' very own physical injury cases. Breaching a few law firms, the local government databases and other organizations, demanding payments for data recuperation and deletion Maze, a hacking and ransomware group, as a major element of a ransomware attack against U.S. law firms released V.A documents, patient care records, legal fee agreements, and privacy consent forms. 

Screenshot of a VA claims document released in a data dump by hacking group Maze as part of a ransomware attack against U.S. law firms. (Screenshot/Brett Callow)

Two of those hacks focused explicitly on Texas-based law firm Baker Wotring in November and Woods and Woods LLC in Evansville, Indiana, this month. As per Brett Callow, a threat analyst with Emsisoft, Maze hacks an organization's servers, informs them of the breach and demands ransom payments to prevent data dumps and if the group doesn't receive what it demanded, it proceeds to publish small quantities of compromised information — "proofs" — online, open to anybody with internet access. 

And the group has actually done it. After previously demanding payments ranging from $1 million to a few million dollars, if the payment isn't received, Maze has released additional sensitive information on a 'staggered basis'. 

Screenshot of a pain diary document released in a data dump by hacking group Maze as part of a ransomware attack against U.S. law firms. The image has been redacted by Military Times. (Screenshot/Brett Callow)

According to Callow, the Ransomware group has already released a part of individual archives from Woods and Woods, and the group professes to have more data. Aside from this, it has likewise posted the compromised information on a Russian hacker forum. While other hackers utilize the stolen data to target and demand ransom from individual patients or clients, Maze doesn't do that. 

The hacking group works a bit differently here as they themselves write on their site, “Use this information in any nefarious way that you want.” 

Nonetheless as per Bleeping Computer, keeping in mind the current developments from the group the Federal Bureau of Investigation (FBI) has issued a Flash Alert just a month ago to privately owned businesses in order to advise them of expanded Maze ransomware exercises, as a prudent step.

Ukrainian government job site posted passport scans of thousands of civil service candidates


Government job site https://career.gov.ua/ published scans of passports and other documents of citizens who registered on the portal to search for work in the government sector. This was announced on January 16 by the Office of the Ombudsman of Ukraine on Facebook.

“A possible leak of personal data of citizens who registered on the site https://career.gov.ua/ with the aim of passing a competition for government service was identified. A copy of the passport and other scanned documents that users uploaded to the Unified Vacancy Portal for public service are in free access," the message said.

It is noted that data leakage became known from posts on Facebook by job seekers in the public sector. So, on January 15 at night in the social network, there were messages from candidates for government posts about publishing scans of their passports, diplomas and other documents. A spokeswoman for the Ukrainian cyber activist community, Ukrainian Cyber Alliance, known as Sean Townsend, filed a complaint with the Ombudsman’s Office.

The press service of the Ombudsman's Office noted that the circumstances of this incident are being established and monitoring is being carried out. However, Ukrainians are afraid that their documents will be used by fraudsters.

"Don't be surprised if a loan is accidentally taken in your name," users write in the comments.
The cybersecurity expert Andrei Pereveziy wrote the following: "Minister Dmitry Dubilet, what about digitalization? Probably, this vulnerability in the framework of #FRD should be demonstrated to the European Ombudsman, so that Europe understands what it supports."

The National Security and Defense Council (NSDC) of Ukraine held an extraordinary meeting of the working group on responding to cyber incidents and countering cyber attacks on state information resources in connection with the leak of data from the Unified Vacancy Portal.
During the meeting, experts noted the need for state authorities to ensure proper cyber protection of their own information systems.

10,000 Clients Affected in Aegon Life Insurance Data Leak


Around 10,000 customers of Aegon Life Insurance, a joint venture between the Netherlands-based Aegon and India's Times Group, fall prey to a data leak which was caused through website's support channels, which clients used to communicate with the insurer regarding their grievances.

Reportedly, the data compromised included all the details ranging from the very basic demographic ones like name, gender, age to more specific ones such as health policy problems and annual income. It occurred due to a security vulnerability in the company's website.

Renie Ravin, Indian web developer and co-founder of the independent blogging platform, 'IndiBlogger', discovered the vulnerability which led to the data leak and reported it to the company in July 2019.

However, there is no evidence of the exposed data being illegally accessed or misused.

Referencing from the statements given by the company, "Aegon Life Insurance, India announces that a vulnerability on their website exposed information of some Indian customers who had used web forms to get in touch with Aegon Life."

"Aegon Life immediately fixed the vulnerability and have since informed all customers of this exposure. Aegon Life estimates that up to 10,000 customers were possibly affected."

"We will initiate an outreach program in the coming days to offer guidance to affected customers and to let them know what information was exposed. At Aegon Life, data security and customer privacy are of utmost importance and we will continue to be transparent with customers as we investigate further," the company added.









A Web Privacy Research Group Discovers Data Breaches In Two Indian Fintech Startups




Data breaches in two Indian fintech start-ups — Credit Fair and Chqbook were recently discovered by a web privacy research group called vpnMentor. While the former start-up has all to deal with online shopping credit to customers the latter is a finance marketplace which associates customers to credit cards, and personal loans providers.

The research group's team found that "both Credit Fair and Chqbook’s entire databases were unprotected and unencrypted. Credit Fair uses a Mongo Database, while Chqbook uses Elastic Search, neither of which were protected with any password or firewall.”

With regards to Chqbook, the research group 'claimed' to have accessed 67 GB of user information including sensitive data, like the user's telephone number, address , email, Credit card number, expiry date, transaction history, plain text passwords, gender, income and employment profile among other fields.

However, Vipul Sharma the founder of Chqbook denied the research group's claim that 67 GB of user data was comprised, rather he said that 'Chqbook does not have that much volume of data.'

In the case of Credit Fair, the research group said it was able to extract 44K user records containing fields, like phone number, detailed information of their loan applications, PAN number, IP address, session tokens, Aadhaar number, and more.

The 'lending company' as of now has still not fixed the issue as per the research group's post of July 31.

This is however not the first case of data breach in Indian start-ups, numerous well-known start-ups across various sectors have experienced at least one situation of data breach. Some recent ones include: Truecaller, Justdial, EarlySalary, Ixigo, FreshMenu, and Zomato.

Hence keeping in mind the ever expanding number of data breaches in the nation, the Indian government has begun observing the situation with a much serious eye that too at a policy level and in July, an high-level panel headed by Justice B.N Srikrishna submitted its recommendations and the draft Personal Data Protection Bill 2018 to IT minister Ravi Shankar Prasad.

Hopefully the Government's stance on requiring every single sensitive information of Indian users to be put away or stored locally to guarantee that the information is easily auditable will be viable this time.

Docker Hub hack exposes sensitive data of 190,000 users

                                                                   

An unauthorized person gained access to a Docker Hub database that exposed sensitive information for approximately 190,000 users. Docker says the hacker had access to this database only for a short moment and the data accessed is only five percent of Docker Hub's entire userbase.

This information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories used for Docker autobuilds.

GitHub and Bitbucket access tokens stored in Docker Hub allow developers to modify their project's code and have it automatically build, or autobuild, the image on Docker Hub. If a third-party gains access to these tokens, though, it would allow them to gain access to a private repositories code and possibly modify it depending on the permissions stored in the token.

Docker Hub lost keys and tokens which could have downstream effects if hackers used them to access source code at big companies.

Docker Hub is the official repository for Docker container images. It makes software tools for programmers and developers.

According to a security notice sent late Friday night, Docker became aware of unauthorized access to a Docker Hub database on April 25th, 2019.

Docker disclosed the breach in an email to customers and users of Docker Hub, its cloud-based service that’s used by several companies and thousands of developers all over the world. In the email, obtained by Motherboard, Docker said that the stolen data includes “usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds.”

"On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data," said Kent Lamb, Director of Docker Support.

Experts Motherboard spoke to said that, in a worst-case scenario, the hackers would have been able to access proprietary source code from some of those accounts. Specifically, Docker allows developers to run software packages known as “containers.” It is used by some of the largest tech companies in the world, though it is not yet publicly known what information was accessed and which companies’ accounts were affected.

14.8 million 500px users’ data stolen




500px, an online photography community suffering a massive data breach that leaked 14.8 million users personal information by cybercriminals.

500px global network for photographers and the platform managing around 16 million users who get paid for their work and skills.

Security experts learned this security incident in July 2018 when an unauthorized party breaking the 500px systems and gained access to users personal information.

In this case, Intruder accessed the user’s sensitive information including first and last name, username, email address, hashed password, Date of birth, city, state/province, country, and gender.

500px Engineering team already deployed to mitigate this incident and the company believes that there is no indication of unauthorized access” to user accounts, adding that information like credit card numbers since these data aren’t saved on a company server.

The company said that users who have opt-in prior to July 5, 2018, are potential victims of this data breach and the company notify to all users via email as well as onsite and with mobile notifications, however, given the volume of users affected.

According to 500px, following Steps are taken to protect their customer from future attacks.

▬ Given the nature of the personal data involved, we have already forced a reset of all MD5-encrypted passwords, and a system-wide password reset is underway.

▬ We have vetted access to our servers, databases, and other sensitive data-storage services.

▬ We have and are continuing to monitor our source code, both public-facing and internal, to protect against security issues.

▬ We are partnering with leading experts in cybersecurity to further secure our website, mobile apps, internal systems, and security processes.

▬ We are modifying our internal software development process.

▬ We are continuing to upgrade our network infrastructure. The company also states that it’s alerted the enforcement and has retained a private security firm to investigate the issue.

Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records



Security researcher Nitish Shah uncovered a data leak by a Mobile Spyware Maker mSpy that claims to help in excess of a million paying clients keep an eye on the cell phones of their children and partners.

mSpy has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and area information furtively gathered from phones running the stealthy spyware. He likewise saw that there was no requirement for any verification in order to reach for the records.
As per Shah, the exposed data additionally incorporated the most recent a half year records of mSpy license purchases with the mSpy client logs, alongside the Apple iCloud information of gadgets and devices with the spyware installed on them.


A list of data points that can be slurped from a mobile device that is secretly running mSpy’s software.

Shah later added that when he attempted to alert mSpy of his discoveries; the organization's support personnel disregarded him.

 “I was chatting with their live support, until they blocked me when I asked them to get me in contact with their CTO or head of security,” Shah said.

Later KrebsOnSecurity alerted mSpy about the exposed database on Aug. 30. To which they responded an email from mSpy’s chief security officer, who gave only his first name, “Andrew.”

“We have been working hard to secure our system from any possible leaks, attacks, and private information disclosure. All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time. Thanks to you we have prevented this possible breach and from what we could discover the data you are talking about could be some amount of customers’ emails and possibly some other data. However, we could only find that there were only a few points of access and activity with the data.” Andrew wrote.

In any case though, this isn't the first time when mSpy is being considered responsible of a release that brought about the leak of the sensitive records of millions of its clients. As it had likewise occurred in May 2015, that KrebsOnSecurity broke the news that mSpy had been hacked and its client/customer information was posted on the Dark Web.