Tag Archives: Data Breach

Posted on Author Atlantic Computer Services Categories Blog

Millions Of MySQL Server Users’ Data Found On The Internet

Do you maintain a MySQL server?  If so, you’re certainly not alone.  What you may not know is that according to research conducted by The Shadowserver Foundation, (a cybersecurity research group) there are literally millions of MySQL servers visible on the internet that shouldn’t be. In all, the group found more than 3.6 million MySQL servers visible on the web and using the default port, TCP port 3306.

The company noted that they did not check for the level of access possible, or the exposure of specific data. The fact remained that the server itself was visible and that alone was a security risk, regardless of any other factors.

The United States led the world in terms of total number of exposed servers, with just over 1.2 million, but there were also substantial numbers to be found in Germany, Singapore, the Netherlands, and China.

The company broke their scan down in much more detail and granularity in their report.

Here are the highlights:

  • Total exposed population on IPv4: 3,957,457
  • Total exposed population on IPv6: 1,421,010
  • Total “Server Greeting” responses on IPv4: 2,279,908
  • Total “Server Greeting” responses on IPv6: 1,343,993
  • 67 percent of all MySQL services found are accessible from the internet

And here’s the bottom line:  An exposed MySQL server has serious security implications that can lead to a catastrophic data breach that sees a company lose control of proprietary data or sensitive customer data.

In addition to that, it can give hackers an easy inroad to mine your network with a wide range of malware, allowing them to siphon data from you in real time and over an extended period. They can also wholesale encrypt your files and demand a hefty ransom to regain access.

None of those outcomes are good for your company, so if you’ve got a MySQL server, check to be sure it’s properly secured today.

0
Posted on Author Atlantic Computer Services Categories Blog

General Motors Customer Data Leaked By Credential Stuffing Attacks

Do you own a Chevrolet, Buick, GMC, or Cadillac?  If so, be aware that GM recently acknowledged that they fell victim to a credential stuffing attack a little over a month ago.

The attack exposed some customer information to the attackers and allowed them to redeem an undisclosed number of rewards points for gift cards.

The company said that they detected suspicious network activity between April 11th and April 29th of 2022.  In a letter sent to those impacted by the breach, GM indicated that they would be restoring rewards points for everyone who was impacted.

While it’s small consolation, it’s worth noting that this isn’t a case of the company being hacked.  Credential stuffing attacks see the threat actors use many different usernames and passwords purchased from the Dark Web in a wholesale attempt to find a combination that will work on a given website.  The company stressed that there is no evidence the attackers gained this information from GM’s network itself.

If you were among the impacted customers, be aware that the following information was exposed:

  • Customer first and last name
  • Personal email address
  • Personal physical address
  • Username and phone number for registered family members tied to the account
  • Last known and saved favorite location information
  • Currently subscribed OnStar package (if applicable)
  • Family members’ avatars and photos (if uploaded)
  • Profile picture
  • And search & destination information

The attackers may have also gained access to less useful information such as car milage history, service history, Wi-Fi Hotspot settings, emergency contact information and the like.

As breaches go, this one wasn’t as bad as many of the others we’ve heard about thus far this year. However, armed with the information above, a hacker would certainly have enough details to steal someone’s identity. So be warned and stay vigilant.

0
Posted on Author Atlantic Computer Services Categories Blog

Large Company Snap-On Tools Recently Hit By Data Breach

If you have any tools in your garage, odds are good that at least a few of them are Snap-on tools.  The brand is ubiquitous in the United States and the company is one of the leading manufacturers globally. They sell under a variety of different brand names and some of them you may not have heard of. Their brands include including Norbar, Blue-Point, Blackhawk Mitchell1, and Williams.

Recently, the Snap-on corporation disclosed that the company had been the victim of a successful data breach, making them the latest in an unending succession of large companies to feel the sting of hackers.

For their part, a representative from Snap-on had this to say about the incident:

“In early March, Snap-on detected unusual activity in some areas of its information technology environment. We quickly took down our network connections as part of our defense protocols, particularly appropriate given heightened warnings from various agencies.

We launched a comprehensive analysis assisted by a leading external forensics firm, identified the event as a security incident, and notified law enforcement of the incursion.

We believe the incident involved associate and franchisee data including information such as: names, Social Security Numbers, dates of birth, and employee identification numbers.”

The company is in the process of reaching out to their impacted customers. If you do business with Snap-on and don’t want to wait, contact them right away to find out if you’re one of the people whose data was compromised by the incident.

If you were impacted, know that the company is offering a one-year free subscription to the IDX identity theft protection service. That is small consolation, but still something.

Unfortunately, Snap-on’s initial response to the breach was a bit disorganized with tweets going out from associated brands before there was formal communication from Snap-on itself.  This led to a bit of backlash from their users which is entirely understandable.

Any time a crisis like this occurs a cool head and seamless, well-orchestrated communications are essential. Snap-on fell down a bit in that regard.  They can do better, and their customers deserve better.

0
Posted on Author Atlantic Computer Services Categories Blog

Millions Of Cash App Users Had Their Data Breached

Do you use the popular smartphone app “Cash App?”  If so, you’re certainly not alone.  It is wildly popular and used by millions of people around the world.

As one of the most wildly popular things on the web, that has made it a target. Cash App was formerly known as Square. Recently, they submitted a filing to the SEC (Securities and Exchange Commission) acknowledging that they had been breached.

This was not a conventional hacking attack however.  In this instance it was a matter of a former employee accessing sensitive customer information before leaving the firm.  Based on the filing, the incident occurred on December 10th, 2021.

Apparently the employee in question had regular access to reports containing customer information as part of their job duties. Upon leaving the firm, the employee somehow re-gained access to that information.

The information taken from Cash App includes:

  • The full names of customers
  • Brokerage account numbers (US customers only)
  • Brokerage portfolio value
  • Brokerage portfolio holdings
  • Stock trading activity

Cash App has launched a formal investigation into the matter and retained the services of a third-party forensics firm.

Beyond that, details about the incident are somewhat sparse.  About all we know beyond what we mentioned above is that the former employee accessed the records of more than eight million Cash App current and former customers. In addition, the firm is currently in the process of reaching out to all impacted users to inform them.

As is generally the case in the aftermath of an incident like this, Cash App stressed that they take customer security very seriously and will be conducting a complete review of their processes to minimize the chances of a repeat occurrence in the future.  Cash App also stressed that the future costs associated with the incident based on its preliminary assessment are virtually impossible to predict.

In any case, if you are a current or former Cash App customer be on the lookout for a communication from the company if you’re one of the people potentially impacted by the breach.

0
Posted on Author Atlantic Computer Services Categories Blog

Some Microsoft’s Source Code Was Stolen By Hacker Group

Microsoft recently confirmed that an account belonging to one of their employees was compromised by the Lapsus$ hacking group, which allowed them to abscond with portions of the company’s source code.

Yes, you read that correctly.  Microsoft got hacked.  They now join the latest in a seemingly unending parade of large tech companies to have been hacked by well-organized hackers.

In this case, the attackers made off with a head-spinning 37 GB of data. Most of it was in the form of source code for a wide range of internal Microsoft projects including those for Bing, Cortana, and Bing Maps.

The company had this to say about the incident:

“No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.

Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog.

Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”

An investigation into the matter is ongoing but already the company has assessed its own processes and is making changes to further bolster their security.

They recommend doing the following:

  • Strengthen MFA implementation
  • Require Healthy and Trusted Endpoints
  • Leverage modern authentication options for VPNs
  • Strengthen and monitor your cloud security posture
  • Improve awareness of social engineering attacks
  • Establish operational security processes in response to DEV-0537 (Lapsus$) intrusions

No one is safe, but kudos to Microsoft for their transparency here and for publishing specific steps that others can take to help minimize their risks.

0
1 2 3 4 5 19