The Week in Breach
Breaches are flying high this week thanks to Air Canada! China’s hospitality industry targeted and the data shows up on the Dark Web. And, in an effort to cut out Google’s cut, the creators of the game Fortnite create massive security challenges for unwitting gamers.
Highlights from The Week in Breach:
- Fortnite on Android.
- Hackers Take Flight!
- Russian Breach.
In Other News:
Trust
Several companies that specialize in developing software designed to spy on one’s spouse or other unsuspecting “targets” have been compromised over the past few years. This category of software, which is essentially spyware installed on the target’s phone, collects a good bit of highly personal and sensitive data. This time, the company who makes the app, TheTruthSpy, was breached, allowing the target’s texts, location information, social media chats and other sensitive data to be extracted and posted on TOR/Dark Web forums for all to see.
https://motherboard.vice.com/en_us/article/mb4y5x/thetruthspy-spyware-domestic-abusers-hacked-data-breach
Fortnope
It seems like every kid on the planet is playing the popular video game, Fortnite, these days. Epic, who is the maker of the hit title, is planning on launching the Android version of the game soon, but not on the Google Play Store… this is an unprecedented move by a well-respected and popular game title, and likely has to do with Epic not wanting to give Google a cut of their money printing machine. This controversial move by the game developer has been made even more so due to Google researchers finding that the app is vulnerable to ‘man in the disk’ attacks. Man in the disk is an attack vector that takes advantage of Android’s less-secure external storage space. The vulnerability has since been patched, but make sure to have your kids update their app. Scratch that… tell your kids to put the game down and go outside and play! Seriously people!
https://www.bleepingcomputer.com/news/security/fortnite-android-app-vulnerable-to-man-in-the-disk-attacks/
Podcasts:
Know Tech Talks – Hosted by Barb Paluszkiewicz
IT Provider Network – The Podcast for Growing IT Service
The Continuum Podcast
Security Now – Hosted by Steve Gibson, Leo Laporte
Small Business, Big Marketing – Australia’s #1 Marketing Show!
Canada – Air Canada
Exploit: Unclear.
Risk to Small Business: High: The number of customers affected is a low percentage of the airline’s customer base, but to most other businesses, a breach of this scale would be much worse. Either way, the breach is extremely damaging to the company due to loss of customer trust.
Individual Risk: Extreme: The nature of the data leaked is highly sensitive and useful for identity theft.
Air Canada: Canada’s largest full-service airline.
Date Occurred/Discovered: August 22, 2018 – August 24, 2018
Date Disclosed: August 29, 2018
Data Compromised:
- Names
- Email addresses
- Phone numbers
- Passport numbers
- Passport expiry date
- Passport country of issuance
- NEXUS numbers
- Gender
- Dates of birth
- Nationality
- Country of Residence
Customers Impacted: 20,000
https://techcrunch.com/2018/08/29/air-canada-confirms-mobile-app-data-breach/
China – Huazhu Hotels Group
Exploit: Unclear.
Risk to Small Business: High: The loss of customer trust alone would greatly cost the company, in addition to the other costs associated with a breach.
Individual Risk: Extreme: The information is already for sale on the Dark Web.
Huazhu Hotels Group: One of China’s largest hotel chains.
Date Occurred/Discovered: Earlier this month
Date Disclosed: August 28, 2018
Data Compromised:
- ID card number
- Mobile phone number
- Email address
- Login password
- Customer name
- Home address
- Date of birth
- Check in time
- Departure time
- Hotel ID number
- Room number
Customers Impacted: 130 million
https://www.bleepingcomputer.com/news/security/data-of-130-million-chinese-hotel-chain-guests-sold-on-dark-web-forum/
RUSSIA – ABBYY
Exploit: Exposed database.
Risk to Small Business: Extreme: Sensitive internal documents were exposed that could have major effects on their business.
Individual Risk: Low: Only corporate documents were exposed.
ABBYY: Moscow-based optical character recognition software provider.
Date Occurred/Discovered: August 19, 2018
Date Disclosed: August 27, 2018
Data Compromised:
- Contracts
- Non- disclosure agreements
- Memos
- Other confidential documents
Customers Impacted: 200,000 sensitive documents.
https://cyware.com/news/abbyy-inadvertently-exposes-over-200000-sensitive-documents-via-unsecured-mongodb-database-be026aa2
A note for your customers:
Scam, Scam, Go Away.
Australia is well-known to be a dangerous place, with many poisonous plants and animals that inhabit its borders. Another danger in the outback is cybercriminals! According to the Australian Competition and Consumer Commission, Australian small businesses have been scammed out of $2.3 million so far in 2018.
The scam that most frequently targeted businesses is the false-billing scam, while employment and investment scams funneled the most amount of money away from Australian businesses.
Stay safe out there and make sure to have a healthy dose of suspicion when dealing with unexpected emails, especially those that deal with money!
https://www.arnnet.com.au/article/645826/aussie-small-businesses-scammed-2-3m-far-2018/?utm_campaign=daily-pm-edition-2018-08-28&utm_source=daily-pm-edition&utm_medium=newsletter&eid=-4152
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!