Patrick Domingues

Aerospace giant Airbus has become the latest victim to hackers, they said the company suffered a cyber attack that lead to a massive data breach which released billions of records onto the Dark Web.

“Airbus SE detected a cyber incident on Airbus ‘Commercial Aircraft business’ information systems, which resulted in unauthorized access to data,” the company says in a statement issued on Wednesday. “There is no impact on Airbus’ commercial operations.”

After reviewing the leaked records called “Collections #2-5” it contain a massive 2.2 billion stolen account records. Which is many millions of accounts shorter than the Collections #1 Dump

“2.2 billion records is a staggering number,” said Frederik Mennes, senior manager of Market & Security Strategy, Security Competence Center at OneSpan, via email. “Companies should remember that easy targets will continue to be exploited first, because cybercrime follows the path of least resistance. Applying multi-factor authentication may stop an

A database called Collection #1 has 773 million breached emails addresses has been found in a underground hacking forum. To date this is the largest sum of compromised accounts to year.

This database in size totals 87GB of data, it was seen being hosted on the MEGA cloud service but instantly removed after it was discovered. The data was split into 12,000 separate text files under a folder called “Collection #1” Even after the database was removed from MEGA Cloud it was instantly turned up in the Dark Web.

Check Your Email Addresses and Passwords in HIBP

Please do yourself a favor and go to https://haveibeenpwned.com/. This website will allow you to search a database hosted by HIBP that contains all the email’s and unique password’s that have ever been leaked into the dark web. 

… Read the rest

In October Hackers were successful in hacking into and obtaining the information that resides from within an HR Database. The amount of information extracted is potentially significant which compromised records from July 2006 to October 2018 from previous and current employees. There was an internal Memo sent Tuesday to NASA Employees and published at spaceref.com.

NASA did mention that it will assist employees with the help from identity protection services. “The agency is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure the latest security practices are followed throughout the agency,” a NASA spokesperson told Gizmodo.… Read the rest

The Facebook bug allowed 1,500 apps built by 800+ developers to view unposted private photos.

Friday Facebook disclosed that a bug in the platform enabled third-party apps to access unpublished photos of millions of users.  

When your writing a new post and upload a photo but do not finish posting it Facebook will store it in the database as a draft. This gave the third party app creators access to these drafts. 

Facebook has seen many other breaches, enough is enough. I’m sure there will be a class action lawsuit. I believe the reputation of Facebook has been continually tarnished by security issues and users are deeply thinking about disabling  their accounts. 

• Facebook Notice Of Vulnerability 

Marriott Data Breach hits 500 million Starwood guests. It was said that during the investigation, there had been unauthorized access to the Starwood network since 2014. The information copied from the Starwood guest  database over all this time were names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest (“SPG”) account information, dates of birth, gender, arrival and departure information, reservation dates, and communication preferences.

Starwood brands include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.

• List of hotels affected.
• More Details about the Data Breach

 … Read the rest

There was an attempted breach on DELL EMC customers using Dell.com. The company has been stressing customers to change their passwords.  Dell cybersecurity teams are still not sure on how hackers got access to the information on the website. They are not sure if it was due to vulnerabilities or other causes. But it was said they took proper measures to mitigate any further attacks.

Tuesday Dunkin’ Donuts posted an advisory on the website regarding to its credential stuffing attack on the companies data.

 What does This Credential Stuffing mean?

Dunkin Brands Inc. (“Dunkin’”) is writing to provide you with information regarding a recent
incident involving your DD Perks account. Although Dunkin’ did not experience a data security
breach involving its internal systems, we’ve been informed that third-parties obtained usernames
and passwords through other companies’ security breaches and used this information to log into
some Dunkin’ DD Perks accounts. One of these may have been … Read the rest

Octobers HealthCare.gov Data Breach Exposed Individuals Personal Information. The details that were surfaced about the data breach said that around 75,000 consumers were effected. Letters were sent out to affected people from the Centers for medicare and Medicaid Services and it said that the sensitive data exposed may have included Social Security numbers and a variety of other personal information including income, tax filing status, family relationships and immigration status. At least no Financial information was exposed this time around and none of the exposed data included patient diagnosis or treatments.

The  system that was hacked was connected to the Healthcare.gov website. Anyone that used it to sign up for a new insurance plan were compromised, hackers targeted the behind-the-scenes system that insurance agents used to help customers directly enroll in their new plans, and not the consumer Healthcare.gov site itself.

• More details can be found at CMS

 … Read the rest