The Week in Breach News: 2/3/21 – 2/9/21
From Spotify being hit with the second credential-stuffing attack in the last three months, to Washington State’s unemployment claims data hack, here’s what you need to know about the latest security breaches from around the globe from ID Agent.
Read the full article from the news source at IDAgent.
United States – Washington State Auditor
Exploit: Third Party Data Breach
Washington State Auditor: Regional Government Regulator
Risk to Business: 1.379 = Severe
The unemployment claims data of more than 1 million people in Washington State has been reported as stolen in a hack of software used by the state auditor’s office. The State announced the breach after receiving notice that it was involved through a third party service provider, Accellion, a software provider the auditor’s office uses to transfer large computer files. the breach affects the personal information of people who filed for unemployment claims with the Washington Employment Security Department (ESD) between Jan. 1, 2020, and Dec. 10, 2020, and included a total of 1.6 million claims. Those claims represent at least 1.47 million individuals, according to data from the ESD website.
Individual Risk: 1.379 = Severe
The data breach involved claimants’ names, Social Security numbers and/or driver’s license or state identification number, bank information, and place of employment. The state auditor has set up a web page for people who think their personal information could have been exposed in the data breach.
Customers Impacted: 1.40 million or more people
How it Could Affect Your Customers’ Business: Data like this is sought-after by cybercriminals to power phishing operations. Unfortunately for these folks, it often hangs around for years on the Dark Web, acting as fuel for future cybercrime.
ID Agent to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>
United States – DriveSure
https://www.scmagazine.com/home/security-news/data-on-3-2-million-drivesure-users-exposed-on-hacking-forum/
Exploit: Hacking
DriveSure: Customer Retention Platform
Risk to Business: 2.211 = Severe
Hackers dropped data on 3.2 million DriveSure users on the Raidforums hacking boards late in January. One leaked folder totaled 22 gigabytes and included the company’s MySQL databases, exposing 91 sensitive databases. The databases range from detailed dealership and inventory information, revenue data, reports, claims and client data. A second compromised folder contained 11,474 files in 105 folders and totals 5.93 GB, likely a repository of backup data.
Individual Risk: 2.325 = Severe
The information exposed included names, addresses, phone numbers, email addresses, IP addresses, car makes and models, VIN numbers, car service records and dealership records, damage claims and 93,063 bcrypt hashed passwords.
Customers Impacted: 3.2 million
How it Could Affect Your Customers’ Business Data isn’t always stolen via ransomware – sometimes it’s just old-fashioned hacking. That’s one reason why it’s essential to use a secure identity and access management solution to keep hackers locked out.
ID Agent to the Rescue: Multifactor authentication can stop up to 99% of cyberattacks, and that’s just one piece of the security toolkit that you get when you start using Passly. LEARN MORE>>
United States – WestRock
https://www.securityweek.com/packaging-giant-westrock-says-ransomware-attack-impacted-ot-systems
Exploit: Ransomware
WestRock: Packaging Manufacturer
Risk to Business: 2.779 = Extreme
Packaging giant WestRock has experienced a ransomware attack that has impacted both its manufacturing and IT environments, severely impacting production. The company has noted in an announcement to shareholders that it expects that continued delays during the recovery and cleanup process are expected.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware can be especially devastating to manufacturing companies by not just impacting office business but halting production, leading to a cascade effect.
ID Agent to the Rescue: Ransomware is almost always the result of a successful phishing attack. BullPhish ID prepares staffers to spot and stop phishing attacks, putting everyone on the IT team. SEE IT IN ACTION>>
United States – SN Servicing Company
https://www.scmagazine.com/home/security-news/mortgage-loan-servicing-company-discloses-ransomware-attack-to-multiple-states/
Exploit: Ransomware
SN Servicing Company: Mortgage Loan Services
Risk to Business: 2.022 = Severe
SN Servicing, the California-based servicing arm of Security National Master Holding Company, disclosed a data breach impacting clients in Vermont and California. The incident was also reported by the Egregor ransomware gang. SN Servicing says that it has engaged a third party team of investigators to determine the scope of the incident.
Individual Impact: 2.171 = Severe
The stolen data appears to be related to billing statements and fee notices to customers from 2018, including names, addresses, loan numbers, balance information, and billing information such as charges assessed, owed, or paid. Clients should be aware of potential spear phishing and identity theft risks.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is around every corner these days, and just one misclick on a phishing email can spell disaster.
ID Agent to the Rescue: Ransomware comes in the wake of a phishing attack. Are you taking the right precautions against it? Read Phish Files to be sure that you’re using the right strategy! READ IT>>
United States – Spotify
Exploit: Credential Stuffing
Spotify: Streaming Music Service
Risk to Business: 1.668 = Severe
Spotify has returned for another appearance with a credential stuffing disaster eerily similar. This time, data for approximately 100k users appeared in an Elasticsearch instance spotted by researchers. This is distinctly different data than the load that researchers discovered in November 2020.
Risk to Business: 1.802 = Severe
No specifics were listed about the stolen data, but Spotify users should reset their account passwords and be on the lookout for spear phishing attempts.
Customers Impacted: 100K+
How it Could Affect Your Customers’ Business: Protection against credential stuffing isn’t something that a company like Spotify should struggle with, and suffering two credential stuffing incidents in one quarter shows a sloppy attitude toward security.
ID Agent to the Rescue: Choose Passly to secure the gateways to your systems and data quickly and affordably with a multipronged solution that covers your bases. SEE IT IN ACTION>>
France – StormShield
https://www.zdnet.com/article/security-firm-stormshield-discloses-data-breach-theft-of-source-code/
Exploit: Hacking
StormShield: Cybersecurity Firm
Risk to Business: 1.711 = Severe
French government contracting cybersecurity firm StormShield has confirmed that cybercriminals were able to gain access to one of its customer support portals and stole information on some of its clients. The hackers also gained access to some source code for StormShield Network Security (SNS) firewall, an upcoming tool designed for government use. The intruders may have also accessed personal and technical data for some of its customers, its tech support portal and the Stormshield Institute customer training portal.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Even cybersecurity experts can get tripped up by hackers. Taking extra precautions to update security awareness training and bolster access point security is always a good idea.
ID Agent to the Rescue: In Our Security Awareness Champion’s Guide, you’ll learn the details of how cybercriminals conduct today’s nastiest cyberattacks and how to beat them. GET THE BOOK>>
Luxembourg – European Volleyball Confederation
https://www.forbes.com/sites/barrycollins/2021/01/30/britains-smartest-peoplemensafail-to-secure-passwords-properly/?sh=25d023bf43f5
Exploit: Unsecured Database
European Volleyball Confederation: Sports League
Risk to Business: 2.625 = Moderate
A publically accessible Microsoft Azure blob belonging to the European Volleyball Confederation led to the exposure of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. The blob also contained thousands of headshots of volleyball players from Europe, Russia, and other countries in both the ‘backup‘ directory and an ‘AccreditationPhotos‘ subfolder.
Individual Risk: 2.601 = Moderate
Members of the league and journalists who cover it should be vigilant for identity theft and spear phishing attempts that use this data.
Customers Impacted: 21,000
How it Could Affect Your Customers’ Business: Failure to secure a database, especially one that contains sensitive data, is a rookie mistake that can cost you a fortune.
ID Agent to the Rescue: Make sure that the sensitive information you control is strongly protected with cutting edge secure identity and access management from Passly. LEARN MORE>>
Australia – Oxfam Australia
https://www.bleepingcomputer.com/news/security/oxfam-australia-investigates-data-breach-after-database-put-up-for-sale/
Exploit: Hacking
Oxfam Australia: Charitable Organization
Risk to Business: 2.006 = Severe
A donor database for Oxfam Australia was discovered by cybersecurity researchers. Oxfam Australia is a charity focused on alleviating poverty within the indigenous Australian people. A threat actor was attempting to sell the Oxfam Australia contact and donor information for 1.7 million people. The incident is under investigation.
Individual Risk: 2.719 = Moderate
The exposed information appears to be limited to donor names, email addresses, addresses, phone numbers, and donation amounts. No financial information was exposed.
Customers Impacted: 1.7 million donors
How it Could Affect Your Customers’ Business: Hacking is an ever-present menace, and organizations that have a strong security plan coupled with high cyber resilience are more likely to make it through an incident with minimal damage.
ID Agent to the Rescue: Read our eBook The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity failures. READ THE BOOK>>
Australia – SitePoint
https://www.zdnet.com/article/webdev-tutorials-site-sitepoint-discloses-data-breach/
Exploit: Third Party Data Breach
SitePoint: Web Development Education Resources
Risk to Business: 1.616 = Severe
Web developer education platform SitePoint has disclosed a security breach this week in emails sent to some of its users after a threat actor listed a collection of one million SitePoint user details for sale on a cybercrime forum. SitePoint has now initiated a password reset on all accounts and is asking users to choose new ones that are at least ten characters long.
Individual Risk: 1.711 = Moderate
The stolen passwords were hashed with the bcrypt algorithm and salted, but SitePoint encourages users who may be recycling their password elsewhere to reset those accounts too.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Password reuse and recycling is endemic, and it can lead to a world of cybersecurity trouble.Add protections that blunt the impact of a reused (and compromised) password.
ID Agent to the Rescue: Limit the damage that can be done to your company with a recycled or compromised password with affordable, multifunctional secure identity and access management starring Passly. SEE IT IN ACTION>>
Read the full article at the source from ID Agent here.
TECHNOLOGY SOLUTIONS FROM JK CONSULTING
JK Technology Solutions is a Chicago-Based IT Consulting Company with over 100 years of combined engineering experience. Our Managed Services program rivals some of the best in the business for half the cost.
Our mission is to provide the highest quality service and solutions to businesses and individuals alike with the ability to work with any budget. We have built a team of support professionals with website, hardware, software and network experience in both the corporate and residential markets. We’ve also integrated our services into more than 30 different commercial markets.