Tag Archives: Data Breach

Online photography platform Shutterfly is the latest high-profile company to fall victim to a hacking attack.  The company recently disclosed that in December of last year (2021) they were targeted by the Conti gang, who successfully breached their system and initiated a ransomware attack. The company’s breach notification statement was sent to impacted users and filed with the California Attorney General’s Office in the aftermath of the attack.

Their statement reads in part as follows:

“The attacker both locked up some of our systems and accessed some of the data on those systems. This included access to personal information of certain people, including you.

We believe the access occurred on or about December 3, 2021. We discovered the incident on December 13, 2021.”

Their statement goes on to say that a large amount of data was stolen, and that it included employee personal information. Some of the information taken were names, addresses, salaries, login credentials for an unspecified number of Corporate Services users, and a wide range of customer information including at least the last four digits of credit card numbers kept on file.

Unfortunately, we don’t yet have a good accounting of exactly how many users, employees, or customers may have been impacted by the breach.  What is known is that so far, the company has decrypted more than 4,000 devices and more than 120VMware ESXi servers belonging to Shutterfly. Also, the investigation into the matter is ongoing at this time.

If you are a Shutterfly customer who was impacted by the attack, you’ve almost certainly received a copy of the official breach notification at this point.  If you’re a customer and you haven’t received one, you may want to reach out to the corporate office to check the status of your account.

Finally, out of an abundance of caution, if you have an account with Shutterfly you should probably change your password right away. If you’re using that same password on other web properties, change those too.

This will certainly not be the last such incident we hear about in 2022, so stay vigilant out there.

The automotive parts giant named DENSO is the latest corporation to fall victim to a hacking attack.  The company has offices all over the world and supplies parts to brands including General Motors, Fiat, Volvo, Toyota, and others.

Collectively the company and its subsidiaries employ more than 160,000 people and boasts revenues of more than $44 billion USD (in 2021).

The company had this to say about the incident:

“DENSO has confirmed that its group company in Germany network was illegally accessed by a third party on March 10, 2022.

After the detecting the unauthorized access, DENSO promptly cut off the network connection of devices that received unauthorized access and confirmed that there is no impact on other DENSO facilities.”

Given DENSO’s size, it is fortunate that the attack didn’t shut down any of the company’s production facilities.  We’re only just getting the supply chain issues caused by the pandemic sorted out and this could have thrown much of the automotive industry into a tailspin.

The Pandora Ransomware gang is new and the operation apparently launched in March 2022.  Their stated goal is to target large corporate networks, and steal data before encrypting their files to profit in two ways.

Although the gang itself is new, some security researchers believe that the malware itself is not new but simply rebranded as it bears striking similarities to another ransomware strain called Rook.

Rebranding is not at all uncommon in the hacking world.  Many groups periodically do that in a bid to continue to evade law enforcement.  At this point, the jury is still out.  We don’t have definitive proof either way that Pandora is a new gang or a rebranded older one.

Whatever the case, they’ve seen fantastic initial success having apparently made off with more than 1.4 TB of data. That data includes purchase orders, technical schematics, NDAs, and the like.  It is just a matter of time before the group strikes again.

It’s 2022 and after years of warning people repeatedly about the dangers of using the same old passwords and using the same password across multiple websites, you would think this would get better. You would think we’d have that problem solved and there would be one less network security risk to worry about.

Unfortunately, if you think that you would be wrong.

Even now, after endless hours of email safety training and articles just like this one published by the hundreds all over the web, people are still gravitating to the same garbage passwords and still reusing them across multiple websites they frequent.

In fact, it’s even worse than that, if recent research by SpyCloud is any indication. They poured over data containing 1.7 billion username and password combinations gleaned from 755 leaked sources in 2021. Based on their research, a staggering 64 percent of people are still using the same password exposed in one data breach for other accounts.

Keep in mind that Google now comes right out and tells Chrome users how many of their saved passwords are at risk for exactly that. Even with the information staring them in the face, significantly more than half of all users won’t change their habits.

These statistics must be taken with a grain of salt because the methodology is somewhat imprecise.  It doesn’t matter if the actual percentage is five points or so lower becausethe broader issue remains the same.

By now, everyone knows the risks that bad passwords pose.  Everyone is aware of the dangers of using the same password to access multiple web properties and yet, nothing is changing.

Until there is a tangible financial cost imposed, either by companies beginning to fine users with bad passwords or hackers taking full advantage of those weak passwords and financially punishing those using them, it’s not going to change.  It’s a real pity it has come to that.

Nvidia joined the seemingly unending parade of major corporations to fall victim of a hacking attack.  Recently, a group of hackers calling itself “Lapsus$” began sharing details about the incident and the damage that it caused. Nvidia confirmed the attack.

Nvidia released a formal statement which reads in part as follows:

“On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.

We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online.”

At this point there is no word about how many employee credentials were stolen. There is also no word on precisely what the proprietary information might have been. However, based on the official statement, it does not appear that any customer information was stolen.  Given that a hack occurred you should be careful. If you have an account with Nvidia, out of an abundance of caution it wouldn’t be a bad idea to change your password right away.

The corporate release goes on to say that the investigation into the matter is ongoing, so it is entirely possible that we will get additional details at some later date. Unfortunately, the year is still young and if history is a guide we’ll hear about dozens of other companies as the year grinds on who fall victim to hacking attacks of one sort or another.

Despite all the warnings and the money spent on internet security, lax password use and bad email habits remain the leading cause of corporate network breaches.  While we do not yet know how access to Nvidia was gained, odds are good that it was connected to one of those two.