w25-2023

Here’s your weekly #databreach news roundup:

UPS, BreachForums, Reddit, Shell and R&B Corporation of Virginia.

UPS

UPS

UPS, a global shipping company, has notified its Canadian customers about a potential data breach. The company revealed that some personal information of customers may have been exposed through its online package tracking tools and used in phishing attacks. UPS initially disguised the breach notification as a warning about phishing, but it later became clear that the company had received reports of fraudulent text messages containing recipients’ names and addresses. UPS discovered that the attackers had used its package look-up tools between February 2022 and April 2023 to access delivery details and personal contact information. The company has taken measures to prevent further phishing attempts and is notifying affected individuals. The phishing attacks have affected UPS customers worldwide, with the threat actors impersonating shipments from companies like LEGO and Apple.

BreachForums

BreachForums, an online forum involved in the trade of stolen data, has experienced a data breach after being revived by the ShinyHunters hacker group. The breach exposed personal information of over 4,000 registered members. The hackers behind the breach, a rival forum called OnniForums, exploited a zero-day vulnerability in the forum software, MyBB. The administrator of BreachForums confirmed the breach and urged members to reset their passwords. Tweets from OnniForums claimed responsibility for the attack and revealed their involvement in breaching another hacker forum. The leaked data includes login keys, usernames, email addresses, IP addresses, password hashes, and other details. The breach has significant implications for cybercriminals, potentially exposing their identities and activities to law enforcement and undermining their reputation and trust within the hacking community. It also provides valuable insights for cybersecurity professionals to strengthen defenses against cybercriminal tactics.

Reddit

Reddit

The BlackCat ransomware gang has claimed responsibility for a cyberattack on Reddit in February, stating that they stole 80GB of data from the company. The attack occurred after an employee fell victim to a phishing attack, allowing the threat actors to gain access to internal documents, source code, and employee data. Reddit clarified that its production systems were not breached, and user passwords, accounts, and credit card information were unaffected. The BlackCat gang demanded $4.5 million from Reddit to delete the stolen data but threatened to leak it when their demands were not met. This incident is linked to a similar attack on Western Digital in March, where the same group caused a significant outage to the company’s cloud service.

Shell

Shell


Oil company Shell is conducting an investigation after a security researcher discovered an exposed internal database containing the personal information of drivers using the company’s electric vehicle (EV) charging stations. The database, hosted on Amazon’s cloud, was accessible without a password and contained millions of logs, including details about customers, fleet operators, and the locations of the charging stations. The information exposed included names, email addresses, phone numbers, and vehicle identification numbers (VINs). It is unclear how long the database was accessible, but Shell has taken steps to address the issue and is investigating the incident. The security researcher, Anurag Sen, previously discovered exposed data from other companies, including Amazon and U.S. military emails.

R&B Corporation of Virginia

A breach at R&B Corporation of Virginia, a debt collection service provider also known as Credit Control Corporation, has exposed the Social Security numbers (SSNs) of over 300,000 U.S. residents. The breach was initially disclosed to the Maine Attorney General in May after the company detected unusual activity on its networks in March. Personal information including names, SSNs, and in some cases, driver’s license numbers, were copied by an unauthorized party. The breach impacted individuals associated with various U.S. health institutions, with the total number of affected individuals being 286,699 according to R&B Corporation. However, a filing with the U.S. Department of Health and Human Services revealed that the breach affected 345,523 individuals, and the list of impacted healthcare providers was twice as long as initially reported.