Search This Blog

Showing posts with label User Data Leak. Show all posts

UN Computer Networks Breached by Hackers Earlier This Year

 

Hackers breached the United Nations' computer network and stole data, according to researchers at cybersecurity firm Resecurity, 

According to Bloomberg, the theft's unknown perpetrators appear to have acquired access by simply stealing login credentials from a UN employee. 

Logging into the employee's Umoja account provided access. The enterprise resource planning system Umoja, which means "unity" in Kiswahili, was deployed by the United Nations in 2015. The login and password used in the cyber-attack are believed to have been obtained from the dark web. 

Gene Yoo, chief executive officer at Resecurity, stated, “Organizations like the UN are a high-value target for cyber-espionage activity. The actor conducted the intrusion with the goal of compromising large numbers of users within the UN network for further long-term intelligence gathering.” 

Researchers discovered that hackers initially gained access to the UN's networks on April 5, 2021, and that network breaches lasted until August 7. Based on the findings, the attackers did not seem to have harmed or disrupted the UN's computer network. Instead, the hackers seem to have been motivated by a desire to gather information. 

After reporting the security issue to the UN, Resecurity stated it worked with the UN's security team to evaluate the extent of the intrusion. While the UN claims that the assault was a reconnaissance operation by hackers who just captured screenshots of the organization's vulnerable network. The breach resulted in the theft of data, as per the Resecurity experts. 

The UN discontinued interacting with Resecurity, according to Yoo, when proof of data theft was provided to the organization. 

Hackers have previously attacked the United Nations and its agencies. In 2018, Dutch and British law enforcement prevented a Russian cyberattack on the Organisation for the Prohibition of Chemical Weapons (OPCW), which was investigating the deployment of a lethal nerve agent on British territory. 

According to a Forbes article, the UN's "core infrastructure" was hacked in a cyberattack in August 2019 that targeted a known flaw in Microsoft's SharePoint platform. The breach was not made public until the New Humanitarian newsgroup published the news. 

In the context of the latest breach, UN spokesman Farhan Haq told DailyMail.com, “This attack had been detected before we were notified by the company cited in the Bloomberg article, and corrective actions to mitigate the impact of the breach had already been planned and were being implemented.” 

“At that time, we thanked the company for sharing information related to the incident and confirmed the breach to them.” 

Haq added that the United Nations is often targeted by cyber-attacks, including sustained campaigns.

Autodesk Disclosed it was Targeted in SolarWinds Hack

 

Autodesk has disclosed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain assault, nearly nine months after finding that one of its servers had been compromised with Sunburst malware. 

It is an American multinational software corporation that makes software products and services for the architecture, engineering, construction, manufacturing, media, education, and entertainment industries. 

In a recent 10-Q SEC filing, Autodesk stated, "We identified a compromised SolarWinds server and promptly took steps to contain and remediate the incidents." 

"While we believe that no customer operations or Autodesk products were disrupted as a result of this attack, other, similar attacks could have a significant negative impact on our systems and operations." 

While the company went on to state that there was no additional damage to its systems, the company's announcement of the breach in its most recent quarterly results serves as a reminder to the world of how widespread the SolarWinds supply chain breach was. 

An Autodesk spokesperson told BleepingComputer that the attackers did not deploy any other malware besides the Sunburst backdoor, likely because it was not selected for second stage exploitation or the threat actors didn't act quickly enough before they were detected. 

The spokesperson stated, "Autodesk identified a compromised SolarWinds server on December 13. Soon after, the server was isolated, logs were collected for forensic analysis, and the software patch was applied. Autodesk’s Security team has concluded their investigation and observed no malicious activity beyond the initial software installation." 

One of 18000 tech firms targeted in a large-scale cyber attack

SolarWinds' infrastructure was hacked as a result of a supply-chain assault conducted by the Russian Foreign Intelligence Service's hacking division (aka APT29, The Dukes, or Cozy Bear). 

The attackers trojanized the Orion Software Platform source code and build issued between March 2020 and June 2020 after obtaining access to the company's internal systems. These malicious builds were then used to deploy the Sunburst backdoor to around 18,000 clients, but fortunately, the threat actors only chose a small number of people for second-stage exploitation. 

Before the assault was revealed, SolarWinds stated to have 300,000 clients globally, including over 425 US Fortune 500 firms and all top 10 US telecom corporations. 

A long list of government agencies was also among the company's clients (the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, the US Department of Justice, and the Office of the President of the United States). 

The US Department of Justice was the latest US official agency to reveal that during last year's SolarWinds global hacking spree, 27 US Attorneys' offices were compromised. 

Although Autodesk was not the only big corporation attacked in the SolarWinds breach, other companies such as Cisco, VMware, Intel, and Nvidia revealed similar issues in December.  

Chinese Android Game Developer Exposes Data of Over 1 Million Gamers

 

The Chinese developers of famous Android gaming applications exposed user information via an unprotected server. As per the report shared by vpnMentor's cybersecurity team, headed by Noam Rotem and Ran Locar, identified EskyFun as the owner of a 134GB server exposed and made public online.

Rainbow Story: Fantasy MMORPG, Adventure Story, The Legend of the Three Kingdoms, and Metamorph M are among the Android games developed by EskyFun. 

According to the team on Thursday, the users of the following games were included in the data leak and altogether they have over 1.6 million downloads combined: 
-Rainbow Story: Fantasy MMORPG
-Metamorph M
-Dynasty Heroes: Legends of Samkok u 

According to the researchers, the supposed 365,630,387 records included data from June 2021 onwards, exposing user data gathered on a seven-day rolling basis. 

As per the team, when their software is downloaded and installed, the developers impose aggressive and highly troubling monitoring, analytics, and permissions settings, and as a consequence, the variety of data gathered was considerably more than one would imagine mobile games to need. 

The records constituted IP and IMEI data, device information, phone numbers, the operating system in use, mobile device event logs, whether or not a smartphone was rooted; game purchase and transaction reports, email addresses, EskyFun account passwords, and support requests. 

vpnMentor estimates that up to or more than, one million users' information may have been compromised. 

On July 5, the unprotected server was detected, and EskyFun was approached two days later. However, after receiving no answer, vpnMentor tried again on July 27. 

Due to the continued inaction, the team was forced to contact Hong Kong CERT, and the server was safeguarded on July 28. 

The researchers commented, "Much of this data was incredibly sensitive, and there was no need for a video game company to be keeping such detailed files on its users. Furthermore, by not securing the data, EskyFun potentially exposed over one million people to fraud, hacking, and much worse."

Reindeer Leak Personal Data of 3,00,000 Users In A Breach

 

WizCase's cybersecurity group discovered a prominent breach impacting Reindeer, an American marketing company that previously worked with Tiffany & Co., Patròn Tequila, and other companies. Led by Ata Hakçil, the group revealed that the breach leaked customer names, DOB, email ids, phone numbers, address, etc. The cybersecurity experts found a misconfigured Amazing S3 bucket that belonged to Reindeer.

It contained around 50,000 files and a total of 32 GB of data. Reindeer is currently a defunct American advertising company. Being a defunct company, it owns the bucket, so researchers had to contact Amazon for information about the breach as it is the only source that could provide details about the attack. The team also informed US-Cert, in hopes that it would contact the previous company owner. The misconfigured S3 bucket contained data of around 3,00,000 customers of Reindeer clients. Patròn was the top client with the highest number of customer PII (Personal Identifiable Information) leaked, however, other Reindeer clients were also affected, such as Jack Wills, a UK clothing brand. It seems that it has become an easy task to misconfigure permission/access errors in cloud-based deployments. 

The companies that are set to work on cloud-based platforms should have a robust cybersecurity system that keeps an eye on such breaches and informs about any potential error in the cloud infrastructure. The leaked information contains details of around 3,60,009 customers and profit photos of 1400 users. PPI include customer names, address, DOB, e-mail ids, Facebook Ids, and hashed passwords. As per the experts, 35 countries' users were included in the breach, the top three being Canada, the US, and Britain, having around 2,80,000 affected users. 

"The leaked data dates from May 2007-February 2012. The public cloud brings a whole host of new issues to which organizations are still adapting. The case of the Reindeer breach raises serious questions about the shared responsibility model and certainly highlights the need for a layered defense. When it comes to PaaS services, like S3, organizations must implement network-based access controls and apply security policies to protect against sensitive data exfiltration,” said Valtix CEO Douglas Murray.

Personal Information of 2,000 FOID Cardholders Compromised in ISP Website Breach

 

The Illinois State Police are notifying Firearm Owners Identification cardholders regarding a possible data breach after attackers attempted to breach the agency's Police FOID card portal.

According to ISP officials, the personal information of about 2,000 FOID cardholders, or about .0008% of the total number of FOID cardholders in the state, may have been compromised in the attempted hack. Those people will be contacted, the agency said in a news release.

“The software vendor determined that using previously stolen personal data to access existing accounts, unauthorized users may or may not have accessed additional “auto-populated” personal identifiers unique to that account and card such as the last four of a social security number. 2,067 FOID card holders, less than .0008 % of total cardholders, were possibly impacted by these attempts. In accordance with state law and out of an abundance of caution, all affected persons were sent a notice and issued a new card at no cost, according to the news release.

The ISP has strengthened its online security requirements and is limiting the use and access of personal information that FOID card applicants submit in their online FOID account that could match Illinois resident personal identification information unlawfully obtained from any number of previous cyber breaches. The personal information did not come from their systems and servers, ISP officials said after an investigation. 

The FOID website software vendor, working with ISP, recently determined unauthorized persons were attempting to use this type of previously unlawfully obtained personal information to match with and access existing FOID online account information to add further detail to their existing stolen data, the release read. 

The site is back online and is accepting applications. The residents who want to buy and own firearms and ammunition possess a Firearm Owners Identification card issued by Illinois State Police. For more than 18 months, the state has been delayed in processing applications for the required ID, with many waiting months, the agency said. 

“I’d rather there not be a database somewhere of gun owners and their addresses. It doesn’t take that much imagination to figure out how that information can be used in ways that increase the risk to those persons,” Cybersecurity consultant John Bambenek said while raising questions regarding cybersecurity.

WhatsApp CEO: US Allies' National Security Officials Targeted with NSO Malware

 

According to WhatsApp CEO Will Cathcart, governments used NSO group malware to target high-ranking government officials all around the world. 

Cathcart addressed the spyware assaults discovered by the Project Pegasus inquiry with The Guardian, noting they are similar to a 2019 attack against 1,400 WhatsApp users. 

Cathcart added, “The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then. This should be a wake-up call for security on the internet … mobile phones are either safe for everyone or they are not safe for everyone.” 

NSO Group's military-grade spyware is suspected of being utilized against heads of state, cabinet members, activists, and journalists. Over 50,000 phone numbers have been leaked from the Pegasus project's central breach. The inclusion of a person's phone number on the list, however, does not always indicate that they were efficiently targeted, according to The Guardian. 

The leak is said to have included French President Emmanuel Macron, although NSO denies that none of its clients targeted Macron. The IT company also stated that the reported 50,000 figure was overstated. 

Cathcart, on the other hand, tried to refute this portrayal, stating that his firm had documented a two-week-long attack in 2019 that affected 1,400 customers. He added, “That tells us that over a longer period of time, over a multi-year period of time, the numbers of people being attacked are very high. That’s why we felt it was so important to raise the concern around this.” 

According to The Guardian, WhatsApp lodged a lawsuit against NSO in 2019, saying that the corporation had transmitted malware to its customers' phones. NSO, an Israeli firm, argued that the responsibility should be put on its customers who are the foreign government. 

“NSO Group claims that a large number of governments are buying their software, that means those governments, even if their use of it is more controlled, those governments are funding this," Cathcart stated. "Should they stop? Should there be a discussion about which governments were paying for this software?” 

The NSO spokesperson told The Guardian, "We are doing our best to help to create a safer world. Does Mr. Cathcart have other alternatives that enable law enforcement and intelligence agencies to legally detect and prevent malicious acts of pedophiles, terrorists, and criminals using end-to-end encryption platforms? If so, we would be happy to hear."

Olympic Ticket Data Leaked, Says Japanese Government

 

Following a breach, user IDs and passwords for the Tokyo Olympic ticket gateway were released on a leak website, a government official told Kyodo News on Wednesday. The leak was "not huge," according to the source, but the IDs and passwords might provide someone access to a person's name, address, bank account information, and other personal information. 

The government source, who spoke on the condition of anonymity, said the organizing body for the Games has initiated an investigation. The hack reportedly includes the names, addresses, and bank account information of individuals who purchased Paralympic tickets, as well as a volunteer portal. They did not specify how many accounts were compromised. The leak was revealed as Japanese musician Keigo Oyamada resigned this week from the team producing Friday's Olympic opening ceremony after admitting to previously bullying and abusing children with disabilities, and as organizers struggle to turn public opinion in their favor in the wake of the coronavirus pandemic. 

Some people on the internet denied the accusations of a breach. "There are no postings on any of the forums demonstrating direct information leaks," Twitter user pancak3 said after finding accounts for those registration sites on Dark Web markets. He went on to say that the data was not stolen as a consequence of a breach, but rather as a result of attacks using the RedLine virus and other data thieves. 

The announcement came just one day after the FBI issued a private industry alert warning organizations working with the Tokyo 2020 Summer Olympics to prepare for a wave of "DDoS attacks, ransomware, social engineering, phishing campaigns, or insider threats to block or disrupt live broadcasts of the event, steal and possibly hack and leak or hold hostage sensitive data, or impact public or private digital infrastructure supporting the Olympics."

"Malicious activity could disrupt multiple functions, including media broadcasting environments, hospitality, transit, ticketing, or security," the FBI notice said on Tuesday. "The FBI to date is not aware of any specific cyber threat against these Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments." 

The notice goes on to mention the Pyeongchang cyberattack, which occurred during the 2018 Winter Olympics in Pyeongchang, South Korea, during which Russian hackers used the OlympicDestroyer malware to disrupt web servers during the opening ceremony. According to the notice, the hackers "obfuscated the true source of the malware by emulating code used by a North Korean group, creating the potential for misattribution." Six Russian intelligence operatives were indicted by the Justice Department in October for the attack on the Pyeongchang Winter Olympics.

Fraudsters are Mailing Modified Ledger Devices to Steal Cryptocurrency

 

Scammers are mailing fraudulent replacement devices to Ledger customers who were recently exposed in a data breach, which are being used to steal cryptocurrency wallets. 

With increased cryptocurrency values and the use of hardware wallets to secure crypto funds, Ledger has become a frequent target for scammers. After receiving what appears to be a Ledger Nano X device in the mail, a Ledger user published a devious fraud on Reddit. The gadget arrived in authentic-looking packaging with a sloppy letter claiming that it was sent to replace their existing device as their customer information had been leaked online on the RaidForum hacker community. 

"For this reason for security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device," state the fake letter from Ledger. 

"For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again." 

Despite the fact that the letter contained numerous grammatical and spelling issues, the information for 272,853 persons who purchased a Ledger device was published on the RaidForums hacking site in December 2020. This provided a slightly convincing reason for the new device's arrival. 

A shrinkwrapped Ledger Nano X box was also included in the package, containing what appeared to be a genuine device. After becoming skeptical of the device, they opened it and posted photos of the printed circuit board on Reddit, which clearly indicated the modification of devices. 

Mike Grover, a security researcher, and offensive USB cable/implant expert informed BleepingComputer that the threat actors added a flash drive and hooked it to the USB port based on the photos. 

Grover told BleepingComputer in a conversation about the photographs, "This appears to be a simple flash drive slapped on to the Ledger with the purpose of being for some form of malware delivery." 

"All of the components are on the other side, so I can't confirm if it is JUST a storage device, but.... judging by the very novice soldering work, it's probably just an off-the-shelf mini flash drive removed from its casing." 

As per the image examining, Grover highlighted the flash drive implant connected to the wires while stating, "Those 4 wires piggyback the same connections for the USB port of the Ledger." 

According to the enclosed instructions, it instructs people to connect the Ledger to their computer, open the drive that appears, and execute the accompanying application. The person then enters their Ledger recovery phrase to import their wallet to the new device, according to the guidelines. 

A recovery phrase is a human-readable seed that is used to produce a wallet's private key. Anyone with this recovery phrase can import a wallet and gain access to the cryptocurrency contained within it. After entering the recovery phrase, it is sent to the attackers, who use it to import the victim's wallet on their own devices to steal the contained cryptocurrency funds. 

This fraud is acknowledged by Ledger and they issued warnings about it in May on their dedicated phishing website. 

Recovery phrases for Ledger devices should never be shared with anybody and should only be input directly on the Ledger device the user is trying to recover. The user should only use the Ledger Live application downloaded straight from Ledger.com if the device does not allow to enter the phrase directly. 

Ledger customers flooded with scams: 

In June 2020, an unauthorized person gained access to Ledger's e-commerce and marketing databases, resulting in a data breach. 

This information was "used to send order confirmations and promotional mailings — largely email addresses, but with a subset that also included contact and order details including first and last name, postal address, email address, and phone number." 

Ledger owners began getting several of the phishing emails directing them to fraudulent Ledger apps that would fool them into inputting their wallet's recovery codes. After the contact information for 270K Ledger owners was disclosed on the RaidForums hacker community in December, these scams became more common. 

The leak resulted in phishing operations posing as new Ledger data breach notifications, SMS phishing texts, and software upgrades on sites imitating Ledger.com.

Data of 6 Million Battle for the Galaxy Players Leaked

 

WizCase security experts recently uncovered an unsecured ElasticSearch server owned by AMT Games, a Chinese mobile and browser game company, that exposed 5.9 million Battle for the Galaxy users' accounts, as well as 2 million transactions and 587,000 feedback messages. 

Despite the fact that AMT Games used the server to store profile information, payment history, and feedback messages for millions of Battle for the Galaxy players, the researchers discovered that data stored in the ElasticSearch server was not encrypted and the server was not secured with a password. 

AMT Games, which has a slew of mobile and social games with tens of millions of downloads, exposed 1.5TB of data through an Elasticsearch server. AMT Games Ltd. is a renowned mobile and browser-based online game company based in China. It creates games for Android, iPhone, Steam, and web browsers. Battle for the Galaxy, Heroes of War: WW2 Idle RPG, Epic War TD2, and Trench Assault are among of the company's most popular games. 

Player IDs, usernames, country, total money spent on the game, and data from Facebook, Apple, or Google accounts if the user linked them to their gaming account are often included in profiles. Account IDs, feedback ratings, and users' email addresses are all included in feedback messages. 

According to WizCase, transaction data includes price, item purchased, time of purchase, payment provider, and occasionally buyer IP addresses. Users who had their data exposed were advised that it could have been snatched up by opportunistic cyber-criminals looking for misconfigured databases. It went on to say that information on how much money people have spent on the site might help fraudsters target the biggest spenders. 

WizCase warned that "it is common for unethical hackers and criminals on the internet to use personal data to create trustworthy phishing emails. The more information they possess, the more believable these emails look." Bad actors could utilize personal information like email addresses and user difficulties with the service to "pose as game support and send users to fraudulent websites where their credit card credentials can be stolen," according to the report. 

The company advised players to enter as little personal information as possible when purchasing or setting up an account, and parents not to lend their credit cards to their children. WizCase stated that it notified AMT Games of the data breach but received no response. Access to the database was later disabled by the company.

45 Lakh Customer Data Compromised as Air India Servers Gets Hacked

 

A massive cyberattack was perpetrated against the domestic carrier Air India, which compromised passengers' data including passports, contacts, ticket information, and credit card information. 

Air India is India's flag carrier, based in New Delhi. It owns and runs the Airbus and Boeing aircraft fleet serving 102 national and international destinations and is operated by Air India Limited. 

The airline stated that the incident impacted about 4,500,000 data subjects worldwide. The company further added that the violation involved data from somewhere between August 2011 and February 2021. 

“The breach involved personal data registered between 26 August 2011 and 3 February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” a message from Air India reads. 

While the airline has admitted that the credit card details have been violated, it has made it clear that its data processors have not held the CVV/CVC numbers - which are the key to carrying out transactions. 

"Our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," said the statement issued by Air India. 

The state-owned flight operator also mentioned that the first communication concerning the data violation had been obtained from its data processor on 25 February 2021. That being said, on March 25 and May 4, the identification of the data subjects concerned was given. 

"While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021," the statement said. 

Air India has also mentioned that it follows data protection policies and has started investigating data protection incidents. The airline also secures vulnerable servers, engages external computer protection experts, liaises, and notifies Air India frequent flyer program credit card issuers and reset flyer passwords.

250 Million Americans Sensitive Data Leaked Online by Pompompurin

 

As of 22nd April 2021, a Pompompurin named hacker group dropped a database of more than 250 (250,806,711) million American citizens and residents which included their personal and sensitive household information. 

The database that was published on a popular hacker forum, included 263 GB of documents, each with 200,000 CSV subfiles. Although the origin of the leak comes from open Apache SOLR on Amazon Web Server, it is not clear who obtained or managed the data. Besides, three separate IP addresses were made accessible for the data which is something the hacker obtained before its owner disabled or reassigned them. 

The stolen information is nothing short of a treasure trove for cybercriminals and state-supported hackers as it contained massive amounts of information such as full names, telephone numbers, mailing addresses, DOB, Status of marriage, home developed year, Zip code, gender, house rental, home address, credit capability, political participation, number of proprietary cars, details on wages and taxes, number of domestic animals, children's numbers in a home. However, the leak didn’t contain any passwords. 

After the database had been leaked online for a whole week, it was then exposed alongside Telegram chat groups on even several Russian-speaking hacker forums. 

The leaked documents are a treasure trove among malicious people looking for US civilians based on the ongoing diplomatic line-up between Russia and the United States over the SolarWinds hack. 

Moreover, this is not the first instance that US people and residents have been unveiled with a collection of confidential household data online. Data of 200 million people from the US was mistakenly disclosed by a marketing agency in June 2017. Further in December 2017, a data analytics company based in California revealed household data, in which 123 million Americans were compromised due to an AWS bucket that was not properly installed. 

The leaked documents now constitute a threat to the confidentiality and physical protection of victims online. Although some may use the data to find people, hackers and scammers may send phishing emails, SMS, and use the data to try SIM swapping or other identity frauds. However, if an unknown party sends users an email emphasizing clicking on a connection or logging in then they must not click on the links sent as Text messaging.

BigBasket: Data Breach Leaks 20 Million User Data

 

A threat actor dropped about 20 million Big Basket user reports containing personally identifiable details and hashed passwords on a common hacking forum. 

Headquartered in Bangalore, India – Big Basket is an online food supply service. The company mainly provides its customers with food products in convenience shops, home supplies, and food. Big Basket is a famous grocery delivery service platform that enables consumers to purchase and deliver food online. 

Lately, a popular dealer of data breaches named Shiny Hunters, on the morning of 26th April, published a free database on a hacker website claiming that it has already been stolen from Big Basket. Last year during November, when the same dealer, Shiny Hunter attempted to sell the data stolen via private sales on some hacking websites, Big Basket confirmed to Bloomberg News that it had experienced a data breach. 

“There’s been a data breach and we’ve filed a case with the cybercrime police,” Big Basket CEO Hari Menon told Bloomberg News. “The investigators have asked us not to reveal any details as it might hamper the probe.” 

The entire database, which is estimated to be containing over 20 million user records, now has been published for free. It contains e-mail addresses, SHA1 hashed passwords, addresses, phone numbers, and various other details.

The forum members have claimed to have already cracked 2 million passwords by using the SHA1 algorithm. Another Member says 700k of the clients have used their accounts with the password as, 'password.' Shiny Hunters have executed several other data breaches in the past including Tokopedia, Tee Spring, Minted, Chat books, Dave, Promo, Mathway, Wattpad, and more. 

The event happened weeks after the Indian Tata Group decided to purchase Big Basket, at an increase of over $1.8 billion in the value of Indian start-ups. Approval by the Indian Regulator is currently pending in the acquisition plan. 

As Bleeping Computer has also verified that certain documents are correct, like Big Basket's personal information, consumers should be confident in keeping it safe and believing that customer data has been leaked too. It is highly recommended that all Big Basket users update their passwords immediately with the same password on Big Basket and all other pages.

Ubiquiti has been Covering up a Data Breach

 

Ubiquiti, an organization whose prosumer-grade routers have gotten synonymous with security and manageability is being blamed for concealing a “catastrophic” security breach — and following 24 hours of silence, the organization has now given a statement that doesn't deny any of the whistle-blower’s claims. 

In January, the creator of routers, Internet-connected cameras, and other networked gadgets, revealed what it said was “unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.” The notification said that, while there was no proof the intruders accessed client information, the organization couldn't preclude the likelihood that they got clients' names, email addresses, cryptographically hashed passwords, addresses, and telephone numbers. Ubiquiti suggested clients to change their passwords and enable two-factor authentication.

 Initially, Ubiquiti emailed its clients about a supposedly minor security breach at a “third-party cloud provider” on January 11th but found out that the cybersecurity news site KrebsOnSecurity is reporting that the breach was far more awful than Ubiquiti let on. A whistle-blower from the organization who spoke to Krebs guaranteed that Ubiquiti itself was breached and that the organization's legal team forestalled efforts to precisely report the dangers to customers. 

The breach comes as Ubiquiti is pushing—if not outright requiring—cloud-based accounts for clients to set up and regulate gadgets running newer firmware renditions. An article says that during the underlying setup of an UniFi Dream Machine (a popular router and home gateway appliance), clients will be incited to sign in to their cloud-based account or, on the off chance that they don't have one, to make an account. 

Brian Krebs of KrebsOnSecurity wrote, "In reality, Adam (the fictitious name that Brian Krebs of KrebsOnSecurity gave the whistleblower) said, the attackers had gained administrative access to Ubiquiti’s servers at Amazon’s cloud service, which secures the underlying server hardware and software but requires the cloud tenant (client) to secure access to any data stored there." 

“They were able to get cryptographic secrets for single sign-on cookies and remote access, full source code control contents, and signing keys exfiltration,” Adam said.

Here's How to Safeguard Against Mobikwik Data Breach

 

Cybersecurity researchers claimed that the KYC data of as many as 11 crores Mobikwik users had been leaked and put up for sale on the dark web. However, the Gurugram-based digital wallet company is denying the data breach by stating that they have not discovered any evidence of a data leak.

Rajshekhar Rajaharia, an independent cyber-security researcher was the first person who disclosed the data leak in February. He had said that bank details, email addresses, and other sensitive details of nearly 11 crore Indians were leaked on the dark web. 

Approximately, 8 terabytes (TB) of personal user information were stolen from Mobikwik’s main server by a hacker named ‘Jordan Daven’ and put on dark web platforms on January 20, Rajaharia stated. As a shred of evidence, Jordan Devan emailed the link of the stolen database to PTI and stated that they do not have any other motive of using the data except to acquire it from the company and delete it from their end and also shared the private details of Mobikwik founder Bipin Preet Singh and CEO Upasana Taku from the stolen database. 

When approached, Mobikwik denied the claims and stated, “the company is subjected to stringent compliance measures under its PCI-DSS and ISO Certifications which includes annual security audits and quarterly penetration tests to ensure the security of its platform. As soon this matter was reported, the company undertook a thorough investigation with the help of external security experts and did not find any evidence of breach.” 

Precautionary measures for Mobikwik users 

To check out whether your data is compromised or not, you have to download the Tor browser. It is a free and open-source web that helps you anonymously browse the web. You should also update your Mobikwik account by setting new passwords and setting up two-factor authentication. 

Open this link to access the entire database of the leak that is now online. Search for your data by using your email id or contact number. If nothing pops up, you are safe but if something does pop up then you should immediately contact your bank, and block your cards now.

Japanese Games Publisher Koei Tecmo Suffers Cyber Attack, 65,000 Users Account Compromised


The Japanese games' publisher Koei Tecmo was targeted by hackers who compromised the company's English language website and stole confidential data belonging to over 65,000 users. Following the attack, Koei Tecmo announced that they have temporarily shut down their US and European website as a precautionary measure. 


The hackers targeted the company’s website to obtain confidential information about the user accounts like names, encrypted passwords, and email addresses, however, the hackers were not successful in their attempt to acquire the data related to 'user payment details'.  

The Japanese publisher announced in the press release that “Within the website operated by KTE, the ‘Forum’ page and the registered user information (approximately 65,000 entries) has been determined to the data that may have been breached. The user data that may have been leaked through hacking is perceived to be the (optional) account names and related password (encrypted) and/or registered email address.” 

In the press release, the publisher further stated that users do not need to worry about personal financial information because they do not store this confidential information about the users.  

Referencing the reports of Bleeping Computer, the hacker has leaked critical information about users' accounts for free on a hacker forum like IP addresses, email addresses, and passwords.  

Founded in 2009, following the merger of 'Koie' and 'Teo', Koei Tecmo is a Japanese video game and anime holding organization that is responsible for many popular PC and console games like Hyrule Warriors; Age Of Calamity, Dead or Alive, Nioh 2, Atelier Ryza, to name a few. 

The attackers assert that they have used a spear-phishing campaign to hack the koeitecmoeurope.com website on December 18th. The operators behind the attack also claimed that they were deliberating to sell a forum database for 0.05 bitcoins or about 1,300 dollars on a hacking marketplace.  

As per the reports by Bleeping Computer, stating their malevolent motives, the hackers told that they have “leaked the data to punish the Koei Tecmo publisher because they were not following the General Data Protection Regulation (GDPR) guidelines and they were refusing to spend the money on encrypting the users' information and were using a fragile salted MD5 hashing algorithm from 1992 and further warned them if they do not use the strong encryption techniques, we will continue to attack them”.