Here’s your weekly #databreach news roundup:
BitChute, Russian MoD, DriveSure, Nvidia, Melijoe, Meyer Corporation, DNA Solutions Inc, and Charlotte Radiology.
Personal data of close to 3 million BitChute users is being sold on a popular hacker forum for a sum of $4,000. The data is sold by a hacker or group of hackers known as Pompompurin.
The hacker released a sample that after being analyzed suggests that the information and the leak is genuine.
Pompompurin did not disclose how they obtained this data.
Pompompurin is also suspected to be behind the November 2021 FBI data breach.
The breach apparently affects a total of 2,988,494 users of the streaming platform BitChute.
The information includes usernames, full names, passwords, email addresses, websites, channel descriptions, registration and latest IP address, YouTube Channel ID and date joined.
Russian MoD database
On Friday evening, Anonymous claimed they managed to breach the database belonging to the Russian Ministry of Defence. The group's actions appear to be part of a growing trend that is seeing a growing number of cyber soldiers against Russia.#databreachhttps://t.co/YB3LRQkX93— DevaOnBreaches (@DevaOnBreaches) February 27, 2022
They managed to breach the Russian Ministry of Defence’s database and posted it online for the world to see.
Among the information are emails, passwords and telephone numbers.
The group tweeted: ‘Hackers all around the world: target Russia in the name of #anonymous let them know we do not forgive, we do not forget. Anonymous owns fascists, always.’
Adversaries posted sensitive information of 3.2 million DriveSure users on the underground hacking forum – Raidforums. Dubbed “pompompurin,” the hacker group advertised the leaked files and user data in a post, as proof of compromise. #databreach https://t.co/uy4FquKDdC— DevaOnBreaches (@DevaOnBreaches) February 27, 2022
Adversaries posted sensitive information of 3.2 million DriveSure users on the underground hacking forum – Raidforums. Dubbed “pompompurin,” the hacker group advertised the leaked files and user data in a post, as proof of compromise. DriveSure is a car dealership service provider focused on employee training programs, customer retention, and maintains client data in large quantity.
According to Risk Based Security, the exposed information included full names, full addresses, contact details, email address, hashed passwords, car model, VINs, records of how much they paid for service, warranty status, emails to customers, texts sent to customers, IP addresses, damage claims, survey responses, logs of edits to customers, and current status of the car.
U.S chipmaker Nvidia Corp (NVDA.O) said on Friday it was investigating a potential cyberattack, following a news report that said the attack may have had taken parts of its business offline for two days.
A malicious network intrusion caused outages in Nvidia’s email systems and developer tools over the last two days, the Telegraph reported earlier on Friday, but said it was unclear if any data was stolen or deleted.
“We are investigating an incident. Our business and commercial activities continue uninterrupted,” Nvidia said in a statement.
“We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time.”
The SafetyDetectives security team discovered a data breach affecting the French children’s fashion e-commerce website melijoe.com.
Melijoe is a high-end children’s fashion retailer based in France. An Amazon S3 bucket owned by the company was left accessible without authentication controls in place, exposing sensitive and personal data for potentially hundreds of thousands of customers.
Melijoe has a global reach and, consequently, this incident impacts customers located around the world.
Meyer Corporation, the largest cookware distributor in the U.S., and the second-largest globally, has informed U.S. Attorney General offices of a data breach affecting thousands of its employees.
According to the notification letter shared with the U.S. Attorney General offices of Maine and California, Meyer fell victim to a cyberattack on October 25, 2021.
In response, the firm launched an investigation that was concluded on December 1, 2021, revealing that threat actors gained access to personal information belonging to employees of Meyer and its subsidiaries.
“On or around December 1, 2021, our investigation identified potential unauthorized access to Meyer employee information [including employees of Meyer’s subsidiaries Hestan Commercial Corporation, Hestan Smart Cooking, Hestan Vineyards, and Blue Mountain Enterprises, LLC],” explains the Meyer data breach notification.
Read more at : https://www.bleepingcomputer.com/news/security/cookware-giant-meyer-discloses-cyberattack-that-impacted-employees/
DNA Solutions Inc
DNA testing service based in Oklahoma city has suffered a data breach in which sensitive data including information from rape kit investigations was accessed by an unknown unauthorized third party.
The Oklahoma City Police Department (OKCPD) has confirmed that personal and confidential data of sexual assault victims may have been leaked due to a data breach suffered by one of the department’s former DNA contractors.
The data breach led to the exposure of sensitive data from its rape kit investigations. For your information, the OKCPD collects DNA evidence from rape victims, which the department refers to as rape kits. These kits were sent to the DNA contractor for testing.
A prominent Charlotte medical services provider experienced a recent weeklong data breach in which some patient information was stolen, “including a very limited number of patients’ Social Security numbers,” company officials said Friday. In a statement, Charlotte Radiology officials said they found no evidence of “fraud or misuse” as a result of the theft and are notifying each patient whose information was taken during the Dec. 17-24 breach. The statement did not say how many people were affected.
Read more at: https://www.charlotteobserver.com/news/business/article258566848.html#storylink=cpy