A group of hackers has published the personal details of hundreds of German politicians, but also German artists and local YouTube celebrities.
The data was uploaded online and later promoted via Twitter, starting a few days before the Christmas holiday. The source of the data appears to be the victims’ smartphones. Details about how the data was stolen and exfiltrated from infected phones remain unclear, at the time of writing. According to German news outlets [1, 2, 3], the leaked data contains names, home addresses, phone numbers, email addresses, photo IDs, personal photos, and personal chat histories.
Read more about the disturbing data leak on ZDNet.
Abine, the company behind the Blur password manager and the DeleteMe online privacy protection service, has revealed a data breach impacting nearly 2.4 million Blur users. The breach came to light last year, on December 13, when a security researcher contacted the company about a server that exposed a file containing sensitive information about Blur users.
The company said it followed this initial report with an internal security audit to determine the size of the breach. The audit concluded last week, and the company made the data leak public on Monday in a post on its blog.
Read more about the massive Blur data leak on ZDNet.
A security researcher has discovered that nearly 19,500 Orange Livebox ADSL modems are leaking WiFi credentials. Troy Mursch, co-founder of Bad Packets LLC, says his company’s honeypots have detected at least one threat actor scanning heavily for Orange modems, starting on Friday, December 21.
The attacker is exploiting a vulnerability affecting Orange LiveBox devices (CVE-2018-20377) that was first described in 2012. The vulnerability allows a remote attacker to obtain the WiFi password and network ID (SSID) for the modem’s internal WiFi network just by accessing the modem’s get_getnetworkconf.cgi.
Read more about the Orange modems leaking credentials on ZDNet.
Social networking site Twitter announced another data leak that occurred on its platform, which the company said it is investigating as a suspected state-sponsored attack. In a support page, Twitter said that it detected the attack on November 15 when it “observed a large number of inquiries coming from individual IP addresses located in China and Saudi Arabia.”
These requests targeted the company’s support form, which users had been using to report issues to Twitter’s staff. Twitter said that attackers identified a bug in these forms that allowed them to discover an account’s phone number country code and if the account had been locked.
Read more about the suspected state-sponsored attack on Twitter on ZDNet.
A recently patched trio of flaws in Samsung’s mobile site was leaving users vulnerable to attackers who could have reset their user passwords and hijacked their accounts, The Register reports.
The flaws were found by security researcher Artem Moskowsky, who said that they were all cross-site request forgery (CSFR), or, alternatively, XSRF, bugs. Moskowsky said that the problem was with the way that the Samsung.com account page handled password-reset security questions.
Read more about the Samsung flaw that could have enabled an attacker to access user profiles, change information such as usernames, or even to disable two-factor authentication (2FA), to change passwords and to thereby steal accounts, on Naked Security.
In March 2018, researchers at InfoArmor discovered (PDF) an exposed database that contained extensive personal data for 120 million Brazilians. This comprised a unique identity number (the Cadastro de Pessoas FÌsicas, or CPF) that is issued by the Brazilian Federal Reserve to Brazilian citizens and tax-paying resident aliens.
To put this in perspective, the total population of Brazil last year stood at 210 million, with an electorate of just over 147 million. Because it took many weeks for the flaw to be fixed, InfoArmor warns “it is very likely sophisticated adversaries harvested this information.
Information belonging to more than 66 million individuals was discovered in an unprotected database, within anyone’s reach, if they knew where to look on the web. The records look like scraped data from LinkedIn profiles. The cache includes personal details that can identify users and could help adversaries create phishing attacks that are more difficult to recognize.
According to Bob Diachenko, Director of Cyber Risk Research at Hacken, the trove was exposed via a MongoDB instance that could be accessed without authentication. He found 66,147,856 unique records containing full name, personal or professional email address, user’s location details skills, phone number, employment history and a link to the individual’s LinkedIn profile.
Data belonging to 32 million customers of SKY Brasil has been exposed online long enough to make their theft very likely, an independent security researcher discovered. Fábio Castro found that the data cache could be reached by anyone that knew where to look on the internet. Using the Shodan search engine, he was able to discover multiple servers in Brazil running Elasticsearch that made information available without authentication.
A cluster of servers called “digital-logs-prd” attracted the researcher’s attention and with a simple command, he listed the indices available, one of them 429.1GB in size. The file included personally identifiable information of SKY Brasil customers, which featured full name, email address, service login password, client IP address, payment methods, phone number, and street address.
A data breach involving Elasticsearch search-engine technology exposed the personal information of nearly 57 million people for at least two weeks, according to report by the cybersecurity organization Hacken.
The breach exposed 73 gigabytes of data as early as Nov. 14, Hacken said, including the names, employers, job titles, emails, addresses, phone numbers and IP addresses of 56,934,021 U.S. residents. There was a separate cache of data titled “Yellow Pages,” the report said, with 25 million records about businesses, including information such as names, company details, zip addresses, latitude/longitude, census tract, phone numbers, web addresses, emails, revenue numbers and more.
Read more about the massive data breach on CyberScoop.
Brazil’s Federation of Industries of the State of São Paulo (FIESP) is being accused of exposing millions of personal data records from three of its databases online. FIESP represents about 130 thousand companies and is the largest class entity in the Brazilian industrial sector. The records leaked included names, ID and social security numbers, as well as full addresses, emails and telephone numbers.
Bob Diachenko, a security researcher at white hat hacker ecosystem Hacken Proof, claims to have discovered three databases containing personal records that could be accessed through the Elasticsearch search engine on November 12. The largest data source had 34.8 million entries.
Read more about the massive Brazilian data leak on ZDNet.