week07-2023

Here’s your weekly #databreach news roundup:​​​​​

FBI, Pepsi Bottling Ventures, GoDaddy, 500 Cricket Stars Passport Breach, Scandinavian airline SAS, CHS, Atlassian, and Cutout.

Pepsi Bottling Ventures

Pepsi Bottling Ventures
Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems. Pepsi Bottling Ventures is the largest bottler of Pepsi-Cola beverages in the United States, responsible for manufacturing, selling, and distributing popular consumer brands. It operates 18 bottling facilities across North and South Carolina, Virginia, Maryland, and Delaware.

500 Cricket Stars Passport Breach

Some of cricket’s all-time greats and current superstars have had their passport information exposed, after a cybersecurity researcher said he found a batch of players’ personal data online. Pakistan and West Indies legends Wasim Akram and Chris Gayle were amongst more than 500 famous cricketers’ affected by the breach, as were current stars like big-scoring England batsman Ian Bell and Pakistan captain Mohammad Babar Azam. Indian, New Zealand and Afghan players were also affected, according to Etizaz Mohsin, a U.K.-based researcher, who shared his findings with Forbes. Many of the passports were still valid at the time of publication, while some were recently expired. Phone numbers and email addresses of some players and their agents were also in the data discovered by Mohsin.

Scandinavian airline SAS

Scandinavian airline SAS (SAS.ST) said it was hit by a cyber attack Tuesday evening and urged customers to refrain from using its app but later said it had fixed the problem. News reports said the hack paralysed the carrier’s website and leaked customer information from its app. Karin Nyman, head of press at SAS, told Reuters at 2035 GMT that the company was working to remedy the attack on its app and website.

CHS

Community Health Systems (CHS)
Community Health Systems (CHS) says it was impacted by a recent wave of attacks targeting a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file transfer platform. The healthcare provider giant said on Monday that Fortra issued an alert saying that it had “experienced a security incident” leading to some CHS data being compromised. A subsequent investigation revealed that the resulting data breach affected the personal and health information of up to 1 million patients.

Atlassian

Atlassian
Atlassian suffered a data leak after threat actors used stolen employee credentials to steal data from a third-party vendor. However, the company says its network and customer information are secure. As first reported by Cyberscoop, a hacking group known as SiegedSec leaked data on Telegram yesterday, claiming to be stolen from Atlassian, a collaboration software company based out of Australia. “We are leaking thousands of employee records as well as a few building floorplans. These employee records contain email addresses, phone numbers, names, and lots more~!,” said the SiegedSec hackers.

FBI

The U.S. Federal Bureau of Investigation has confirmed that it’s investigating malicious cyber activity on its own network.

CNN reported on Friday that hackers compromised an FBI computer system at the agency’s New York field office, citing people briefed with the matter. The brief report added that the incident involved a computer system used in investigations of images of child sexual exploitation.

In a statement given to TechCrunch, FBI spokesperson Manali Basu confirmed that the agency had contained the “isolated incident,” which it continues to investigate.

Cutout

Cutout
Cutout.pro, a web-based AI image editing tool, was caught leaking 9GB worth of user data, which included usernames and images requested by using specific queries. The discovery was made by Cybernews, who found an open ElasticSearch instance containing 22 million log entries referencing usernames, including individual users and business accounts. However, since log entries contained duplicates, the total number of users affected is unclear. The instance also had information on the number of user credits, a virtual in-game currency, and links to Amazon S3 buckets, where generated images were stored.

GoDaddy

GoDaddy

Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack.

While GoDaddy discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect to random domains, the attackers had access to the company’s network for multiple years.

“Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy,” the hosting firm said in an SEC filing.