Security News Round-Up: Data of Over 267 Million Facebook Users Leaked
News Round-Up – Get a Quick Rundown of What You Need to Know
Evolver’s Cyber News Round-Up looks into recent reports and journalism covering cyber threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @EvolverInc. Visit our cybersecurity services page to learn more about cyber risk assessment and threat protection.
Phone Numbers and User IDs of Over 267 Million Facebook Users Leaked
Over 267 million Facebook users’ data was left exposed online including names, addresses, and Facebook IDs. The data was found posted on a hacker forum, says Comparitech, which means the database likely belongs to criminals themselves. Researchers were able to report it to the ISP, which took it down after it had been exposed for two weeks. The vast majority of these records belonged to users in the United States, according to the article. A massive wave of phishing attempts targeting these users’ information is likely.
New Orleans Becomes Next City Cyberattack Victim
A ransomware attack has struck the city of New Orleans, says Info Security Magazine, affecting a number of public services including the police department, courts, tax offices, emergency medical services, and more. The attack is one of multiple attacks on Louisiana that have occurred this year alone. It has been stated that no network compromise has been confirmed, but the state’s experts and city’s response teams have joined together to speed up recovery. Some services that are also affected as a result are background checks by the police department, non-emergency medical responses, and municipal and traffic court closures, the article notes.
New Jersey’s Biggest Hospital System Struck by Ransomware
Hackensack Meridian Health, the largest of New Jersey’s hospital systems, paid a ransom to overcome a ransomware attack last week. According to Security Week, the system shared that it had insurance for this type of event, but has not stated how much the ransom was. As a result of the attack, nonemergency surgeries were rescheduled and electronic records were not accessible for use by doctors and nurses as they gave necessary care to patients. There has been no sign yet of patient information being accessed and the systems are now up and running again, Security Week says.
Researchers Trick Airport Facial Recognition
Using 3D masks and photographs, researchers were able to successfully trick the facial recognition technology used in airports across multiple countries, according to Info Security Magazine. A self-boarding terminal was fooled by reading a photo from a phone screen at the Schiphol Airport in Amsterdam, while the same strategy proved successful in boarding and paying for trains throughout China. Similarly, the researchers successfully paid for purchases through WeChat and AliPay by wearing a 3D mask to act as someone else. The conclusion of the study noted that while this technology can already be upgraded and improved, the companies using it do not want to make the investment to do so.
College in Louisiana Hit With Ransomware
Baton Rouge Community College experienced another Louisiana-targeting in addition to the one affecting New Orleans. The attack left servers offline as the students were off campus due to graduation ceremonies coming up two days later, says Info Security Magazine. According to a memo coming from the school’s interim chancellor, the school has been working with the Louisiana State Police Cyber Crime Unit, has not found any data loss, and has not paid the ransom. The graduation ceremonies will take place as scheduled, but teachers must resort to entering grades manually and any new registrations for next semester must be inputted manually as well.
Ransomware Targets Georgia-Based Wire Manufacturer
Wire manufacturer Southwire Co., located in Carrollton Georgia, has been hit with ransomware. The company, whose wires are used in data centers, electrical lines, homes, and more, has upwards of 8,000 employees around the world and a revenue of $6 billion, according to Bank Info Security. The article also states that the group behind the attack, known as the Maze gang, is seeking a $6.1 million ransom payment (in 850 bitcoins) and has threatened to expose any data that it took from Southwire’s systems. In the note left during the attack, the group referred to a previous incident in which they released the data of Allied Universal.
26,000 Customers’ Data Exposed in Honda Data Breach
A misconfigured cloud left Honda customers across North America with their data exposed, says Info Security Magazine. The exposed database included 976 million records in total, with 25,000 unique records belonging to Honda customers. Luckily, none of the data was financial data, credit card information, or passwords. The company shut down their server only a day later after discovering the exposure, according to the article. Despite this quick action, it is believed that the data has actually been exposed since October 21st, meaning that it is still likely that hackers had time to find the data. As a result, customers should keep an eye out for possible phishing emails and other attacks.
LifeLabs Pays Ransom to Get Back 15 Million Canadians’ Medical Data
A Canadian healthcare laboratory testing services provider by the name of LifeLabs had an unauthorized hack into its systems last month to steal users’ data, according to The Hacker News. The attack was found in October, affecting users’ names, addresses, LifeLabs logins and passwords, birth dates, lab test results, and health card numbers. While the specific amount has not been revealed, the company admitted to paying the ransom in order to get their data back, the article states. Any health information that was exposed is believed to be from 2016 or earlier.