Archive for Hacked

Freedom Mobile Suffers Data Leak….Credit Cards, Email Addresses, And More Exposed

Posted in Commentary with tags , on May 7, 2019 by itnerd

If you are a Freedom Mobile customer, you might have a very good reason to be concerned about the security of your personal information. According to Tech Crunch, a server belonging to Canada’s fourth largest telco is leaking data:

Security researchers Noam Rotem and Ran Locar found an Elasticsearch server leaking five million logs containing customer data. The server wasn’t protected with a password, allowing anyone to access the data.

Rotem and Locar, who shared their findings exclusively with TechCrunch and published his report at vpnMentor, said it took the cell giant a week to secure the leaking database after first reaching out.

The database is believed to be part of a logging system used by the company to determine errors and glitches in the company’s systems. The database recorded any errors and the plaintext data associated with it, including customer data.

Data seen by TechCrunch reveals customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types, and Freedom Mobile account numbers.

The logs also answers to credit checks filed through Equifax, including details if an application was accepted or rejected — along with the reason why.

We also found full credit card numbers, expiry dates and verification numbers stored in plaintext.

None of the data was encrypted.

This is a #EpicFail on the part of Freedom Mobile. Partially because the server was leaking data, and partially because someone else had to tell Freedom Mobile about it which implies that the company wasn’t on the ball. Now 15000 customers were affected and the server was secured after the researchers told them about it. Though Freedom Mobile all but tossed a company called Apptium who managed the server under the bus for this. No matter. It’s being investigated by the Office of the Privacy Commissioner and I hope they dole out the right level of punishment as this sort of thing simply cannot go unpunished.

Advertisements

Citrix Pwned….. Iran Connected Hackers May Have Scooped Up 10TB Of Data

Posted in Commentary with tags , on March 11, 2019 by itnerd

According to Resecurity president Charles Yoo, Citrix has been the victim of an absolutely epic hack where as much as 10 TB of data might have been stolen. Apparently the hack was focused on assets related to NASA, aerospace contracts, Saudi Arabia’s state oil company and the FBI. And Citrix CSIO Stan Black has written a blog post confirming the attack. Here’s the kicker, the hackers, who are tied to the Iranian government, used a technique called “password spraying” where attackers guess at weak passwords, and then work their way up to bigger attacks once inside. And speaking of being inside, the hackers might have been inside the Citrix network for as much as a decade before swiping all that data.

Yikes.

The FBI is investigating and I am sure given what is known about this hack, heads inside the IT department should (if there is any decency in the world) be rolling as I type this. I say that because it’s one thing to be pwned by hackers. But it’s another thing entirely to be pwned for a decade without anyone noticing. That my friends illustrates that someone inside the Citrix IT department was truly asleep at the switch.

This Latest Data Breach Has 617 Million People Affected…. Sadly, That’s Not Big Anymore

Posted in Commentary with tags on February 13, 2019 by itnerd

Another day, another data breach. This time The Register has news on a data breach that affects….. wait for it…. At least 617 million accounts:

Some 617 million online account details stolen from 16 hacked websites are on sale from today on the dark web, according to the data trove’s seller.

For less than $20,000 in Bitcoin, it is claimed, the following pilfered account databases can be purchased from the Dream Market cyber-souk, located in the Tor network:

Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp (700,000).

It’s been confirmed that the data breach is real and affected sites are alerting their users and taking measures to try and protect their users. And the fact that the data is up for sale means that the effects will go on for months and years. Still, it’s not as big as the data breach that involved 2.2 billion accounts that came to light earlier this year. But it is still scary.

As for how you can protect yourself, you can visit Hunt’s Have I Been Pwned service to see if you are affected by this breach.

 

VFEmail.net Pwned…. ALL Customer Emails Deleted

Posted in Commentary with tags on February 13, 2019 by itnerd

Hackers have breached the severs of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers’ data in the process:

The attack took place yesterday, February 11, and was detected after the company’s site and webmail client went down without notice. “At this time, the attacker has formatted all the disks on every server,” the company said yesterday. “Every VM is lost. Every file server is lost, every backup server is lost. This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy,” VFEmail said. The company’s staff is now working to recover user emails, but as things stand right now, all data for US customers appears to have been deleted for good and gone into /dev/null.

/dev/null is a UNIX/LINUX term for a deletion point with little to no hope of recovery. Think of a trash can that burns anything put into it. Which means that any customer who hosted email on this platform is likely screwed. I have to admit that I was blown away by the scale of this attack, and the fact that it was an attack in the purest sense. I can’t recall seeing anything like this before. I have to wonder if this is the start of a trend.

Another thing that popped to mind. Why did this happen in the first place? Why was this firm a target for this attack? I guess we’ll never know that.

Another Day…. Another Data Breach… 773 MILLION Records Exposed

Posted in Commentary with tags on January 17, 2019 by itnerd

A collection of almost 773 million unique email addresses and just under 22 million unique passwords were exposed on cloud service MEGA. Security researcher Troy Hunt said the collection of data, dubbed Collection #1, totaled over 12,000 separate files and more than 87GB of data. Here’s what Troy Hunt had to say:

What I can say is that my own personal data is in there and it’s accurate; right email address and a password I used many years ago,” Hunt wrote. “In short, if you’re in this breach, one or more passwords you’ve previously used are floating around for others to see.” Some passwords, including his own, have been “dehashed”, that is converted back to plain text. Hunt said he gained the information after multiple people reached out to him with concerns over the data on MEGA, with the Collection #1 dump also being discussed on a hacking forum. “The post on the forum referenced ‘a collection of 2000+ dehashed databases and Combos stored by topic’ and provided a directory listing of 2,890 of the files,” Hunt wrote. The collection has since been removed.

You can visit Hunt’s Have I Been Pwned service to see if you are affected by this breach. I strongly suggest that you that right now.

BREAKING: Marriott Pwned…. 500 Million Guests Affected

Posted in Commentary with tags on November 30, 2018 by itnerd

The news is breaking that hotel chain Marriott has been pwned by hackers. Specifically what has been pwned is the Starwood reservation database which they got when the bought a bunch of hotels in India and Germany a couple of years ago. Now this is a hack that affects me personally as I’ve stayed in Marriott properties over the last two years which makes me one of the 500 million people who have been affected. What’s really scary about this is that hackers have had access since 2014 but the hotel chain only figured that out last week.

All together now: Whiskey Tango Foxtrot?

Here are more specifics:

For 327 million people, Marriott says the guests’ exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.

Marriott warns that it can’t confirm if the hackers were able to decrypt the credit card numbers.

A website has been set up and affected guests will be contacted. But this is really bad and those affected by this like yours truly should take action ASAP to protect themselves.

UPDATE: One of those affected by this hack was well known hacker Kevin Mitnick who said this:

He’s right. Companies need to seriously step up their game in order to stop stuff like this from happening. Marriott needs to slapped silly by the relevant authorities in order to send a message that this isn’t acceptable.

Canada Post Pwned…. 4500 Cannabis Customers Had Their Data Swiped

Posted in Commentary with tags , on November 8, 2018 by itnerd

Cannabis has been legal in Canada for the last few weeks. And if you live in Ontario, the only way to buy Cannabis legally is online via a government run store who will deliver your stash to you via Canada Post. Too bad Canada Post had to announce that they got pwned:

The postal service said in a statement that someone had used its delivery tracking tool to gain access to personal information of 4,500 customers of the Ontario Cannabis Store but declined to identify the information.

And it seems that the Ontario Cannabis Store is accusing Canada Post of being slow to act:

In a statement on Wednesday, the Ontario Cannabis Store said it referred the matter to the province’s privacy commissioner. The statement also said the store had “encouraged” Canada Post to take immediate action to notify its customers.

“To date, Canada Post has not taken action in this regard,” the store said in its statement. “Although Canada Post is making its own determination as to whether notification of customers is required in this instance, the OCS has notified all relevant customers.

So if you bought some weed from the Ontario Cannabis Store, you might have someone reaching out to you.

Now my first thought upon reading this, beyond my usual reaction of “I hope that someone slaps the relevant parties silly for this data breach”, is that this is a huge problem. For example, one could be barred from traveling to the US or to other companies if it became known that you smoked the stuff. Thus there needs some serious questions answered by both Canada Post and the Ontario Cannabis Store.