02 Feb
Here’s your weekly data breach news roundup:
- USCellular
- Bykea
- Scottish Environment Protection Agency (SEPA)
- Chqbook.com
- PupBox
- MeetMindful
USCellular
Mobile network operator USCellular suffered a #databreach after hackers gained access to its CRM and viewed customers' accounts.
— DevaOnBreaches (@DevaOnBreaches) January 29, 2021
Exposed data includes name, address, PIN, and cellular telephone numbers(s) as well as wireless services plans and more.https://t.co/bO5nVaVNKS
Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers’ accounts.
In a data breach notification filed with the Vermont attorney general’s office, USCellular states that retail store’s employees were scammed into downloading software onto a computer.
This software allowed an attacker to access the computer remotely, and as the employee was logged into the customer relationship management (CRM), they gained access to that as well.
“On January 6, 2021, we detected a data security incident in which unauth0rized individuals may have gained access to your wireless customer account and wireless phne number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer.”
“Since the employee was already logged into the customer retail management (“CRM”) system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee’s credentials,” states the USCellular data breach notification.
USCellular believes the attack occurred on January 4th, 2021.
Bykea
Bykea, a renowned bike-hailing application in Pakistan has suffered a #databreach.
— DevaOnBreaches (@DevaOnBreaches) January 29, 2021
Exposed data includes more than 400 million records of customers which includes their name, addresses, payment information, and other highly personal and sensitive data.https://t.co/NFYeSXqEgx
Bykea, a renowned bike-hailing application in Pakistan has suffered a massive security breach which has allegedly affected its extensive database.
According to a report published by Safety Detectives, Bykea has seemingly exposed more than 200 gigabytes worth of data. This data includes more than 400 million records of customers which includes their name, addresses, payment information, and other highly personal and sensitive data. This elastic server vulnerability was discovered during a routine a routine IP-address check.
Apparently, the researchers found the link to be extremely easy to hack in to as no password protection was or encryption of any kind was used; anyone with possession of the IP-address of the server could access the database and remove or manipulate its data.
Scottish Environment Protection Agency (SEPA)
Scottish Environment Protection Agency (SEPA) breached data is now exposed by the ransomware gang. They published 4,150 files on the dark web containing corporate plans, contracts, spreadsheets, and potentially personal information.https://t.co/0FYEjlSict
— DevaOnBreaches (@DevaOnBreaches) January 28, 2021
There’s more bad news for the Scottish Environment Protection Agency (SEPA) which was hit by a ransomware attack on Christmas Eve – a serious security breach that has continued to impact its internal systems and forced its email offline.
The Conti ransomware gang has now published 4,150 files stolen from SEPA on the dark web. Corporate plans, contracts, spreadsheets, and potentially personal information about staff, can be found amongst the haul of files now available for anybody to download with no payment required.
The malicious hackers have released the files that they stole from SEPA before unleashing their file-encrypting ransomware in frustration that the agency refused to pay any money to its extortionists.
Chqbook.com
‘https://t.co/RmcNjZqB6K,’ an India-based online banking service, has suffered a #databreach. The incident has exposed 2.5 million Indians, who had their bank balance, passport number, Aadhaar number, credit score,date of birth, email address, and more. https://t.co/BYuq6IRPCF
— DevaOnBreaches (@DevaOnBreaches) January 27, 2021
‘Chqbook.com,’ an India-based online banking service that offers credit card, loan, and insurance management services for small businesses and merchants, has suffered a data breach. The incident has severely exposed 2.5 million Indians, who had their bank balance, PAN number, passport number, Aadhaar number, credit score, credit card outstanding, voter ID, email address, date of birth, and even their card PIN leaked.
The discovery of the dataset that has appeared online now comes from researcher Rajshekhar Rajaharia, who tipped us off and shared the details.
PupBox
PupBox announced that its website, https://t.co/ewQVGwSeKt, had been impacted by a #databreach.
— DevaOnBreaches (@DevaOnBreaches) January 26, 2021
Exposed data includes subscribers' names, addresses, email addresses, passwords, credit card numbers, credit cards, and more.https://t.co/cUz3iUKFbJ
A San Francisco law firm has launched an investigation into a data breach that took place at a subsidiary of Petco Health and Wellness Company.
The breach, which occurred over a six-month period last year, resulted in the exposure of the payment card information of tens of thousands of customers of PupBox, Inc.
PupBox, which appeared on the entrepreneurial-themed reality TV show Shark Tank, sells customized puppy subscription boxes containing toys, treats, chews, and accessories handpicked according to the animal’s age and physical characteristics.
On October 2, 2020, PupBox announced that its website, PupBox.com, had been the target of a prolonged data breach affecting more than 30,000 of its subscribers.
Threat actors installed an unauthorized website plug-in that allowed personal information to be captured and shared with a third-party server between February 11, 2020, and August 9, 2020.
Data potentially exposed in the breach includes subscribers’ names, addresses, email addresses, passwords, credit card numbers, credit card expiration dates, and credit card CVV codes.
MeetMindful
A well-known hacker has leaked the details of more than 2.28 million users registered on https://t.co/vCzAXCNOPu, a dating website.#Databreach includes: Real names, Emails, location details, body details, Dating preferences, Marital status, and more.https://t.co/P2vVlt85w5
— DevaOnBreaches (@DevaOnBreaches) January 26, 2021
A well-known hacker has leaked the details of more than 2.28 million users registered on MeetMindful.com, a dating website founded in 2014, ZDNet has learned this week from a security researcher.
The dating site’s data has been shared as a free download on a publicly accessible hacking forum known for its trade in hacked databases.
The leaked data, a 1.2 GB file, appears to be a dump of the site’s users database.
The content of this file includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps.
Some of the most sensitive data points included in the file include:
- Real names
- Email addresses
- City, state, and ZIP details
- Body details
- Dating preferences
- Marital status
- Birth dates
- Latitude and longitude
- IP addresses