Category: data breach

A group of hacktivists claims to have breached the IT systems of Disney, and stolen a gigantic 1.1 terabytes worth of data from the entertainment giant's internal Slack messaging channels. The hacking group, which calls itself NullBulge, posted on an underground hacking forum that it had hoped to postpone announcing the breach until it had accessed more information, "but our insider man got cold feet and kicked us out." Read more in my article on the Hot for Security blog.

Over the past few days, AT&T, a major American telecom company, has made headlines due to a sophisticated cyber-attack that exposed the details of over 109 million mobile customers dating back to 2022.

According to updates received by our Cybersecurity Insiders, the data breach occurred in 2022 and affected customers who used AT&T’s telecom services between March and October of that year. This includes users of their cellular network, virtual mobile network, and landline services.

Fortunately, the hackers did not access sensitive information such as social security numbers (PII). As of now, there is no evidence that the information gleaned from calls and text messages has been used for social engineering attacks against affected customers.

AT&T has set up a dedicated web portal for customers to check if their number was impacted by the breach. Those affected will be notified digitally for further clarification.

In a separate incident, hackers have reportedly stolen a massive 1TB dataset from Disney’s Slack servers. The stolen data allegedly includes details about upcoming projects, conceptual art for Disney Games, and personal information of employees. Among the leaked details are plans related to projects like “Marvel 1943: The Rise of the Hydra” and the Deadpool movie, generating anticipation among fans eager for glimpses of future episodes.

It remains unclear whether the hacking group “Nullbulge” breached Disney’s servers for financial gain or to sell the stolen data on the dark web.

In recent years, cybercriminals have increasingly targeted technology and gaming companies, knowing they can demand hefty ransom payments to disrupt operations. For instance, CDK Group, which provides software services to the automotive industry in America, recently faced a ransomware attack and reportedly paid a ransom of $22 million.

The FBI has criticized the practice of paying ransom, arguing that it does not guarantee a decryption key and can incentivize further crime. Instead, they recommend victims contact law enforcement and share details to aid in stopping the spread of malware to other businesses. In some cases, victims may even receive decryption assistance from authorities at no cost.

The post Details of AT&T data breach and 1TB data steal belonging to Disney appeared first on Cybersecurity Insiders.

mSpy, a popular cell phone tracking software utilized by millions, has recently made headlines due to a significant cyber attack that has compromised the data of countless customers.

As reported by Cybersecurity Insiders, hackers successfully breached the Zendesk-powered customer support server belonging to the phone spyware company. This incident resulted in the exposure of sensitive customer information, including personal details, email addresses, attachments, customer support tickets, and some confidential company data.

The investigation indicates that the breach has revealed data dating back to 2014, encompassing millions of records generated by the mSpy application from users worldwide.

Developed by the Ukraine-based company Brainstack, mSpy is commonly employed by parents to monitor their children and by individuals to keep track of their partners and relatives. The software can log call records, photos, contacts, videos, and other data, transmitting this information to mSpy’s servers for analysis and storage.

Additionally, some government agencies install this spyware on devices issued to employees and personnel, allowing them to monitor their activities discreetly.

Troy Hunt, the creator of the service Have I Been Pwned, obtained the complete dataset and analyzed over 2.4 million email addresses associated with mSpy customers. Alarmingly, he found that all the data was accurate and still active, raising concerns about potential phishing attacks and social engineering threats that could arise from such a breach.

The affected individuals include a range of sensitive roles, including federal agents, judges, military personnel, and members of secret intelligence services.

It remains unclear whether the hackers infiltrated the Zendesk servers directly or accessed mSpy’s database, which stores transposed data for continuity purposes.

The post mSpy Faces Major Data Breach Following Cyber Attack appeared first on Cybersecurity Insiders.

The National Security Agency (NSA) of the United States, responsible for overseeing national security and defense matters, has recently made headlines due to a reported cyber attack resulting in a significant data breach. Approximately 1.4GB of data, including classified information purportedly sourced from defense databases, has been compromised and is now available for sale on an online forum.

The leaked data comprises sensitive details such as full names, email addresses, personal phone numbers, and office contacts of individuals working within government, military, and the Pentagon. The breach was attributed to a cyber attack targeting Acuity Inc., a technology consulting firm based in Virginia known for its work with U.S. government agencies on cybersecurity, data analytics, and operational support.

The individual responsible for the data leak, identified as ‘Gostingr’, claimed that the information was obtained during the attack on Acuity Inc. The availability of such information on public forums poses significant risks, including potential social engineering attacks like phishing and identity theft.

Coinciding with this incident, another notable data breach involving Twitter user data has emerged online. This breach reportedly exposed a dataset of approximately 9.86GB, encompassing over 200 million user records that include account profiles, names, email addresses, and in some cases, contact numbers. The dataset was made available for sale on a darknet forum by a user known as ‘Michupa’.

Both incidents are currently under investigation by Twitter and the NSA to determine the extent and veracity of the breaches. Such compromised data is highly sought after on the dark web, fetching prices ranging from $100 to $900 per dataset depending on the sensitivity and demand for the information online.

The post Cyber Attack leads to 1.4GB NSA data breach appeared first on Cybersecurity Insiders.

Researchers from a security firm( name withheld) have uncovered a significant data breach involving Twitter user data, revealing a leaked dataset of approximately 9.86GB. This trove includes over 200 million user records linked to account profiles, names, email addresses, and in some cases, contact numbers. The leaked information has surfaced on a data leak forum, posing a serious risk for potential social engineering attacks such as phishing and identity theft.

The authenticity of the data, purportedly leaked by an entity named ‘Michupa’, has not yet been confirmed to belong to Twitter, which has commercialized its social networking services extensively over the past two years.

In a separate incident, details of a password leak have emerged on platforms like Facebook, where a hacker known as “Obamacare” has publicly disclosed a dataset containing plaintext passwords. This file allegedly comprises around 1.5 billion passwords, in addition to the staggering 8 billion passwords leaked in various incidents since 2009.

Such leaks significantly heighten the risk of cyber attacks, including brute force attacks aimed at compromising individual and corporate accounts.

As more online services adopt single-password login solutions like Google’s, users must prioritize multi-layer security measures to safeguard their accounts effectively against brute force attacks. It is essential for account holders to regularly update their passwords – ideally every month – and enable two-factor authentication (2FA) to fortify defenses against emerging cyber threats such as malware.

Additionally, users are advised to exercise caution by avoiding clicking on suspicious URLs sent via email or messages. Conducting regular cybersecurity audits is crucial to proactively identify and mitigate any potential vulnerabilities that could be exploited by malicious actors.

The post Twitter Data breach and 10 billion password leak details appeared first on Cybersecurity Insiders.

Airtel, also known as Bharti Airtel, has denied reports of a data breach following speculation from various media outlets. The telecom giant stated that preliminary investigations have shown claims made by certain threat actors to be unfounded and baseless.

Earlier, there were reports circulating in the Indian media suggesting that Airtel had fallen victim to a cyber attack, allegedly resulting in a significant data breach. A hacker known as “XenZen” purportedly announced on the dark web that they possessed a dataset containing the personal information of approximately 370 million users, including phone numbers, names, physical addresses, email IDs, and Aadhaar numbers. A smaller subset of about 10 million user records was reportedly available for sale at a price of $50,000.

Despite the Chinese hacker’s claims, Airtel has firmly refuted these allegations, dismissing them as false statements aimed at gaining attention on social media platforms. The company, which ranks as the second-largest telecom operator in India after Jio-Reliance, intends to issue an official press statement soon to clarify the situation.

In the interim, Airtel has assured its customers via Twitter that their user information remains secure and intact, emphasizing ongoing investigations to provide further reassurance.

Concerned users, both postpaid and prepaid, have inundated Airtel’s customer care services with inquiries about the alleged breach. Similarly, users utilizing the AI-powered customer support through the app have also expressed anxieties about the security of their personal data and its protection measures. However, the application’s current capabilities are limited in addressing such specific concerns.

The potential repercussions of a data leak, including the exposure of personal details such as phone numbers, email IDs, and Aadhaar numbers (similar to Social Security Numbers in the US), could lead to various cyber threats. These include phishing attacks, malware infections, and in severe cases, extortion attempts through calls and messages.

Overall, Airtel continues to investigate the matter diligently while assuring its customers of the security of their personal information.

The post Airtel India denies 370 million user data breach appeared first on Cybersecurity Insiders.

Users of Twilio, the cloud-based communication service provider, are being alerted to a security breach affecting Authy, its platform for multi-factor authentication. It has been reported that a threat actor successfully accessed Authy’s end servers, potentially compromising user phone number data used for securing accounts.

The concern was raised after a threat group known as Shiny Hunters claimed on social media to have accessed data linked to more than 33 million phone numbers from Authy accounts. Authy, an integral security layer for Twilio introduced in 2015, aims to bolster account protection through multi-factor authentication.

To mitigate the impact of this breach, Twilio is advising all users to update their Android and iOS devices to the latest version of the Authy app immediately. This precaution is crucial as cybercriminals with access to phone number details could exploit them for phishing or smishing attacks via text messages.

Interestingly, this breach coincides with Twilio’s launch announcement of Flex, a mobile app designed for its Contact Center as a Service (CCaaS) platform. Flex supports both iOS and Android 11 and above, offering seamless integration with single sign-on functionality and on-premises customer data. The beta version of Flex is available for free download, while users with a Flex Only Mobile license can purchase and deploy the app for operational use.

In response to such incidents on cloud platforms, security experts strongly recommend promptly changing passwords associated with affected accounts to mitigate risks effectively.

The post Twilio data breach exposes millions of contact numbers appeared first on Cybersecurity Insiders.

UK-based law firm Barings has brought to light a concerning incident involving alleged cyber espionage targeting British armed personnel. According to Barings Law, state-funded actors from China infiltrated systems and illicitly obtained names and banking details of more than 5,000 individuals, including those engaged in sensitive projects requiring anonymity.

The purported breach is said to have originated from a cyber attack on the Ministry of Defense’s servers earlier this year, leading to the compromise of data belonging to reservists, active personnel, and veterans who have left service since 2018. Barings Law attributes the data breach to hackers breaching the network of SSCL, a technology service provider for various UK government entities.

In response to the sensitive nature of the leaked information, a significant portion of the affected personnel, reportedly over 3,000 individuals, have expressed intent to pursue legal action against SSCL, alleging negligence in safeguarding payroll information from cyber threats.

While Barings Law’s claims await official confirmation from SSCL and the Ministry of Defense, the incident has drawn international attention, particularly due to its alleged connection to Chinese cyber activities. The situation has sparked discussions on platforms like Reddit, where skepticism about the authenticity of the hack has been voiced, with some speculating it could be a distraction tactic amidst the upcoming UK Elections 2024 scheduled to be held on July 4,2024 between Rishi Sunak of conservative party and Keir Starmer of Labour Party.

Cyber intelligence gathering tactics by nations like China and Russia have long been documented, with heightened scrutiny in recent years following geopolitical tensions, such as the conflict between Russia and Ukraine since February 2022.

SSCL has responded by launching an investigation into the matter, promising to provide updates on the integrity of data security as their inquiry progresses.

The post UK soldiers banking details leaked to China says Barings Law appeared first on Cybersecurity Insiders.