Tag Archives: Data Breach

Posted on Author Atlantic Computer Services Categories Blog

Over 4,000 Online Shopping Retailers Hit With Data Breach

The UK’s National Cyber Security Centre (NCSC) has identified more than 4,000 different retailers that have been compromised by hackers exploiting known vulnerabilities on checkout pages in order to divert payments and steal payment card details.

The NCSC has been quietly alerting vulnerable retailers over the past 18 months.

Based on the data gathered by the NCSC the majority of impacted retailers were using the e-commerce platform called Magento which is a favored option among small and medium-sized UK retail operations.

Black Friday is the busiest shopping day of the year and it is right around the corner. Therefore the agency wanted to do all that it could to ensure that everyone has a safe and largely uneventful shopping experience with no unpleasant surprises.

In addition to warning UK retailers the NCSC recommends that businesses of all sizes do all they can to secure their sales portals including applying all available security patches in order to minimize risk. That’s good advice no matter where in the world you are and no matter what size your business is.

By now everyone with an online presence is well aware of the fact that web traffic the day after Thanksgiving puts a tremendous strain on the internet. Hackers lurk in almost every corner ready to swoop in and steal what data they can from excited shoppers. Hackers do it hoping people won’t notice the illicit activities they’re doing until it’s far too late to do anything about it.

All too often the assumptions of the hackers prove to be correct. Then unfortunate internet users wind up spending months and hundreds if not thousands of dollars trying to reclaim their identities or pay off debts run up by the hackers themselves.

Don’t let that happen to your customers. If you haven’t already done so conduct a thorough review of your company’s security systems to be sure you’re ready for the holiday rush.

0
Posted on Author Atlantic Computer Services Categories Blog

Large GoDaddy Data Breach Involves WordPress Customer Email Adresses

Are you a GoDaddy customer? Do you maintain a WordPress blog with the company?

If so be advised that the company recently announced a breach of their network. An as yet unidentified third party accessed GoDaddy’s Managed WordPress hosting environment.

Based on the investigation to date the intrusion began on September 6, 2021. While taking advantage of a vulnerability the company was unaware of at the time the unknown attacker was able to gain access to a variety of information.

The information taken includes:

  • The email addresses and customer numbers of more than 1 million Managed WordPress customers (both active and inactive)
  • The original WordPress Administrative password that was set at the time of provisioning
  • For active customers, the SFTP and database usernames and passwords
  • And for some customers (exact number unknown at this time), the SSL private key

The company has retained the services of an independent third-party security firm to assist them with their investigation. That investigation is ongoing but the company has already reset the SFTP and database passwords for all impacted users. They are in the process of issuing and installing new certificates for customers who had their SSL private keys exposed.

The company is in the process of contacting all impacted users. If your email address was exposed, you will definitely want to keep a sharp eye out for phishing attacks targeting your email address.

As is the case any time an event like this occurs the company apologized and stressed that they take customer data security very seriously. No additional information is available at this time but bear in mind that the investigation is still ongoing.

It’s unfortunate but not altogether unsurprising. A company as large as GoDaddy with millions of customers is an attractive target for almost any hacker. Stay vigilant out there. This won’t be the last major breach we see this year.

0
Posted on Author Atlantic Computer Services Categories Blog

Major Data Breach At Robinhood Is Affecting Millions

Do you buy stocks via the no-cost RobinHood platform? If so be advised that the company has recently disclosed a massive data breach estimated to impact more than seven million customers.

The attack against RobinHood’s networks occurred on November 3rd.

It happened after an unidentified threat actor called the company’s customer support line and utilized some in-person social engineering techniques to gain access to the customer support system.

This threat actor was able to access a wide range of customer information including:

  • The full names of clients
  • Email addresses
  • Date of birth
  • And Zip code

Based on the company’s disclosure statement the attacker was able to exfiltrate more than 5 million email addresses, the full name of some two million customers, birth dates, and zip codes for about 300 people. Even more extensive account information was taken for around 10 people.

An investigation into the matter is ongoing at this point. The company does not believe any customer social security numbers, bank account numbers, or debit card numbers were exposed.

On the heels of the attack RobinHood received an extortion demand. The company has declined to make the details of the demand public but the nature of the threat was that unless the company paid a ransom in BitCoin the stolen information would be released to the public.

If you use the platform out of an abundance of caution you should change your password immediately. Be on the lookout for phishing emails sent to the address you used when you signed up on RobinHood in case the attacker tries to contact you to steal other credentials.

Finally if you haven’t already done so the company recommends two-factor authentication as soon as possible. If you need to contact the company for support from inside the RobinHood app simply tap “AccountHelpContact Us.”

0
Posted on Author Atlantic Computer Services Categories Blog

Fortinet VPN User Passwords May Have Been Leaked Online

Hackers recently released a list of nearly half a million Fortinet VPN usernames and passwords onto the Dark Web. The group behind the attack claims that all the credentials were scraped from exploitable devices last summer.

The group also claims that while the vulnerability that made the hack possible has been patched many of the VPN credentials are still valid.

For their part Fortinet has confirmed that they were attacked and that the hackers successfully made off with hundreds of thousands of VPN login credentials.

Half a million credentials of any sort is a serious matter but half a million VPN credentials is eye popping. If the list is exploited the groups doing so could infect a wide range of networks all around the world.

A recent Fortinet advisory had this to say about the matter:

“This incident is related to an old vulnerability resolved in May 2019. At that time, Fortinet issued a PSIRT advisory and communicated directly with customers.

And because customer security is our top priority, Fortinet subsequently issued multiple corporate blog posts detailing this issue, strongly encouraging customers to upgrade affected devices. In addition to advisories, bulletins, and direct communications, these blogs were published in August 2019, July 2020, April 2021, and again in June 2021.”

For reference the old vulnerability Fortinet is referring to is being tracked as CVE-2018-13379. A Bleeping Computer analysis of the stolen data reveals that it contains VPN credentials for 498,908 users spread over nearly 13,000 different devices.

If you have Fortinet VPN your best bet is not to take any chances. Assume that your account has been compromised and force-reset all of your users’ passwords. In addition to that take the time to do a deep dive into your logs and scan for any suspicious activity that may point to a possible intrusion.

0
Posted on Author Atlantic Computer Services Categories Blog

Recent Massive Data Breach Attacks T-Mobile Company

US telecommunications giant T-Mobile is the latest big company to suffer from a successful hacking attack. The company is still cooperating with law enforcement and investigating an attack.

Here are the details. A threat actor claimed to have made copies of databases that contained personal information belonging to more than 100 million of the company’s customers.

The attacker is currently offering copies of the database for sale on the Dark Web for six bitcoin valued at approximately $280,000 USD at the time this article was written.

The database being offered contains useful information including:

  • First and last name
  • Dates of birth
  • Driver’s license numbers
  • And social security numbers belonging to more than 30 million people.

The remaining records also contain personal information but the information is somewhat less comprehensive than the 30 million records mentioned above.

According to the attacker he was able to make off with their entire IMEI history database dating back to 2004. In all the attacker claims to have made off with more than 106 GB worth of data and is actively seeking buyers.

According to the hacker the attack against T-Mobile was launched as an act of revenge against the US for the apprehension of another hacker named John Erin Binns in Germany in 2019. How much of this claim is true is unknown at this time.

If you’re a T-Mobile subscriber there is nothing for you to do at present except to be mindful that large amounts of data may have been stolen. Keep a watchful eye on your accounts in the event that your customer record was compromised.

We can expect the company to make an additional announcement as their investigation reaches its conclusion. For the moment just be mindful of it and be aware that no company is too big or too small to be a target of relentless hackers. Your company could be next.

0
1 5 6 7 8 9 19