Here’s your weekly data breach news roundup:
- UPS and Norfolk Southern
- OpenWRT Forum
- Nitro PDF
- Precision Spine Care
- Hendrick Health System
UPS and Norfolk Southern
UPS and Norfolk Southern employee data exposed after an apparent ransomware attack and #databreach at occupational health provider.— DevaOnBreaches (@DevaOnBreaches) January 19, 2021
Its customers include the U.S. Secret Service and Naval Special Warfare Development Group - better known as SEAL Team Six.https://t.co/NemDbD40W3
UPS and Norfolk Southern said they are looking into whether employee health data was compromised after hackers posted medical records of truck drivers and rail workers to a leak site following an apparent ransomware attack and data breach at a Virginia-based occupational health-care provider.
It was not immediately clear how many UPS and Norfolk Southern personnel were affected by the leak of over 3,000 files from occupational health provider Taylor Made Diagnostics on Jan. 8. But FreightWaves found multiple health records for employees from both firms, in addition to multiple smaller trucking companies, U.S. government agencies and defense contractors from as recently as December 2020.
The maintainers of OpenWRT, an open-source project that provides free and customizable firmware for home routers, have disclosed a security breach that took place over the weekend.
According to a message posted on the project’s forum and distributed via multiple Linux and FOSS-themed mailing lists, the security breach took place on Saturday, January 16, around 16:00 GMT, after a hacker accessed the account of a forum administrator.
“It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled,” the message reads.
The OpenWRT team said that while the attacker was not able to download a full copy of its database, the attack did download a list of forum users, which included personal details such as forum usernames and email addresses.
No passwords were included in the downloaded data, but citing an “abundance of caution,” OpenWRT administrators have reset all forum user passwords and API keys.
Read more at : https://www.zdnet.com/article/openwrt-reports-data-breach-after-hacker-gained-access-to-forum-admin-account/
A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked and it contains email addresses, full names, bcrypt hashed passwords, company names, and more. #databreach https://t.co/iaDniIGzRQ— DevaOnBreaches (@DevaOnBreaches) January 21, 2021
A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.
The 14GB leaked database contains 77,159,696 records with users’ email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.
The massive Nitro PDF data breach BleepingComputer first reported last year also impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.
Nitro Software disclosed a “low impact security incident” on October 21, 2020, in an advisory to the Australia Stock Exchange, stating that no customer data was impacted.
Precision Spine Care
Precision Spine Care, a Texas-based spinal care center, has warned of a potential #databreach after an unauthorized individual gained remote access to an employee’s email account in an attempt to fraudulently divert funds from the organization.https://t.co/Hy7ZBfQ35s— DevaOnBreaches (@DevaOnBreaches) January 21, 2021
Precision Spine Care, a Texas-based spinal care center, has warned of a potential data breach after an unauthorized individual gained remote access to an employee’s email account in an attempt to fraudulently divert funds from the organization.
The company, which has facilities in the cities of Tyler, Longview, Lufkin, Texarkana, and Nacogdoches, has become one of the first US healthcare companies to flag a potential data breach in 2021, in line with HIPAA requirements.
“Although there is no indication that any information was accessed, in an abundance of caution, we have taken steps to notify all potentially affected individuals and to provide resources to assist you,” Precision Spine Care told patients in a recent security alert.
US cyber-security firm Malwarebytes today said it was hacked by the same group which breached IT software company SolarWinds last year.
Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn’t use any of SolarWinds software in its internal network.
Instead, the security firm said the hackers breached its internal systems by exploiting a dormant email protection product within its Office 365 tenant.
Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on December 15, which detected suspicious activity coming from the dormant Office 365 security app.
At the time, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious apps created by the SolarWinds hackers, also known in cyber-security circles as UNC2452 or Dark Halo.
Malwarebytes said that once it learned of the breach, it began an internal investigation to determine what hackers accessed.
“After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails,” said today Marcin Kleczynski, Malwarebytes co-founder and current CEO.
A threat actor known as ShinyHunters has leaked 1.9 million Pixlr user records containing information that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by Inmagine. #databreach https://t.co/bjh4uj7esE— DevaOnBreaches (@DevaOnBreaches) January 21, 2021
A hacker has leaked 1.9 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks.
Pixlr is a very popular and free online photo editing application with many of the same features found in a professional desktop photo editor like Photoshop. While Pixlr offers basic editing tools for free, the site also provides premium memberships that include more advanced tools, stock photos, and other features.
Over the weekend, a threat actor known as ShinyHunters shared a database for free on a hacker forum that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company, Inmagine.
Bonobos men’s clothing store has suffered a massive data breach exposing millions of customers’ personal information after a cloud backup of their database was downloaded by a threat actor. Bonobos states that the corporate systems were not breached during the attack.
Bonobos started as an online men’s clothing store but later expanded to sixty locations to try on clothes before purchasing them. Walmart bought Bonobos in 2017 for $300 million to sells its clothing on their Jet.com site.
Last weekend, a threat actor known as ShinyHunters, who is notorious for hacking online services and selling stolen databases, posted the full Bonobos database to a free hacker forum.
Hendrick Health System
An IT security incident at Abilene, Texas-based Hendrick Health System exposed hundreds of thousands of patients’ information.
The breach occurred on Nov. 20, disrupting IT operations. An investigation found the incident exposed the information of 640,436 patients. The information was exposed from Oct. 10 to Nov. 9, although the incident did not affect Hendrick’s EHR.
The information breached during the incident includes patient names, Social Security numbers and demographics. Click here for more information about the incident.
The three-hospital health system shut down its IT network on Nov. 9 after a security threat to the main campus was identified.
A hacker has leaked the details of millions of users registered on Teespring, a web portal that lets users create and sell custom-printed apparel.
The user data was leaked last Sunday on a public forum dedicated to cybercrime and the sale of stolen databases.
The Teespring data was made available as a 7zip archive that includes two SQL files. The first file contains a list of more than 8.2 million Teespring users’ email addresses and the date the email address was last updated.
The second file includes account details for more than 4.6 million users.
Details included in this second SQL file a hashed version of the email address, usernames, real names, phone numbers, home addresses, and Facebook and OpenID identifiers users used to log into their accounts.
Other details related to a user’s Teespring online account information is also included and is not believed to be sensitive.
The good news is that not all accounts have this information filled, which reduces how the breach affected each Teespring user to the amount of granular data they provided to the company. Secondly, password data was not included; however, it is unclear if hackers gained access to passwords and just chose not to release them.