Hackers Gained Access to Sprint Customer Accounts via Samsung Site

Image Source: iStock.com/TennesseePhotographer

As reported on Tuesday, July 16, Sprint has confirmed that a data breach took place through  Samsung’s website, in which hackers were able to access customers’ accounts. There is no detail on how many of such accounts were breached through this occurrence.

The data breach took place on June 22nd, to which Sprint had notified consumers that information such as first and last names, billing addresses, phone numbers, account numbers and more were compromised. According to a statement provided through their website, Sprint stated how the information collected by hackers does not allot for the possibility of fraud or identity theft to occur. After the breach, Sprint had “taken appropriate action” in securing customer accounts to avoid another mishap such as this from happening again. The carrier company also noted how fraudulent activity has yet to be detected. 

On June 25th, Sprint had reset its customers’ Personal Identification Numbers (PINs) in case hackers had breached consumer accounts through PIN. Hackers could have likely gained access to account PINs via a Boost Mobile breach that occurred back in March (Boost Mobile uses Sprint’s network). 

Sprint’s spokesperson emailed CNET stating that “credit card and social security numbers are encrypted and were not compromised” when the data breach happened. Another spokesperson from Samsung had stated that fraudulent activity was detected through hackers using Sprint account information on Samsung’s main website. The spokesperson continues: “We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.”

Boost Mobile Customer Accounts Breached by Hackers

Sprint’s mobile network Boost Mobile recently admitted to hackers having breached their customers’ accounts through their main website. The data breach originally occurred back in March and was only recently announced.

A website notification was posted to which the company stated that their site “experienced unauthorized online account activity [and that] an unauthorized person accessed [user] account[s] through [their] Boost phone number and Boost.com PIN code.” The company’s fraud team noted how the incident was quickly taken care of through “a permanent solution [that was used] to prevent similar unauthorized account activity.”

According to TechCrunch’s communication with a Sprint spokesperson, Boost Mobile had encrypted any social security or credit card information, leaving such sensitive data uncompromised in the data breach.

Due to the breach affecting a large consumer base of over 500 people, the company had to notify the California attorney general through written notice.

Through access to Boost Mobile’s user account names and PINs, hackers can utilize a type of cyberattack known as credential stuffing to automate and send login requests on the Boost Mobile site to access consumer accounts. The company has already sent a text with a new temporary PIN to those affected by the breach. Users can log into their accounts with the link provided in the text message in order to set a new PIN code. Boost Mobile recommends users reset their PINs if they have not done so already.

In the meantime, the company has also recommended that customers regularly check their Boost Mobile accounts for any fraudulent activity and to report any identity theft or fraud to consumer credit reporting companies.

Microsoft Reveals Hackers Accessed Emails from Outlook.com Users

Microsoft Outlook Logo
Image Source: Microsoft Outlook logo

Recently Microsoft had announced that a security breach had taken place on its Outlook.com site, in which hackers were able to access user accounts, essentially allowing cybercriminals to view email messages, email addresses, and folder names.

According to Microsoft, a support agent’s web mail service was compromised, allowing hackers to access user accounts from January 1st to March 28th, 2019. Once the issue was discovered, the support account was taken down.

Vice’s Motherboard claims that the hackers had access to users’ accounts for six months, to which Microsoft had refuted and stated that the breach occurred within the three month period as mentioned in their notification message to its users. The compromise allowed hackers to even access iCloud accounts to remove the Activation Lock feature on stolen iPhones – a feature that would prevent thieves from factory resetting the devices to sell for profit.

Microsoft had notified those consumers – around six percent – who had their email contents potentially breached by the hackers. The total number of consumers affected by this breach has not been revealed by Microsoft.

127 Million User Records From Various Sites Now Being Sold On Dark Web

The same hacker who had stolen 620 million user records has returned, this time stealing another 127 million records from various websites including Coinmama, Houzz, Petflow, and YouNow.

User data is now being sold over a dark web marketplace, Dream Market, where individuals sell malware and user data. Currently, the individual(s)–”Gnosticplayers”–is selling the stolen website credentials for around four bitcoin, which is approximately $20,000 in value according to TechCrunch’s reporting. The asking price varies based on which website the data is coming from, as well as user data quality. It is currently unclear on whether the hacker is acting alone or using a team effort in selling acquired user data from this breach.

ZDNet reports the following websites that were affected, including the number of accounts stolen and the price to which the seller is asking for:

  • Ge.tt (file sharing service) – 1.83 million accounts – 0.16 bitcoin
  • Ixigo (travel and hotel booking) – 18 million accounts – 0.262 bitcoin
  • Roll20.net (gaming) – 4 million accounts – 0.0582 bitcoin
  • Houzz (interior design) – 57 million accounts – 2.91 bitcoin
  • Coinmama (cryptocurrency exchange) – 420,000 accounts – 0.3497 bitcoin
  • Younow (live streaming) – 40 million accounts – 0.131 bitcoin
  • StrongHoldKingdoms (gaming) – 5 million accounts – 0.291 bitcoin
  • Petflow (pet food delivery) – 1 million – 0.1777 bitcoin

In just the last week, Houzz disclosed its data breach to users via email. This second wave of stolen data comes after a recent reporting by The Register which revealed sites such as MyHeritage, MyFitnessPal, HauteLook, and CoffeeMeetsBagel that were all breached in the previous week. Both MyHeritage and MyFitnessPal had already notified users of their website breach last year while CoffeeMeetsBagel had just announced their breach today. (Quite the Valentine’s Day surprise!)

Last week’s data breach which included the 620 million user accounts from 16 websites were taken down from the dark web by its seller, as “buyers complained that a prolonged sale would…lead to [the]…databases…becoming available to everyone,” as Catalin Cimpanu from ZDNet reports.

New Chrome Extension from Google Can Notify You If Your Passwords Are Secure

As perfect timing for today’s Safer Internet Day, Google released a new Chrome extension that allows users to check if their passwords were exposed after the latest data breaches.

Once the extension has been added to your Chrome browser, Google notifies you with a warning if your login credentials matched any information found within an extensive database of four billion usernames and passwords from previous breaches.

Many of us are guilty with using the same passwords for our accounts, which is why breaches like that of Collection #1 remind us to use unique passwords instead. Regardless, even having many different passwords could be difficult in terms of knowing which hasn’t been compromised in such massive data breaches. However, thanks to Google’s extension, you can protect your accounts the next time you log in.

Image Source: Google

The Password Checkup extension works by encrypting the login credentials that are sent to Google. As Jon Porter from The Verge reports, “[p]asswords in the database are stored in a hashed and encrypted form, and any warning that’s generated about your details is entirely local to your machine.”

If you find out your password has been compromised, you can even use Chrome’s password generator to create a new password.

Though Chrome’s Password Checkup helps users in this time of need, this underlying concern still remains: are passwords really safe to use nowadays? WebAuthn–which uses tokens instead of passwords–may be a safer option, for example, but has yet to be implemented into more web browsers.

While you use Chrome’s new extension, make sure to utilize other resources to your advantage such as a password manager and two-factor authentication system. Furthermore, always use unique passwords when setting up your accounts.

1-800-FLOWERS Affected by Undetected Credit Card Breach Over Four Year Period

In a recent filing with California’s Attorney General Office, 1-800-FLOWERS was revealed to be the victim of a silent malware attack that affected the business within a four year period. As the filing explains, customer credit card information was stolen from the Canadian branch’s website, while the main 1800Flowers.com website was unaffected.

What is interesting to note is how the malware affected the site for four years without any detection. During the time frame between August 15, 2014 and September 15, 2018, consumers’ first and last names, as well as card numbers, expiry dates, and security codes were all accessed by the unknown hacker(s).

The report did not disclose the number of consumers affected by the breach, but the company is required to inform its customers of the incident when a breach affects more than 500 people, this according to California law.

Interestingly enough, 1-800-FLOWERS was the second company to report a four-year long breach, as the Marriott was also affected within a four-year period when hackers stole 500 million guest records.

For now, the company recommends that all its customers keep a close watch on their payment records and to report any suspicious charges to their bank or issuing card company.

How to Check If Your Facebook Data Has Been Breached

Facebook faced immense backlash as the company announced 30 million personal accounts had been compromised in its most recent data breach back in September. Users’ contact and address information were all accessed during the breach, along with other sensitive data such as a user’s 15 most recent searches.

Facebook’s Help Center can assist users in figuring out if their account was hit by the breach.

Use these steps to find out how:

  1. On the top right corner of your Facebook account, click on the “?” icon to access  Help Center. You can also click the link below:

https://www.facebook.com/help/securitynotice?ref=sec

  1. Search “security incident” in the search box above.
  2. Scroll down to the bottom of the page to see the section marked: “Is my Facebook account impacted by this security issue?”
  3. This section will provide a “yes” or “no” answer to its users. The message will also show up on users’ news feeds.

  1. If No, there is no action needed to be taken at this time.
  2. If Yes, you will be in one of these categories:
  • You’re one of the 15 million users’ whose name and phone/email has been stolen.
  • You’re one of the 14 million users’ whose account got breached with getting access to your “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places you’ve checked into or were tagged in, website, people or Pages you follow, and the 15 most recent searches.”
  • You’re in the 1 million users whose access token got stolen, but luckily no information has been breached. 

If your data was accessed from this breach, there is no need to change your password or credit card information at this time. Furthermore, keep an eye out for scam calls and spam emails that ask for your personal information such as the login credentials for signing into your accounts. If you were in the 14 million within Group B, it’s best to call your bank or phone carrier to input a pin code to prevent hackers from essentially pretending to be you in order to access your accounts.

After such a massive data breach, should we really trust Facebook as a safe space to continue sharing with our loved ones?

 

British Airways Announces Data Breach of Consumer Credit Card Information

Image Source: iStock.com/Boarding1Now

On Thursday, September 6th, British Airways announced they were the latest target of a data breach involving compromised credit card data of around 380,000 consumers.

In a statement, the airline clarifies how passport information was not affected by the breach. Financial details were said to be stolen between August 21 and September 5 from both the British Airways website and mobile application.

Due to negligence in data protection, British Airways may have a 4% fine in their hands, as GDPR data protection laws strictly target the global annual income of businesses that make such errors.

According to a security firm, hackers used skimming malware to gain access to consumer payment information. RiskIQ researcher Yonathan Klinjnsma explains how it took only 22 lines of injected code into the airline’s mobile and web platform for the breach to occur. Such online-skimming tactics aren’t new, as Ticketmaster UK was also hit by a similar breach back in June, this caused by the same hacker operatives known as “Magecart”.

As explained in his research:

“Magecart injects scripts designed to steal sensitive data that consumers enter into online payment forms on e-commerce websites directly or through compromised third-party suppliers used by these sites.”

Hackers specifically customized their coding structure to avoid any possible detection. Once consumers inputted their credit card information and hit “submit”, such data was “extracted…and sent to the attacker’s server,” Klinjnsma reports. Consumer names, including email and billing addresses were also collected.

“Magecart is [still] an active threat…[and has] been active since 2015…” he says. Hackers using this technique of information theft “have continually refined their tactics…to maximize [their] return…”

Consumers of the airline have been urged to get a new card after the breach was reported.

To avoid any further situations such as this, companies must always take precautionary steps of heightened security to ensure consumer data is safe, especially when sensitive information is involved.

T-Mobile Has Revealed Data Breach of 2 million Customers

The company says that passwords may have also been revealed, only through an encrypted form not [compromised].

In a statement to consumers on Thursday evening, T-Mobile announced a new data breach that allowed hackers to access more than 2 million people’s personal information such as their name, number, address, accounting number, and account type. Credit card information was not accessed during the breach. T-Mobile’s representative spoke out to Motherboard to explain how “[a]round 3 percent of [the company’s] 77 million customers…may have been affected” (Sean Keane, CNET). A text message was sent to all customers affected by the breach.

It was later discovered that “encrypted passwords” were also exposed in the data breach, as explained by a spokesperson from T-Mobile.John Legere T-Mobile’s CEO mentioned in a tweet that “it’s always a good idea to regularly change account passwords.”

As this article from CNET explains:

        “The company says that hackers couldn’t actually read them — since they were encrypted — but Motherboard says that a pair of security researchers believe T-Mobile used the MD5 algorithm to protect them, a protection scheme whose own author declared it “no longer considered safe” back in 2012. However, T-Mobile wouldn’t confirm whether it used MD5 or not.“.

T-Mobile had experienced another cybersecurity issue back in May when researchers noticed that customers’ personal data could easily be retrieved through means of using their phone number. Meanwhile, the company is working to improve its quality of service for its customers.

The original article from CNET (as referenced in this post) can be found here.

 

Data Breach within MyHeritage Announced — 92M User Emails and Passwords Exposed

It’s one piece of news you never want to see or hear–the fact that your personal account has been compromised through a data breach within a website you trusted to keep your information secure. We’ve seen it happen multiple times through companies such as Yahoo and Equifax, and recently, MyHeritage–a family tree and genetic history website–has also joined the data-breach train, where 92 million users have been affected through email and password compromisation.

As explained through one of MyHeritage’s blog posts, a security researcher had discovered a file from “a private server” titled “myheritage” that contained millions of account emails and hashed passwords–passwords that have been one-way encrypted to keep sensitive data stored safely. While hashed passwords are somewhat protected from being “reversed” into attaining the original password (as it does take extensive computing knowledge to do so), MyHeritage has advised all its users to create new passwords regardless.

In times like these, it is always a great idea to utilize an original password unique to MyHeritage, rather than updating the password to one that is already used in other accounts for another website. Hackers can always try to cross-reference the list of emails attained through this breach with the list of emails attained through previous breaches to access other sensitive information you own. Having a unique password for each website can halt such access.

As MyHeritage explains in their post:

Credit card information is not stored on MyHeritage to begin with, but only on trusted third-party billing providers (e.g. BlueSnap, PayPal) utilized by MyHeritage. Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised.

Keeping this statement in mind, we can rest assured the company has looked into other aspects of the data breach to make certain other information was not compromised. The company has further explained within their blog statement how two-factor authentication will be implemented soon, as they are now “expediting” the process. This authentication will allow users to include a mobile number along with their password to login to MyHeritage, further helping safeguard their accounts from unlawful access.

For now, MyHeritage has provided a 24/7 security customer support team to answer any or all questions for users who have concerns regarding the data breach.

For more information, click here.