14 Feb
Here’s your weekly #databreach news roundup:
Toyota, Reddit, AmerisourceBergen, TruthFinder, Instant Checkmate, FR8, Weee!, and A10 Networks.
TruthFinder & Instant Checkmate
PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a #databreach after hackers leaked a 2019 backup database containing the info of millions of customers.https://t.co/09uTO5xBEX
— DevaOnBreaches (@DevaOnBreaches) February 6, 2023
PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers.
TruthFinder and Instant Checkmate are subscription-based services allowing customers to perform background checks on other people. When conducting background checks, the sites will use publicly scraped data, federal, state, and court records, criminal records, social media, and other sources.
In 2020, PubRec, LLC (owners of TruthFinder and Instant Checkmate) merged with PeopleConnect Holdings, Inc. (the owners of Classmates and Intellius), creating a massive portfolio of services specialized in finding information about people.
FR8
India’s largest truck brokerage and freight delivery company, FR8, is facing a serious data leak problem that exposed more than 140 gigabytes of data, which is available to the public without any password or security authentication. @hak1mlukha @WAK4S https://t.co/0vhdKC4W6r
— DevaOnBreaches (@DevaOnBreaches) February 6, 2023
India’s largest truck brokerage and freight delivery company, FR8, is facing a serious data leak problem. According to the IT security researcher Anurag Sen working with Italian cyber security firm FlashStart, the organization has exposed more than 140 gigabytes of data, which is available to the public without any password or security authentication.
According to Hackread.com, the leaked data includes sensitive information such as customer records, invoices, and payment details across India. Not only that, but it also contains other personal information, such as names, addresses, and contact numbers of both customers and employees. FR8 claims to be “India’s largest truck transport service company,” currently operating in over 60 cities across the country.
Toyota's Global Supplier Preparation Information Management System (GSPIMS) was breached by a security researcher who responsibly reported the issue to the company. @billtoulas @BleepinComputer https://t.co/u9YmiS2wOV
— DevaOnBreaches (@DevaOnBreaches) February 9, 2023
Toyota’s Global Supplier Preparation Information Management System (GSPIMS) was breached by a security researcher who responsibly reported the issue to the company.
GSPIMS is the car manufacturer’s web application that allows employees and suppliers to remotely log in and manage the firm’s global supply chain.
The security researcher, who publishes under the pseudonym EatonWorks, discovered a “backdoor” in Toyota’s system that allowed anyone to access an existing user account as long as they knew their email.
In a test intrusion, the researcher found that he could freely access thousands of confidential documents, internal projects, supplier information, and more.
The issues were responsibly disclosed to Toyota on November 3, 2022, and the Japanese car maker confirmed they had been fixed by November 23, 2022.
Weee!
Weee!, a US-based online grocery delivery platform, had delivery data of 11 million customers leaked online.
— DevaOnBreaches (@DevaOnBreaches) February 9, 2023
The attacker uploaded a database with information on 11 million Weee! customers. #databreach @MrVilius https://t.co/V5MPRBqNPB
Weee!, a US-based online grocery delivery platform, had delivery data of 11 million customers leaked online. Some logs include door codes that couriers use to enter buildings.
The attacker uploaded a database with information on 11 million Weee! customers. The Cybernews research team confirmed that the leak appeared to be composed of data that didn’t appear in previous leaks.
The threat actor who posted the database claims that the database was stolen in February 2023. The attacker who posted the database appears to be the same person who leaked stolen data from mobile carrier US Cellular.
AmerisourceBergen
Pharmaceutical distributor AmerisourceBergen confirmed that hackers compromised the IT system of one of its subsidiaries after threat actors began leaking allegedly stolen data. #databreach @billtoulas @BleepinComputer https://t.co/rORwgWRrI4
— DevaOnBreaches (@DevaOnBreaches) February 10, 2023
Pharmaceutical distributor AmerisourceBergen confirmed that hackers compromised the IT system of one of its subsidiaries after threat actors began leaking allegedly stolen data.
AmerisourceBergen is a pharmaceutical product distributor, medical business consultant, and patient services provider. The company is a giant in the healthcare industry, employing 42,000 people and operating multiple distribution centers in the United States, Canada, and the UK, with 150 offices worldwide.
As first reported by security researcher Dominic Alvieri, the Lorenz ransomware gang ended a lengthy period of silence by listing AmerisourceBergen and their allegedly stolen data on its extortion site.
AmerisourceBergen confirmed the attack to BleepingComputer, stating that the intrusion was contained and they are investigating whether the incident has resulted in the compromise of sensitive data.
#Reddit has suffered a security breach, with unidentified threat actors accessing internal documents, code, and some internal business systems.
— The Hacker News (@TheHackersNews) February 10, 2023
Read: https://t.co/cvE2cNhiff#infosec #databreach #cybersecurity #informationsecurity
Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems.
The company blamed it on a “sophisticated and highly-targeted phishing attack” that took place on February 5, 2023, aimed at its employees.
The attack entailed sending out “plausible-sounding prompts” that redirected to a website masquerading as Reddit’s intranet portal in an attempt to steal credentials and two-factor authentication (2FA) tokens.
A single employee’s credentials is said to have been phished in this manner, enabling the threat actor to access Reddit’s internal systems. The affected employee self-reported the hack, it further added.
A10 Networks
The California-based networking hardware manufacturer ‘A10 Networks’ has confirmed to BleepingComputer that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data. #databreach @billtoulas @BleepinComputer https://t.co/4lrMgU62rp
— DevaOnBreaches (@DevaOnBreaches) Febr
The California-based networking hardware manufacturer ‘A10 Networks’ has confirmed to BleepingComputer that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data.
A10 Networks specializes in the manufacturing of software and hardware application delivery controllers (ADC), identity management solutions, and bandwidth management appliances, while it also offers firewall and DDoS threat intelligence and mitigation services.
Its customers include Twitter, LinkedIn, Samsung, Uber, NTT Communications, Sony Pictures, Windows Azure, Xbox, Yahoo, Alibaba, China Mobile, Comcast, Deutsche Telekom, Softbank, GE Healthcare, GoDaddy, and Huffington Post.
In an 8-K filing submitted earlier this week, the company says the security incident occurred on January 23, 2023, and lasted for a few hours before its IT team managed to stop the intrusion and contain the damage.