Security News Round-Up: Over 56 Million Americans’ Data Exposed by Chinese Server
News Round-Up – Get a Quick Rundown of What You Need to Know
Evolver’s Cyber News Round-Up looks into recent reports and journalism covering cyber threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @EvolverInc. Visit our cybersecurity services page to learn more about cyber risk assessment and threat protection.
Over 56 Million Americans’ Data is Exposed by a Computer in China
A database containing around 22GB of sensitive information on more than 56 million Americans was left publicly accessible, according to Hack Read. Researchers discovered that the data was stored on a computer located in China, with the data belonging to CheckPeople.com—a company that is located in Florida. The website allows users to pay to access information about other people, such as felonies, phone numbers, actual names, and so on. Hack Read states that the company claims to not store any information outside of the United States, making security a major concern considering that a computer in China has all of the information. This data includes addresses (past and present), names, ages, phone numbers, and relations. At the time of writing, the database is still publicly accessible.
Site That Sells Stolen Data Seized by FBI
According to Info Security Magazine, a website that sells people access to data that has been stolen in various data breaches, known as WeLeakInfo.com, was seized by the FBI in conjunction with the UK’s National Crime Agency. The website covered up its activities by saying its purpose was to serve as a resource for people who want to know if their data has been breached, similarly to popular site HaveIBeenPwned. However, the website sold access to see anyone else’s passwords, names, addresses, and other information, allowing any malicious actor to steal other people’s information, the article notes. The FBI is still investigating to discover who owns and runs WeLeakInfo.
Facial Surgery Patients Face Ransom Demands
After The Center for Facial Restoration, Inc. in Florida was hacked in November 2019, the attackers decided to directly contact those whose data they stole. They claimed to have all of the available data on the victims and threatened to share or expose it unless they received payment, says Info Security Magazine. Around 3,500 patients had their data exposed in the attack, including drivers’ licenses, addresses, email addresses, passports, photographs, phone numbers, and payment receipts. The FBI has continued to investigate the incident while suggesting that anyone who receives a ransom demand due to the incident file an independent cybercrime complaint, the article states.
$2.3 Million Lost by Texas School District due to Phishing Attack
Recent phishing attacks have left Manor Independent School District in Texas with losses of more than $2.3 million, according to Info Security Magazine. The losses accumulated over three fraudulent transactions in November 2019, after the phishing attacks had succeeded. On top of the monetary losses, the article notes, around 10,000 students likely had their data exposed and possibly stolen as well. Such an attack is becoming increasingly common, with 72 other school districts having been attacked over the course of last year, Info Security states. The FBI has joined the school district to continue investigating.
Donation Website for Australia Fires Hit With Magecart
Attackers have targeted a website created for donations to the Australian wildfires. Malicious actors have hit the site with Magecart in a credential-skimming attack, says Dark Reading. An ATMZOW skimmer was inserted into the code of the charity site and then used to steal payment details before forwarding the information to a third party, the article states. As a result, a number of donors had their payment details stolen. While the server has been taken offline, the skimmer code remains on the website, along with 39 additional websites. MalwareBytes researchers were the ones to discover the the issue, Dark Reading notes.
Baby Videos and Information Exposed by Recording App
A recent article from Naked Security details a database left exposed by an app by the name of Peekaboo Moments, which is used to keep measurements such as weight and length, photos, diaries, and audio recordings for babies. The company left a massive Elasticsearch database exposed, which includes 100GB of data. Over 800,000 email addresses, photo and video links, and device data have been left online to be seen by anyone who stumbles upon the database. API keys for Facebook were also included, meaning any malicious actors could also get content from the Facebook pages of the app’s users.
Baby Videos and Information Exposed by Recording App
Dixons has been fined $654,000 by the UK Data Protection Regulator due to their eight-month-long data exposure from July 24th, 2017 to April 25th, 2018. Since it ended a month before GDPR, the incident fell under the UK’s Data Protection Act of 1998. According to Security Week, the company had discovered the breach only when notified by sources external to the company. 5,390 point of sale terminals, as well as 5,646,417 payment cards were affected due to the company’s lack of encryption. Additionally, a pre-incident security assessment had pointed out that the company’s systems may not have been compliant and could not be relied upon as is, Security Week says.