Security News Round-Up: Daimler AG Involved In Leak of Development Data
Parent Company of Mercedes Benz Leaks Software Development Data
Daimler AG, known for being the parent company of Mercedes Benz, left around 9GB of data pertaining to software development in a misconfigured GitLab repository, says Bank Info Security. Till Kottmann, a security researcher, discovered the data via Google research and was able to access it without an approved email domain. Passwords and API keys were also amongst the data discovered in the unprotected repositories, the article states. Luckily, none of the data will likely be valuable to those who may have accessed it. The company has since noted that the credentials affected have since been deleted.
Hackers Begin Releasing Financial Data from Bank Victim
After hackers hit the bank of Costa Rica known as Banco BCR with Maze ransomware earlier in the year, they have now begun to expose the financial data stolen in the attack, according to Bank Info Security. The attackers released a file containing 2GB of data including payment card information belonging to the bank’s customers. Specifically Visa and MasterCard credit cards as well as debit cards were affected by the data leak. It was also revealed that they had received no response from the bank after contacting them about the attack and no spokesperson has commented on the incident thus far, the article notes.
Home Chef Hit With Data Breach
Home Chef, a company that provides meal delivery services, revealed that a security incident exposed a portion of its customers’ data. The company was included in a dark web listing selling stolen credentials, says Cyber Defense Magazine, in which the sellers claimed to have 8 million records belonging to the company. The page listed the records at $2500, including data such as phone numbers, names, email addresses, last four digits of credit card numbers, and hashed passwords, the article states. The company stores only encrypted passwords and does not hold onto full credit card information. HomeChef has begun notifying those affected, recommending that they change their passwords.
29 Million Jobseekers’ Data Leaked
The data of 29 million jobseekers in India has been leaked online without any protection, says Info Security Magazine. The post was made to the Dark Web in the form of a 2.3GB containing data such as emails, phone numbers, work experience, salaries, and other sensitive information. It has been revealed since that a website aggregating CVs is where the leak came from, possibly involving an unsecured Elasticsearch database, the article states. Another criminal was found to have posted 2000 Aadhar identity cards on a hacking forum at no cost in a separate incident.
Long Time Brazilian Hacker’s Identity Revealed
A Brazilian hacker known as VandaTheGod, who has hacked thousands of websites over his time, finally had his identity revealed by authorities. He has been involved in over 4,800 cyberattacks on different domains between 2019 and 2020, according to Security Week. The organizations affected spanned around 40 countries, according to the article. His attacks are typically involving fighting forms of government corruption and have included selling details of payment cards and corporate information as well.