Accountability, Data collection and Hacking

NationalPublicData.com Hack Exposes a Nation’s Data

Krebs on Security

AUGUST 15, 2024

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. It remains unclear how thieves originally obtained these records from National Public Data.

Hacking

Hacking Data breaches Identity Theft Accountability

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Adam Levin

JANUARY 18, 2019

Hunt found an archive of the data on MEGA, a file-sharing site and has been featured on at least one hacking forum. Hunt transferred the compromised emails and passwords to the website haveibeenpwned.com , where users can check to see if their account data was compromised.

Accountability

Accountability Passwords Data breaches Data collection

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us.

Data breaches

Data breaches Passwords B2B Technology

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

Unlike any other season in America, election season might bring the highest volume of advertisements sent directly to people’s homes, phones, and email accounts—and the accuracy and speed at which they come can feel invasive. Escaping this data collection regime has proven difficult for most people.

Scams

Scams Identity Theft Cybercrime Accountability

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

AUGUST 26, 2020

Ngo got his treasure trove of consumer data by hacking and social engineering his way into a string of major data brokers. Ngo’s businesses enabled an entire generation of cybercriminals to commit an estimated $1 billion worth of new account fraud , and to sully the credit histories of countless Americans in the process.

Identity Theft

Identity Theft Computers and Electronics Hacking Accountability

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

The Last Watchdog

MAY 11, 2021

By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as secure as it needs to be. Related: DHS launches 60-day cybersecurity sprints.

Software

Software Hacking Malware Engineering

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

A credible threat actor is offering access to the email accounts of hundreds of C-level executives for $100 to $1500 per account. Access to the email accounts of hundreds of C-level executives is available on the Exploit.in for $100 to $1500 per account. SecurityAffairs – hacking, executive). Exploit.in

Accountability

Accountability Cybercrime Hacking Retail

Prominent US law firm Wolf Haldenstein disclosed a data breach

Security Affairs

JANUARY 16, 2025

The law firm pointed out that it has no evidence the exposed data has been misused. The law firm recommends individuals to monitor accounts and credit reports for identity theft or fraud. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,data breach)

Data breaches

Data breaches Identity Theft Consumer Protection Data collection

Protonmail hacked …. a very strange scam attempt

Security Affairs

NOVEMBER 17, 2018

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail. At the time it is not clear if the hacker belongs to a cyber crime gang, it claims to have stolen a “significant” amounts of data from the company. The ransom demand ( archive.is

Scams

Scams Hacking Data collection Advertising

Mobile virtual network operator Mint Mobile discloses a data breach

Security Affairs

DECEMBER 23, 2023

Our investigation indicates that certain information associated with your account was impacted.” ” reads the data breach notification email sent to the impacted customers. “Mint’s data collection policy is one of the most important ways in which we ensure the privacy and security of our subscribers.

Data breaches

Data breaches Mobile Wireless Data collection

Fashion brand Guess hacked, DarkSide ransomware group the likely culprit

SC Magazine

JULY 13, 2021

The company’s investigation determined that social security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired. For this reason – unlike [how] it appears in this case – organizations are wise to limit the amount of data kept and stored in systems,” Kron said. “For

Retail

Retail Ransomware Hacking Digital transformation

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach exposing customers’ account’s information. “We are reaching out to let you know about a security incident we recently identified and quickly shut down that may have impacted some of your T-Mobile account information.” SecurityAffairs – hacking, T-Mobile).

Data breaches

Data breaches Mobile Telecommunications Accountability

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

net available at the Wayback Machine shows that in 2016 this domain was used for the “ ExE Bucks ” affiliate program, a pay-per-install business which catered to people already running large collections of hacked computers or compromised websites. Others are fairly opaque about their data collection and retention policies.

VPN

VPN Computers and Electronics Antivirus Software

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. It emerges that email marketing giant Mailchimp got hacked. A single bitcoin is trading at around $45,000.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 9, 2024

New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform Pandabuy was extorted twice by the same threat actor UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces Chinese threat actor exploits old ThinkPHP flaws since October 2023 A new Linux (..)

Data breaches

Data breaches Banking Hacking Malware

Experts claim that iPhone’s analytics data is not anonymous

Security Affairs

NOVEMBER 23, 2022

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users.

Data collection

Data collection Accountability Hacking Software

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

Related: Credential stuffing fuels account takeovers. But, unfortunately, we live in a world of constant hacking attempts and security breaches. Breaches to multiple accounts that share the same or similar passwords. Stolen passwords that can lead to data leaks. We celebrated World Password Day on May 6, 2021.

Passwords

Passwords Password Management Accountability Authentication

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering

Social Engineering Data collection Media Passwords

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

Thirteen exchanges were hacked in 2017 and in the first three quarters of 2018, amounting to a total loss of $877 million. The company’s records indicate that dumps account for 62% of data sold, which means that POS Trojans are the main method of compromising plastic cards. Attacks on Crypto. About the author Group-IB.

Cybercrime

Cybercrime Hacking Banking Phishing

US sued TikTok and ByteDance for violating children’s privacy laws

Security Affairs

AUGUST 3, 2024

“According to the complaint, from 2019 to the present, TikTok knowingly permitted children to create regular TikTok accounts and to create, view, and share short-form videos and messages with adults and others on the regular TikTok platform. ” reads the press release published by DoJ.

Accountability

Accountability Data collection Risk Hacking

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. SecurityAffairs – hacking, Aleksandr Brovko). In some cases, the man manually chacked the stolen information. Pierluigi Paganini.

Accountability

Accountability Banking Advertising Data collection

Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition

Security Affairs

NOVEMBER 27, 2021

Italy’s antitrust regulator has fined both Apple and Google €10 million each for what it calls are “aggressive” data practices and not providing consumers with clear information on commercial uses of their personal data during the account creation phase. SecurityAffairs – hacking, Apple).

Data collection

Data collection Accountability Hacking Information Security

Ransomfeed – Third Quarter Report 2023 is out!

Security Affairs

FEBRUARY 13, 2024

The data collected unearthed a total of 1771 ransomware claims, with 55 recorded incidents in Italy. This report offers an exhaustive account of ransomware threats in the third quarter of 2023, spotlighting activities monitored by the OSINT Ransomfeed platform. Let us now delve into the detailed breakdown of the days.

Ransomware

Ransomware Data collection Hacking Accountability

Security Affairs newsletter Round 297

Security Affairs

JANUARY 17, 2021

SecurityAffairs – hacking, newsletter). If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini. The post Security Affairs newsletter Round 297 appeared first on Security Affairs.

Banking

Banking Data collection Malware Data breaches

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

SecureWorld News

AUGUST 15, 2024

In what could be one of the largest data breaches in history, personal information of potentially billions of individuals may have been compromised in a hack of National Public Data (NPD), a Florida-based background check company. The hackers initially offered this data for sale on the dark web for $3.5

Data breaches

Data breaches Identity Theft Password Management Data collection

EskyFun data leak, over 1 million Android gamers impacted

Security Affairs

AUGUST 28, 2021

This is an enormous amount of data collected from a few small, not well-known mobile games.” ” On Thursday, the team said that users of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Together, they account for over 1.6

Data breaches

Data breaches Mobile Data collection Hacking

NEW TECH: Why it makes more sense for ‘PAM’ tools to manage ‘Activities,’ instead of ‘Access’

The Last Watchdog

APRIL 22, 2020

PAM governs a hierarchy of privileged accounts all tied together in a Windows Active Directory ( AD ) environment. It didn’t take cyber criminals too long to figure out how to subvert PAM and AD – mainly by stealing or spoofing credentials to log on to privileged accounts. But SSO proved to be a boon for intruders, as well.

Accountability

Accountability Authentication Digital transformation Passwords

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. ’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. ” reads the advisory published by the CERT-UA.

Telecommunications

Telecommunications Authentication Data collection Passwords

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

Attackers also manipulate local Administrator accounts to maintain persistence, they were spotted enabling the disabled local Administrator account, followed by resetting its password. However, the exact persistence mechanisms remain unclear due to insufficient forensic data.

Malware

Malware Accountability Phishing Data collection

Taking Control Online: Ensuring Awareness of Data Usage and Consent

Security Affairs

SEPTEMBER 17, 2024

The report provides insights into factors influencing user consent for data collection and usage and reasons for consumer disengagement. More than half (55%) claimed that reducing unnecessary data collection was an additional factor that would help them gain trust in a company or brand.

Data collection

Data collection Data privacy B2B Digital transformation

ChatGPT at work: how chatbots help employees, but threaten business

SecureList

OCTOBER 13, 2023

This article delves deep into the settings and privacy policies of LLM-based chatbots to find out how they collect and store conversation histories, and how office workers who use them can protect or compromise company and customer data. The user creates an account and gains access to the bot. Account hacking.

Accountability

Accountability B2B Risk Hacking

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud. The author behind Meduza distributed the following notification about the update on multiple underground communities and Telegram group: Attention!

Password Management

Password Management Cryptocurrency Passwords Authentication

Google to Pay a record $391M fine for misleading users about the collection of location data

Security Affairs

NOVEMBER 15, 2022

“Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. Location data represent the core of the digital advertising business of the IT giant. SecurityAffairs – hacking, privacy). not hidden); and.

Consumer Protection

Consumer Protection Accountability Data collection Advertising

How AI Could Write Our Laws

Schneier on Security

MARCH 14, 2023

Consider, for example, a 2013 Massachusetts bill that tried to restrict the commercial use of data collected from K-12 students using services accessed via the internet. Another word for a strategy like this is a “hack.” ” Hacks follow the rules of a system but subvert their intent.

Energy and Utilities

Energy and Utilities Artificial Intelligence Technology Government

Talos wars of customizations of the open-source info stealer SapphireStealer

Security Affairs

SEPTEMBER 1, 2023

“In one case, we observed a SapphireStealer sample where the data collected using the previously described process was exfiltrated using the Discord webhook API, a method we previously highlighted here.” The FUD-Loader malware downloader was also published by the same GitHub account. ” continues the report.

Malware

Malware Data collection Architecture Hacking

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

percent of all the data collected, followed by TP-Link that accounted for 9.07%. The Chimay Red hacking tool leverages 2 exploits, the Winbox Any Directory File Read (CVE-2018-14847) and Webfig Remote Code Execution Vulnerability. . Security Affairs – IoT devices, hacking ). Pierluigi Paganini.

IoT

IoT Passwords Malware Advertising

How to Secure Your Business Social Media Accounts

BH Consulting

AUGUST 31, 2023

Having policies and procedures to secure social media accounts and minimise the potential for incidents can help. Recently, a client with several different social media accounts and a large team of people working on them approached BH Consulting to review its security and policies around them. Another risk is social media hacking.

Media

Media Accountability Passwords Authentication

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Spyware

Spyware Mobile Advertising Software

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada, Inc., Such revelations create intrigue as to whether a more insidious actor could perform a similar hack in order to conduct industrial espionage by spying on development and production activity.

Surveillance

Surveillance IoT Accountability Passwords

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. SecurityAffairs – hacking, ransomware). Opened email lets spy in. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Phishing

Phishing Ransomware Spyware Banking

XKCD forum data breach impacted 562,000 subscribers

Security Affairs

SEPTEMBER 3, 2019

The data breach impacted 562,000 subscribers, the forum has been taken offline after the incident. We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection.” New breach: XKCD had 562k accounts breached last month. The xkcd forums are currently offline.

Data breaches

Data breaches Passwords Advertising Data collection

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

eSecurity Planet

AUGUST 20, 2024

The company allegedly obtained this information from non-public sources without the consent of the person filing the complaint or the potentially billions of others affected by the data collection. The group asserted that these records included personal data from U.S., Canadian, and British citizens.

Identity Theft

Identity Theft Data breaches Passwords Encryption

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Krebs on Security

MAY 2, 2023

The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016.

Marketing

Marketing Advertising Scams Telecommunications

Avast details Worok espionage group’s compromise chain

Security Affairs

NOVEMBER 15, 2022

Avast experts were able to capture several PNG files embedding a data-stealing payload. They pointed out that data collection from victims’ machines using DropBox repository, and attackers use DropBox API for communication with the final stage. They steal data via the DropBox account registered on active Google emails.”

Data collection

Data collection Malware Accountability Hacking

NationalPublicData.com Hack Exposes a Nation’s Data

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Trending Sources

Inside the DemandScience by Pure Incubation Data Breach

Election season raises fears for nearly a third of people who worry their vote could be leaked

Confessions of an ID Theft Kingpin, Part I

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

Hundreds of C-level executives credentials available for $100 to $1500 per account

Prominent US law firm Wolf Haldenstein disclosed a data breach

Protonmail hacked …. a very strange scam attempt

Mobile virtual network operator Mint Mobile discloses a data breach

Fashion brand Guess hacked, DarkSide ransomware group the likely culprit

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

A Deep Dive Into the Residential Proxy Service ‘911’

Happy 13th Birthday, KrebsOnSecurity!

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

Experts claim that iPhone’s analytics data is not anonymous

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

US sued TikTok and ByteDance for violating children’s privacy laws

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition

Ransomfeed – Third Quarter Report 2023 is out!

Security Affairs newsletter Round 297

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

EskyFun data leak, over 1 million Android gamers impacted

NEW TECH: Why it makes more sense for ‘PAM’ tools to manage ‘Activities,’ instead of ‘Access’

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Taking Control Online: Ensuring Awareness of Data Usage and Consent

ChatGPT at work: how chatbots help employees, but threaten business

New Version of Meduza Stealer Released in Dark Web

Google to Pay a record $391M fine for misleading users about the collection of location data

How AI Could Write Our Laws

Talos wars of customizations of the open-source info stealer SapphireStealer

Evolution of threat landscape for IoT devices – H1 2018

How to Secure Your Business Social Media Accounts

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

XKCD forum data breach impacted 562,000 subscribers

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Avast details Worok espionage group’s compromise chain

Stay Connected