Please fill in the form below to subscribe to our blog

The Week in Breach 06/25 – 06/29

July 03, 2018

Breach news to share with your customers! 

Hacks this week showed no mercy or regard to international boundaries. From North America to Australia, businesses of all sizes, across all industries were targeted. Malware injection and insecure databases were some of the most damaging compromises highlighted this week. At least 230 million individuals and 110 million businesses exposed on the Dark Web… YIKES.

Highlights from The Week in Breach:

  • Ransomware be gone!
  • Comcast’s leaky API
  • Another Intel CPU vulnerability?
  • Massive breach exposes how many kids you have and where you live.

In other news…

A popular Australian medical appointment booking app called HealthEngine is receiving negative attention from privacy advocates and cyber security professionals alike this week. It has come to light that they have been sharing patients’ personal information with a third-party law firm. The information sharing occurred daily as part of a referral partnership.
https://cyware.com/news/popular-medical-appointment-booking-app-healthengine-reportedly-patient-data-with-law-firm-3aba7747

Researchers at Cisco Talos have developed a tool that decrypts files affected by the ransomware Thanatos. This news is only made better by the fact that they are releasing it at no cost. The less ransomware out there, the better.
https://www.zdnet.com/article/thanatos-ransomware-free-decryption-tool-released-for-destructive-file-locking-malware/

Comcast’s website has been leaking account information, including whether a home security setup is in place. Anyone on the customer’s network could trick one of the company’s APIs into returning customer information. Comcast was quick to shut down the API after the vulnerability was revealed to them.
https://www.zdnet.com/article/comcast-fixes-another-xfinity-website-data-leak/

At Black Hat USA this year, it was revealed that Intel CPUs have a side-channel vulnerability that could be used to leak encryption keys for signing a message. Researchers at the Systems and Network Security Group at Vrije Universitet Amsterdam constructed an attack that can reliably extract an encryption key using Intel’s Hyper-Threading technology. To exploit the flaw, a hacker would need to already have malware on the system or use compromised credentials to log in.
https://www.zdnet.com/article/tlbleed-is-latest-intel-cpu-flaw-to-surface-but-dont-expect-it-to-be-fixed/


Podcasts

Know Tech Talks – Hosted by Barb Paluszkiewicz
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)
Small Business, Big Marketing – Australia’s #1 Marketing Show!

Exactis

Exploit: Elasticsearch insecure database exploit.
Risk to Small Business: High: Demonstrable gross negligence while aggregating and normalizing PII. This increasingly common exploit (insecure/ publicly accessible database). This compromise will cross state and international boundaries.
Risk to Exploited Individuals: High: The data breached could be used to execute extremely effective spear phishing campaigns.
Exactis: A marketing and data aggregation firm based in Florida.
Date Occurred/Discovered: June, 2018
Date Disclosed: June 27, 2018
Data Compromised: 

  • Names
  • Address
  • Email address
  • Telephone number
  • Interests
  • Habbits
  • Number of children, their ages and gender
  • Whether the individual smokes
  • Religion
  • Pets

Etc… over 400 variables per person
How it was compromised: Negligence
Customers Impacted: 230 million Americans and 110 million businesses

https://www.wired.com/story/exactis-database-leak-340-million-records/
https://info.idagent.com/blog/big-data-big-breach

People Dedicated to Quality (PDQ)

Exploit: Hackers gained entry by exploiting an outside technology vendor’s remote connection tool. Demonstrates supply chain-based vulnerabilities.
Risk to Small Business: High: Remote session / access tools are frequently targeted. Outsourcing and the cost-effectiveness of remote support makes this a very effective attack vector for hackers. This should be top of mind especially if an organization holds PII or any customer data of value.
Individual Risk: Low: Victims of this breach are highly vulnerable to financial fraud and identity theft.
PDQ: People Dedicated to Quality, or PDQ for short, is a chicken focused food stop founded in Florida.
Date Occurred/Discovered: May 19, 2017 – April 20, 2018
Date Disclosed: June 22, 2018
Data Compromised: 

  • Credit card information
  • Expiration dates
  • CVV
  • Names

How it was compromised: PDQ believes that a hacker gained access to their customer’s credit card information using an outside technology vendor’s remote connection tool.
Customers Impacted: Unknown, but all 70 PDQ locations were compromised.
https://www.eatpdq.com/promos/news/2018/06/22/guestinfo

FastBooking
Exploit: Web Application Exploit, Remote Access, Malware injection.
Risk to Small Business: High: There seems to be several layers to this exploit. Remote access was achieved to download the data scraping malware. This breach is far-reaching globally impacting businesses and individuals globally. The forensics, mandatory credit monitoring, brand damage will be costly and will linger to years.
Risk to Exploited Individuals: High: Personal data and credit card information was compromised during the breach, leaving individuals vulnerable to identity theft.
FastBooking: Based in France, the company sells hotel booking software globally.
Date Occurred/Discovered: Occurred on June 14, 2018, discovered on June 19, 2018.
Date Disclosed: June 26, 2018
Data Compromised: 

  • Full name
  • Nationality
  • Home address
  • Email address
  • Booking information

In some cases:

  • Credit card details
  • Name on card
  • Card number
  • Expiration date

How it was compromised: Malware installed on their server which granted remote access.
Customers Impacted: 4,000 hotels in 100 countries.
Prince Hotels is the first to inform customers, with 123,963 of their customers affected. Of these, 58,003 are instances of personal information compromised. 66,960 involved credit card information.

https://www.bleepingcomputer.com/news/security/hundreds-of-hotels-affected-by-data-breach-at-hotel-booking-software-provider/

https://www.japantimes.co.jp/news/2018/06/26/business/corporate-business/prince-hotels-hack-results-loss-124000-customers-credit-card-numbers-data/#.WzOvIdVKjIW

Best Sleep Centre
Exploit: Ransomware
Risk to Small Business: High: Significant impact to business operations if data not properly encrypted and backed up.
Risk to Exploited Individuals: Moderate: Data was encrypted by the ransomware. At this point, there is no public evidence that it was also exfiltrated.
Best Sleep Centre: Winnipeg based mattress store
Date Occurred/Discovered: June 2018
Date Disclosed: June 26, 2018
Data Compromised: The company’s server was encrypted.
How it was compromised: Ransomware. The owner decided to pay the ransom, but negotiated it down to $2,000 CAD.
Customers Impacted: Unknown at this time, but the business is impacted.

https://globalnews.ca/news/4298279/hacker-hits-local-mattress-store-with-ransomware/

Ticketmaster
Exploit: JavaScript chatbot with data scraper injected in to supply chain systems.
Risk to Small Business: High: Highlights how supply chain vulnerabilities can lead to massive data loss and exposure. Companies dealing with customer data / PII should have elevated security controls in place to prevent supply chain vulnerabilities.
Risk to Exploited Individuals: High: This breach leaves Ticketmaster customers vulnerable to identity theft.
Ticketmaster: A ticket purchasing website that is used globally for many types entertainment.
Date Occurred/Discovered: Discovered on June 23, 2018. Could have occurred as early as September 2017.
Date Disclosed: June 27, 2018
Data Compromised: 

  • Names
  • Address
  • Email address
  • Telephone number
  • Payment details
  • Ticketmaster login details

How it was compromised: Malware hosted on a customer support product hosted by a third-party supplier which sent data to a remote location.
Customers Impacted: Ticketmaster has been telling the media that about 400,000 customers have been affected, but in their alert to customers they claim that ‘less than 5% of their customer base have been affected. 5 percent of their customer base comes out to 11.5 million, so we will have to see if their investigation into the breach will reveal more affected customers.

https://www.govinfosecurity.com/ticketmaster-breach-traces-to-embedded-chatbot-software-a-11144
https://security.ticketmaster.co.uk/

Facebook (yes again)
Exploit: Unsecured JavaScript file/ supply chain
Risk to Small Business: High: A supply chain vendor that leaks data will tarnish the reputation of business.
Risk to Exploited Individuals: Moderate: The data the quiz app is leaking could be used in spear phishing attacks.
Facebook: A social media site that has over 2 billion monthly active users.
Date Occurred/Discovered: End of 2016-present
Date Disclosed: June 28, 2018
Data Compromised: 

  • Facebook ID
  • First name
  • Last name
  • Language
  • Gender
  • Date of birth
  • Profile picture
  • Cover photo
  • Currency
  • Devices used
  • When your information was last updated
  • Posts
  • Statuses
  • Photos
  • Friends on Facebook

How it was compromised: Any third party can view.
https://techcrunch.com/2018/06/28/facepalm-2/


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!