Back in December of 2016, there was word that more than 1 Billion users were impacted by the 2013 Yahoo data breach, but unfortunately that number was way off. It was more like 3 Billion accounts were indeed stolen. Four months after Verizon acquired Yahoo’s core internet assets, it revealed that every single customer account had been breached including email, Tumblr, Fantasy and Flickr.
Google put a stop to this one in about an hour, but even during that time, they estimated that 1 million users may have been affected. Gmail users were targeted in a sophisticated phishing scam that were trying to get access to accounts through a 3rd party app.
Hackers recently targeted both customers and users with a malware phishing attack. Only one of the systems were breached, but they were still able to obtain email addresses. This led to a malicious email campaign that prompted recipients to click and download a Microsoft Word document that contained malware. If you have received a suspicious DocuSign Email, forward it to firstname.lastname@example.org. Remember to ONLY access documents directly through the DocuSign website and not by clicking email links.
Known as the largest maker of point-of-sale credit card terminals, this company discovered a data breach of its internal network back in January 2017. The breach did not affect the payment services network, but did affect the corporate network. The data breach was immediately handled but sources say there is evidence that a Russian hacking group is responsible. The hackers may have been inside Varifone’s network since the mid 2016, but this has yet to be confirmed.
A data breach attack that started at 2 am PST on May 31, was shut down by 9 am, OneLogin reports. OneLogin allows users to manage logins to multiple sites and apps through a cloud-based platform. While this company provides services for about 2,000 companies in 44 countries, over 300 app vendors and more than 70 software-as-a-service providers, they are not too sure of the full extent of this data breach. They do know, that customer data was compromised, including the ability to decrypt encrypted data and the investigation is ongoing.
River City Media
Thanks to Chris Vickery, a security researcher for MacKeeper, a leak called “Spammergate” was found and reported to the authorities right away. A group of spammers that operate under the name of River City Media, unknowingly released their private data into cyberspace after they failed to properly configure their backups. The “bad guys” leaded information including: HipChat logs, domain registration records, accounting details, infrastructure planning, production notes, scripts, business affiliations….not to mention 1.4 billion email accounts, IP addresses, full names and some physical addresses.
Law enforcement is involved, but it is unclear as to what will happen with River City Media.
Deep Root Analytics
Chris Vickery, a cyber risk analyst, who has discovered other well known data breaches…including ones in this article, has discovered that the sensitive information collected by Deep Root Analytics, has exposed important personal information of U.S. voters. The Republican National Committee had hired Deep Root Analytics to gather political information last year, which has now affected roughly 198 million American citizens. Their personal information was stored on an Amazon cloud server without a password protection for almost two weeks. Compromised informatino included names, dates of birth, home addresses, phone numbers, and voter registration details. Since that time, they have updated the access settings and have put protocols in place to prevent further issues.
Just like the River City Media breach we mentioned just above, where the “bad guys” had information stolen….well it happened again to an online spambot. The data breach this time however is larger. This one involves 711 million records, including email addresses and some passwords, with the goal of sending spam emails. They had forgotten to secure the server the data was kept on. It is currently unknown as to how many other people have found this database and are using it for their own negative purposes.
This was another discovery by Chris Vickery, of UpGuard. We have mentioned him in this post a few times as being the founder of some horrible data breaches! If you have contacted Verizon’s customer service in the past 6 months, you may have been one of the 14 million subscribers that were affected by this data breach. Apparently records taken were held on a server controlled by Israel based Nice Systems. Although Chris reported this data breach to Verizon in late-June, it took more than a week to secure this breached data. The data that had been obtained were log files that had been generated once a customer contacted Verizon via phone.
More than half a million customer records were leaked during this data breach. SVR Tracking, a company out of San-Diego, provides a service for auto dealerships and lot owners to be able to locate and recover vehicles. On September 20, Kromtech Security Center informed SVR Tracking of its findings in regards to 540,642 records that were unsecured in an Amazon S3 bucket. The bucket was secured within 3 hours, but they are unsure as to how long the information was publicly available online. The sensitive information that was leaked included: email addresses, passwords, licence plate numbers, VINs, as well as the ability to see every single place a vehicle has been in the last 120 days.
Once named the “best cybersecurity consultant in the world” by Gartner, has been a target of the latest data breach. This multinational professional services firm, failed to employ a two-factor authentication, and when hackers acquired a single password from an administrator of the firm’s email account, they were then able to access all areas of the email system. Deloitte insists that only a small fraction of its clients were affected, but this was indeed an embarrassing situation for the company.
Saks Fifth Avenue
The Canadian company Hudson Bay, who owns Saks Fifth Avenue had their own data breach in which tens of thousands of customers information was visible on a page through their website. The page was where customers could join a wait list for products they may be interested in, but it was possible to see email addresses, phone numbers, products codes and IP addresses. BuzzFeed was the company that broke the news and once Saks Fifth Avenue were informed, they removed the page immediately. They are still unclear as to how this happened, who did it or which customers may have been effected.
As one of the three largest credit agencies in the U.S., it was alarming to hear of this data breach. It has been called one of the worst in history, with it affecting 143 million consumers and their extremely sensitive information. From Mid May to July of this year, hackers had access to the company’s system, by exploiting a weak point in the website software. Information leaked included: Full names, addresses, dates of birth, Social Security numbers, driver’s license numbers, credit card numbers and other personal information.
E-Sports Entertainment Association (ESEA)
Roughly 1,503,707 records were stolen from one of the largest video gaming communities in December 2016. Unfortunately, how many people were affected is still unclear. Some of the information they believe was leaked included: registration date, city, state, last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID.
Xbox 360 ISO and PSP ISO
Back in September 2015, it was revealed that Xbox 360 ISO and PSP ISO had been hacked. The sensitive user information was taken from roughly 1.2 million Xbox 360 ISO users and 1.3 million PSP ISO users. The information that may have been taken was: e-mail addresses, IP addresses, username and passwords.