Welcome to The Dashlane Tech Check for September 8, 2017! I’ll help you catch up on Dashlane news and the biggest headlines in the tech and information security industry. And, just for fun, I’ll include a useful life hack that will keep your personal and work-related data secure all year long.
Data Breach Center
Millions of names, email addresses, phone numbers, Social Security numbers, and many more documents containing sensitive information was exposed in several unrelated data breaches this week.
Sensitive data for 143 Million US Equifax customers were exposed in a data breach. Here’s everything you need to know.
Credit reporting company Equifax announced Thursday that a “cybersecurity incident” could potentially affect up to 143 million of its US customers. This story is still developing, but visit our blog post for more information on everything we know so far.
6 Million Instagram accounts were stolen and on sale for $10 each
In last week’s Tech Check, we noted Instagram has notified verified members that “one or more” hackers compromised some private information of high-profile stars, according to BCC News. However, it appears hackers exploited the app’s API to steal more than 6 million “high-profile” Instagram accounts, compromising both phone numbers and email addresses, but not passwords.
According to The Hacker News, the information for millions of politicians, star athletes, and media companies are now searchable on a website called Doxagram for a little at $10 per account. However, the website has since been taken down, and Domain Name Wire reports that Instagram is now registering similar domain names.
Cybersecurity vendor RepKnight has identified 500 affected celebrities, including Emilia Clark, Taylor Swift, Adele, Beyoncé, Ronaldinho, and Harry Styles. However, it’s unclear if this data breach is related to a hack of singer Selena Gomez’s Instagram account–the most followed account on the platform–last week. The company has notified the owners of the affected accounts about the breach, and advised them to be cautious of suspicious emails, phone numbers, and text messages.
Social media site Taringa suffered a data breach compromising 28 million accounts
Taringa, a Reddit-like social media platform based in Latin America, suffered a massive data breach, which compromised 28 million user accounts. According to InfoSecurity Magazine, compromised data includes usernames, email addresses, and hashed passwords using the weak MD5 (128-bit) algorithm. The company published a notice to users, saying they’ll forcing a password reset for users. If you’re a Taringa user, change your password immediately, especially if you’ve reused that password on other accounts.
Third-party data breach exposes about 4 million of Time Warner Cable subscribers
Approximately 4 million Time Warner Cable subscribers’ records were found on insecure Amazon S3 databases according to Gizmodo. More than 600GB of files were discovered and linked to BroadSoft, a third-party communications company that partners with Time Warner Cable and AT&T. One of the databases exposed records potentially compromised usernames, emails, device serial numbers, MAC addresses, and financial transaction information. Other databases include billing addresses, phone numbers, and other contact information, as well as internal company records such as SQL database dumps, internal emails, and code containing credentials to some external systems.
Charter Communications, the parent company of Time Warner Cable, released a statement saying: “There is no indication that any Charter systems were impacted. We encourage customers who used the MyTWC app to change their usernames and passwords. Protecting customer privacy is of the utmost importance to us. We apologize for the frustration and anxiety this causes, and will communicate directly to customers if their information was involved in this incident.”
Data breach exposes thousands of former and current US government intelligence workers
According to Gizmodo, thousands of records of current and former US government workers were exposed by an unsecured Amazon server for nearly a year. About 9,400 documents were found in a folder labeled “resumes” on an Amazon S3 bucket that was not password protected. The file revealed the curriculum vitae of thousands of former and possibly currently employees with Top Secret security clearances employed by the US Department of Defense and other US government intelligence agencies.
Mexican tourism company leaks thousands of travelers’ credit cards and passports
Security researchers from Kromtech Security Center discovered 88,600 scanned images of international travelers’ credit cards and passports. According to Gizmodo, the data belongs to a Mexican tourism company, MoneyBack, and was stored in a misconfigured database located in the US. Kromtech found more than 455,000 documents, including credit cards, passports, travel receipts, airline tickets, and other government-issued IDs.
What in the (Security) world?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
Phishing email campaign sends ransomware to more than 23 million recipients
According to The Hacker News, security researchers have spotted two email campaigns sending two different variations of the Locky ransomware.
In the first campaign contained the Locky Lukitus ransomware variant that was sent to more than 23 million recipients in just 24 hours. The emails had vague subject lines like “please print” or “documents” and contained a malicious ZIP attachments. If a victim opens the attachment, the ransomware will encrypt all of the files on their computer, and then displays a ransomware message demanding 0.5 Bitcoin (~$2,300 USD) to retrieve those files.
In the second campaign, more than 62,000 emails were sent over a period of three days to recipients. The Locky IKARUSdilapidated variant acts similarly to the Lukitus variant: it infects a victim’s computer via a malicious Visual Basic Script (VSB) attachment and later demands between 0.5 Bitcoin and 1 Bitcoin (~$4,623 USD) in ransom.
Canadian university defrauded of $11.8 million following a phishing attack
Members of MacEwan University in Edmonton, Alberta fell for a phishing attack resulting in a $11.8 million loss. According to InfoSecurity Magazine, staff members were tricked into changing the electronic banking information for one of the school’s vendors to a bank account owned by the cyber criminals. After the scam was discovered, the school launched a criminal and civil investigation and found the stolen money in bank accounts located in Canada and Hong Kong.
The school has since implemented new security measures to prevent future security incidents, and has also acknowledged that their process of “changing vendor banking information were inadequate, and that a number of opportunities to identify the fraud were missed.”
MongoDB admins warned of ransomware-like attacks
Tens of thousands of MongoDB admins are now prime targets for ransomware-like attacks, that have already compromised 22,000 servers. According to InfoSecurity Magazine, attackers searched for publicly accessible databases still using default settings, delete the stored data, and replace it with this ransom note: “We have your data. Your database is backed up to our servers. If you want to restore it, then send 0.15 BTC [$650] and text me to email, just send your IP-address and payment info. Messages without payment info will be ignored.” To date, the attackers have collected more than BTC 24 ($110,100 USD) from about 76,000 victims.
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check!