Monthly Breach Report: January 2020 Edition
Protecting organizations against data breaches, when valuable personal information and intellectual property are compromised, is both a global economic issue as well as a critical management issue for every business. With a hacking attack happening every 39 seconds, organizations need data protection measures in place to survive.
Most organizations simply didn’t know where their most sensitive data existed or to what degree it could be impacted in a breach (step #1 in being able to protect sensitive data). These organizations could have been more prepared.
Below, we outline some of the top data hacks that took place in December of 2019:
US-based iPR Software, PR and marketing provider, became the target of a data breach when it leaked personal information of several global brands like GE, Dunkin’ Donuts, Forever 21, and more.
In October 2019, UpGuard researchers discovered the data leak when it found a misconfigured Amazon S3 storage bucket originating from iPR Software. Reports claim that the database was comprised of key information related to 477,000 clients’ media contacts, business entity account information, 35,000 hashed user passwords, assorted documents, and administrative system credentials for users who leveraged the iPR Software’s platform.
According to UpGuard, “In addition to the database files, the storage bucket contained documentation from iPR developers, documents which appear to be marketing materials for client companies, and credentials for iPR accounts on Google, Twitter, and a MongoDB hosting provider.”
UpGuard claimed apart from the user accounts, the files stored in these customers’ directories and data of large businesses such as California Courts, CenturyLink, Nasdaq, Xerox, and Mercury Public Affairs.
Mixcloud, a British online music streaming service, admitted to a data hack that compromised the personal information of approximately 20 million users.
An official statement from Mixcloud said, “We received credible reports this evening that hackers sought and gained unauthorized access to some of our systems. Our understanding at this time is that the incident involves email addresses, IP addresses, and securely encrypted passwords for a minority of Mixcloud users. The majority of Mixcloud users signed up via Facebook authentication, in which cases we do not store passwords.”
Although the business didn’t share details regarding the scale of the breach, it divulged that the hacker put the users’ personal data on sale on the dark web for 0.5 Bitcoin ($3,650).
The UK-based business further stated that the users with a separate password to access their Mixcloud account were safe from this attack and the users who signed up to their account using their Facebook details were the ones impacted by this breach. Meanwhile, Mixcloud has advised all customers to reset their passwords.
Looking at the growing data breach trend, it appears that no business is safe from cybercriminals. Last month, Singapore-based online fashion label Love, Bonito encountered a nasty data breach as well. The incident came to light when a “malicious code” made its way into the retailer’s ecommerce website. The compromised personal information included details such as customers’ first and last names, shipping addresses, dates of birth, email addresses, phone numbers, order details, billing addresses, payment type, and credit card information.
The fashion giant has clarified that the breach affected approximately three percent of its overall customers.
To avoid such data breaches from happening again, Love, Bonito has inked collaboration with a data security expert to carry out a forensic probe and scrutinize security controls.
Apart from informing the Personal Data Protection Commission and the police about the breach, the business major has decided to set up a credit monitoring service and advised clients to undertake a detailed review of their payment card and bank statements to identify the gaps.
The Straits Times
India-based telecom giant Airtel, currently ranked the third-largest mobile network in India, witnessed a massive security breach last month that exposed the personal information of over 300 million users.
Bengaluru-based security researcher Ehraz Ahmed identified the breach. Although Airtel rectified the security flaw in its app when informed, Ahmed said that the incident poses a security threat to every user part of Airtel network.
While confirming the breach, Airtel said that the security flaw associated with its app’s API (application programming interface) offered access to important user data such as name, emails, date of birth, residential address, and IMEI numbers, which help identify the device used.
City of Pensacola
A cyberattack hit the city of Pensacola, FL, impacting the computer networks, landlines, the 311 customer service lines, and online bill payments for Pensacola Energy and City of Pensacola Sanitation Services. Pensacola is home to over 50,000 residents.
According to an official statement, “The City of Pensacola’s Technology Resources Department is continuing to work diligently to address a cyberattack that occurred early Saturday morning, Dec. 7. As a result of the incident, Technology Resources staff disconnected computers from the city’s network until the issue can be resolved.”
Reports said that emergency dispatch services and 911 were available uninterrupted along with the city’s website (cityofpensacola.com) and online permitting services (mygovernmentonline.org). Until now, details related to how the breach happened, what type of data got compromised, or if it was a malware or ransomware-driven attack are not clear.
British American Tobacco
UK-based British American Tobacco (BAT) broke the news of a ransomware attack and data breach on its web platform that impacted close to 352 GB of data.
The hacked Elasticsearch server, located in Ireland, was comprised of a readme file with a ransom request that threatened to delete the data unless the demanded Bitcoin was fulfilled. The breach involved users’ sensitive Personally Identifiable Information (PII) such as full name, phone number, date of birth, gender, source IP, and cigarette and tobacco product preferences.
Noam Rotem and Ran Locar, internet privacy researchers from vpnMentor, discovered the breach on a server connected to the web platform YOUniverse.ro. According to vpnMentor, the web platform is part of a BAT Romania promotional campaign aimed at adult smokers.
Just a few days back after the Pensacola government faced a cyberattack, a ransomware attack hit the New Orleans government impacting over 4,000 of the city’s computer systems. Most city employees were unable to access the information they rely on to do their jobs. For example, the police were unable to run background checks during this time.
The Chief Administrative Officer, Gilbert Montano said, “The cost of rebuilding the city’s computer network is nearing $1 million.”
Security researchers last month uncovered a massive data leak comprising highly sensitive web-browsing records stored in the Elasticsearch database owned by South Africa-based IT company Conor. As part of a web-mapping project, vpnMentor’s research team identified the breach in Conor’s databases comprising more than 890 GB of data and over 1 million records.
The breach exposed data related to user activity logs comprising website URLs, IP addresses, index names, and MSISDN codes, which identify the mobile users on a particular network.
Conor develops software products for customers in Africa and South America from different sectors comprising finance, mobile internet, SMEs, and data monetization. Conor’s list of clientele includes Vodafone and Telkom.
A database belonging to TrueDialog became the target of a data leak when it allowed unauthorized access to information including text messages, names, and addresses. VPNMentor researchers identified the security loophole and notified TrueDialog, after which the database was closed. TrueDialog is an Austin-based SMS provider that allows US companies, colleges, and universities to send bulk text messages.
Because the compromised information includes more than 10 million SMS messages along with the technical log, it poses threats like corporate espionage, account takeover, identity theft, and phishing attempts.
China-based retailer LightInTheBox became the target of a data hack after it allowed open access to 1.3 TB of data containing 1.6 billion shopper records for 3 months last year.
VPNMentor discovered this major data lapse in November 2019. Soon after identifying the security gap, VPNMentor notified LightInTheBox. VPNMentor also said that the Chinese enterprise could have been successful in avoiding this security breach if they had implemented correct access rules and secured the servers.
VPNMentor’s Noam Rotem and Ran Locar said, “The exposed data makes those affected vulnerable to many forms of fraud and online attacks. With access to user emails, cybercriminals could create convincing phishing campaigns with emails imitating LightInTheBox. With a website user’s IP address, we were able to identify their city of residence. If a criminal hacker had access to this, along with the other data exposed, they could trick a victim into revealing their home address, and target them for theft and home robbery.”
Prominent British designer jewelry brand Missoma reported a data leak last month when a third-party malicious software targeted the online platform’s payments page. According to a notification issued by Missoma, customers’ Personal Information (PI), which may have included name, address, email address, long card number, and CVV number, were put at risk following the data hack.
The customers who bought items through PayPal were not impacted, although clients who used debit or credit cards face the risk of identity theft. The popular jewelry brand collaborated with external forensic experts to resolve the issue.
Facebook is in the news again. Over 267 million Facebook users became the target of a data breach last December when their Personal Information (PI) was exposed in an online database that collected names, Facebook IDs, and phone numbers. Cybersecurity firm Comparitech, in partnership with security researcher Bob Diachenko, found this gigantic data leak.
Reports state that the database made its first online appearance on December 4, and the public sharing of the data happened on December 12. Although the database isn’t available online currently, there are chances that the leaked information could get misused.
Researchers traced the origin of the database to Vietnam. The database was no longer available for access past December 19 after the researchers informed the internet service provider managing the IP address of the server.
Comparitech issued an advisory to Facebook users to modify their privacy settings to “friends” or “only me” option.
2019 proved to be a tough year for Facebook. In September last year, a similar database breach hit the social media giant that compromised over 400 million Facebook user IDs and phone numbers.
Pennsylvania-based Wawa Inc. confirmed a countrywide malware attack on its payment processing servers. The information security team of Wawa discovered the gap. The convenience store and gas station chain are expecting that the data hack may have gathered key customer information such as card numbers and customer names as early as March 4.
Wawa CEO Chris Gheysens said that the breach impacted customers who used in-store payment terminals and fuel dispensers. He further added that the malware doesn’t pose a threat to the customers who use credit cards now because the issue was resolved on December 12.
According to an official statement issued by Gheysens, “We take this special relationship with you and the protection of your information very seriously. I can assure you that throughout this process, everyone at Wawa has followed our long-standing values and has worked quickly and diligently to address this issue and inform our customers as quickly as possible.”
Presently, Wawa enjoys presence across 850 locations in Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington, D.C.
Meanwhile, Wawa suggested customers get in touch with its toll-free call center at 1-844-386-9559 for any issues and assistance.
Smart home security company Ring was in for a rude shock when information of 3,672 users became available online for unauthorized access. The breach impacted the Ring Camera users as the breached information included data related to usernames, emails, passwords, time zones, and details related to camera locations used at their homes.
The California-based, Amazon-owned business informed the impacted customers and requested them to reset passwords and opt for two-factor authentication to ensure account protection.
Security experts believe that the breached data format follows the company’s database format.
Don’t be the next data breach headline. Protect your data with PK Protect. Learn more with a free demo.