Category Archives: Data Breach


Government Database On 92M Brazilians Found For Sale

A Government Database on 92 million Brazilians was found for sale on a dark web forum. Following a tip-off from a analyst known as Breach Radar, a BleepingComputer reporter investigated the auction of an alleged government database containing the personal information.

It was found that the seller called X4Crow was claiming that the database includes personal information such as names, mother’s name, gender, dates of birth and taxpayer IDs of the 92 million citizens. The data is sorted across provinces in Brazil, and a sample acquired by Ilascu verified the accuracy of this claim. BleepingComputer also has information to suggest that this is a government database.

Ionut Ilascu found that the database was being auctioned across multiple restricted access dark web marketplaces. The starting price for this 16GB, SQL format, database is $15,000

 

Read the rest

Comodo Forums Hacked By Exploiting vBulletin Flaw

Comodo, one of the largest SSL Security Certificate Authorities notifies that their vBulletin Forum has been hacked. Comodo Group reported that 170,000 forum users had their data stolen by a hacker who exploited a recently disclosed vulnerability in vBulletin’s internet forum software.

Comodo notifies its forum users

According to the announcement from Comodo, an attacker exploited the vBulletin security flaw on Sunday 11/30/2019; their action resulted “in a potential data breach on the Comodo Forums.”

The Comodo Forum is powered by the open-source Simple Machine Forum software but vBulletin is used on another board dedicated for product updates and discussions, which has far fewer members.

ITarian a Free MSP platform solution. It’s forums, also by Comodo, has 45,300 users and is on vBulletin. They published a similar announcement and the same recommendations.

What was affected?

It was found that the affected data includes forum usernames, names, e-mail addresses, IP … Read the rest


What Is A Data Breach?

A data breach is a security incident in which information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways. They are a costly expense that can damage lives and reputations and take time to repair.

Personally identifiable information — such as full names, credit card numbers, and Social Security numbers — is the most common form of data lost to data breaches, with personal financial information close behind.

Corporations and businesses are extremely attractive targets to cyber criminals, simply due to the large amount of data that can be nabbed in one fell swoop.

Why do data breaches occur?

Cybercrime is a profitable industry for attackers and continues to grow. Hackers seek personally identifiable information to steal money, compromise identities, or sell over the dark web. Data breaches can occur for a number of reasons, including accidentally, but targeted attacks are typically carried

Read the rest

DoorDash Data Breach Affects 4.9 Million People

DoorDash, a food-delivery service, disclosed a data breach affecting 4.9 million people. Drivers, restaurants, and customers are affected.

The company said in a blog post, user information was accessed by an unauthorized third party. Here’s a partial list of personal data that could have been affected.

  • Names
  • Email addresses
  • Delivery addresses
  • Phone numbers
  • Hashed and salted passwords (which can make the passwords indecipherable to third parties).

The DoorDash data breach occurred on May 4, 2019. Only users who joined the platform on or before April 5, 2018 were affected. Those nearly 5 million accounts include customers who order food, restaurants that prepare it, and “Dashers,” the drivers who deliver it.

What other information was accessed in the DoorDash data breach?

For some users, additional information was exposed in the DoorDash data breach. Here are the details and who might be impacted.

Customers. The DoorDash data breach accessed the last four digits … Read the rest


Point-Of-Sale Malware Found at 102 Checkers Restaurants

Checkers Restaurants suffered a cyber security breach according to a report by ZD Net, the company found Point-Of-Sale malware in 102 Checkers and Rally’s locations.

 

The Checkers released statement emphasizes that “not all Checkers and Rally’s restaurants were affected by this issue.” The business also announced that the Point-Of-Sale malware did not affect all the guests who visited the restaurant chain. To clarify, only those who paid during the said periods remain susceptible to security attacks.

The list of affected states includes Alabama, California, Delaware, Florida, Georgia, Illinois, Indiana, Kentucky, Louisiana, Michigan, and West Virginia. The list also includes the following states as well. Nevada, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Tennessee, and Virginia.

 

“We also are working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders,” Checkers said. “We encourage you to review your account statements and contact

Read the rest

FEMA Exposed PII for Millions of Disaster Victims

The Federal Emergency Management Agency (FEMA) exposed the personal identifiable information of 2.3 million individuals by oversharing data with a contractor. 

The individuals who were affected by hurricanes Harvey, Irma, and Maria, as well as the 2017 wildfires in California , had provided their information to the Federal Emergency Management Agency (Fema) while applying for transitional sheltering in hotels.

“Since discovery of this issue, Fema has taken aggressive measures to correct this error,” Fema press secretary Lizzie Litzow said in a statement. “Fema is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,” 

According to FEMA a network assessment found that the contractors network contain 11 vulnerabilities and so far only a few have been resolved. Since there has not been no indication of intrusion within the last 30 days which is how far back the logs go back, there … Read the rest


Oregon DHS fell victim to a targeted phishing attack

Nine employees Oregon department of Human Services managed to fall for a targeted phishing attack which compromised 350,000 patients and 2 million Emails. 

 

On a notice by the Cyber Security Team on January 28th determined that the email accounts were breached after nine employees fell to spear-phishing attack. The links they clicked on allowed hackers to access the employees email information. Oregon DHS  hired a third party security team to investigate the incident and determine what information was exposed.

 

The investigation revealed that the compromised email accounts contained around 2 million emails which included personal and medical data of patients.  The hacker had access to their full names, addresses, DOB’s , SSN’s and other details. During the investigation they did not find evidence that the data was copied from the systems.

 

This breach could have been avoided if there was proper cybersecurity awareness training regarding the types of threats that … Read the rest


Data Breach At UW Medicine

The data breach at SEATTLE’s UW Medicine exposed around 974,000 patient records. The files that web public did not contain anything too revealing, no medical or financial information or Social Security Numbers were available to be read. The content that was exposed were names, medical record numbers and descriptions.

How did this happen? A public facing server that hosts their websites had a vulnerability that caused the internal files to have the ability to be searched on the internet. Good news is, corrective actions have been made and files are no longer available.

 

“UW Medicine became aware of a vulnerability on a website server that made protected internal files available and visible by search on the internet on Dec. 4, 2018,” spokeswoman Susan Gregg said in a statement. “The files contained protected health information (PHI) about reporting that UW Medicine is legally required to track, such as reporting to various

Read the rest

Have I Been Compromised Online?

So, your clicking around on the internet and come across news of compromised companies and now your wondering have I been compromised online? Are my usernames and passwords available online? Unfortunately, the answer to your question is your information is probably in the dark web up for grabs for anyone to take.

 

Data breaches have become quite common and there isn’t anything you can do about other companies security and how they practice their cyber security protections. It is astonishing how many websites are hacked every day, if your registered on any given website your taking a gamble.

Web Hosting/Website Statistics and Facts 2019 from hostingfacts.com 

  • As at December 2018, there are approximately 1.94 billion websites in the world.
  • The world’s first website was published on August 6, 1991 by British physicist Tim Berners-Lee.
  • 8 percent of all Internet traffic comes from bots, while only 48.2 percent of internet traffic
Read the rest

The Decorating Website Houzz Was Breached

The decorating website called Houzz stated that account usernames and passwords have been compromised by an unknown source. They also mentioned if their users also logged into Houzz using Facebook, their user’s public Facebook ID was exposed as well.

Houzz quickly sent emails to their users base to urge them to change their passwords.

“Houzz recently learned that a file containing some of our user data was obtained by an unauthorized third party,” which was stated on their website. “The security of user data is our priority. We immediately launched an investigation and engaged with a leading forensics firm to assist in our investigation, containment and remediation efforts. We have also notified law enforcement authorities.”

When did they find out about this incident?

“We learned about the incident in late December 2018 and immediately engaged with a leading forensics firm to assist in our investigation, containment, and remediation efforts.”

Read the rest