w06-2023

Here’s your weekly #databreach news roundup:​​​​​

Toyota, Reddit, AmerisourceBergen, TruthFinder, Instant Checkmate, FR8, Weee!, and A10 Networks.

TruthFinder & Instant Checkmate

w06-2023-truthfinder
w06-2023-instantcheckmate

PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers.

TruthFinder and Instant Checkmate are subscription-based services allowing customers to perform background checks on other people. When conducting background checks, the sites will use publicly scraped data, federal, state, and court records, criminal records, social media, and other sources.

In 2020, PubRec, LLC (owners of TruthFinder and Instant Checkmate) merged with PeopleConnect Holdings, Inc. (the owners of Classmates and Intellius), creating a massive portfolio of services specialized in finding information about people.

FR8

India’s largest truck brokerage and freight delivery company, FR8, is facing a serious data leak problem. According to the IT security researcher Anurag Sen working with Italian cyber security firm FlashStart, the organization has exposed more than 140 gigabytes of data, which is available to the public without any password or security authentication.

According to Hackread.com, the leaked data includes sensitive information such as customer records, invoices, and payment details across India. Not only that, but it also contains other personal information, such as names, addresses, and contact numbers of both customers and employees. FR8 claims to be “India’s largest truck transport service company,” currently operating in over 60 cities across the country.

Toyota

Toyota

Toyota’s Global Supplier Preparation Information Management System (GSPIMS) was breached by a security researcher who responsibly reported the issue to the company.

GSPIMS is the car manufacturer’s web application that allows employees and suppliers to remotely log in and manage the firm’s global supply chain.

The security researcher, who publishes under the pseudonym EatonWorks, discovered a “backdoor” in Toyota’s system that allowed anyone to access an existing user account as long as they knew their email.

In a test intrusion, the researcher found that he could freely access thousands of confidential documents, internal projects, supplier information, and more.

The issues were responsibly disclosed to Toyota on November 3, 2022, and the Japanese car maker confirmed they had been fixed by November 23, 2022.

Weee!

Weee!

Weee!, a US-based online grocery delivery platform, had delivery data of 11 million customers leaked online. Some logs include door codes that couriers use to enter buildings.

The attacker uploaded a database with information on 11 million Weee! customers. The Cybernews research team confirmed that the leak appeared to be composed of data that didn’t appear in previous leaks.

The threat actor who posted the database claims that the database was stolen in February 2023. The attacker who posted the database appears to be the same person who leaked stolen data from mobile carrier US Cellular.

AmerisourceBergen

Pharmaceutical distributor AmerisourceBergen confirmed that hackers compromised the IT system of one of its subsidiaries after threat actors began leaking allegedly stolen data.

AmerisourceBergen is a pharmaceutical product distributor, medical business consultant, and patient services provider. The company is a giant in the healthcare industry, employing 42,000 people and operating multiple distribution centers in the United States, Canada, and the UK, with 150 offices worldwide.

As first reported by security researcher Dominic Alvieri, the Lorenz ransomware gang ended a lengthy period of silence by listing AmerisourceBergen and their allegedly stolen data on its extortion site.

AmerisourceBergen confirmed the attack to BleepingComputer, stating that the intrusion was contained and they are investigating whether the incident has resulted in the compromise of sensitive data.

Reddit

Redditt

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems.

The company blamed it on a “sophisticated and highly-targeted phishing attack” that took place on February 5, 2023, aimed at its employees.

The attack entailed sending out “plausible-sounding prompts” that redirected to a website masquerading as Reddit’s intranet portal in an attempt to steal credentials and two-factor authentication (2FA) tokens.

A single employee’s credentials is said to have been phished in this manner, enabling the threat actor to access Reddit’s internal systems. The affected employee self-reported the hack, it further added.

A10 Networks

A10 Networks

The California-based networking hardware manufacturer ‘A10 Networks’ has confirmed to BleepingComputer that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data.

A10 Networks specializes in the manufacturing of software and hardware application delivery controllers (ADC), identity management solutions, and bandwidth management appliances, while it also offers firewall and DDoS threat intelligence and mitigation services.

Its customers include Twitter, LinkedIn, Samsung, Uber, NTT Communications, Sony Pictures, Windows Azure, Xbox, Yahoo, Alibaba, China Mobile, Comcast, Deutsche Telekom, Softbank, GE Healthcare, GoDaddy, and Huffington Post.

In an 8-K filing submitted earlier this week, the company says the security incident occurred on January 23, 2023, and lasted for a few hours before its IT team managed to stop the intrusion and contain the damage.