Here’s your weekly #databreach news roundup:
Cisco, iPay88, ShitExpress, PlatformQ, University of Kashmir, and Twilio.
iPay88
Bank Negara Malaysia (BNM) was made aware of the iPay88 cybersecurity breach which took place around May this year at the end of July, Governor Tan Sri Nor Shamsiah Mohd Yunus said during a press conference. #databreach https://t.co/FOYmQansxM
— DevaOnBreaches (@DevaOnBreaches) August 14, 2022
Bank Negara Malaysia (BNM) was made aware of the iPay88 cybersecurity breach which took place around May this year at the end of July, Governor Tan Sri Nor Shamsiah Mohd Yunus said during a press conference today.
Nor Shamsiah said that investigations on the matter are currently ongoing and BNM would be considering appropriate action once the investigation wraps up.
“We were made known towards the end of July by iPay88. So iPay88 is not technically supervised by BNM. So like what Jessica had said, it is the payment facilitator function of iPay88 that was the cause of the data breach,” she said, referring to her deputy Jessica Chew.
“We only knew about iPay88 recently and since then we have been in communication with iPay88 and more importantly, just to make sure that the banks affected, they take precautionary measures to safeguard consumer data,” she added.
Nor Shamsiah was asked as to when BNM was made aware of the leak, and if any sanctions would be enforced upon iPay88 over the incident.
ShitExpress
ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached after a "customer" spotted a vulnerability. #databreach @Ax_Sharma https://t.co/6ZnYBlprZS
— DevaOnBreaches (@DevaOnBreaches) August 14, 2022
ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached after a “customer” spotted a vulnerability.
Except, in an interesting twist, rather than responsibly reporting the vulnerability, the customer who is a known threat actor ended up exploiting the bug and downloading the entire database.
This database was then shared on a hacking forum, exposing the angry, and sometimes hysterical, personal messages sent by the customers with the gifts.
AT&T
A large, new stolen data set incl. 22.8M email addresses and 23M SSNs surfaced in the dark web recently. Many clues suggest it's from AT&T customers. AT&T says the data didn't come from their systems, and may be tied to data incident at another company. https://t.co/92LNHekaDi
— briankrebs (@briankrebs) August 11, 2022
A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm’s analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn’t theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.
PlatformQ
PlatformQ — self-described as a “leading provider of digital engagement solutions” for healthcare (PlatformQ Health) and education (PlatformQ Education) — inadvertently published a database backup stored in a misconfigured AWS S3 bucket. #dataleak https://t.co/peyLa8LxmH
— DevaOnBreaches (@DevaOnBreaches) August 11, 2022
The security research team at VPNOverview has uncovered a data breach that could have compromised nearly 100,000 doctors, nurses, and other healthcare professionals working at major hospitals across the United States.
PlatformQ — self-described as a “leading provider of digital engagement solutions” for healthcare (PlatformQ Health) and education (PlatformQ Education) — inadvertently published a database backup stored in a misconfigured AWS S3 bucket. Based on the findings, our security team believes the leak was marketing data for the generic drug Zarex.
Cisco
Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. #databreach @serghei https://t.co/SKCU65Yhfg
— DevaOnBreaches (@DevaOnBreaches) August 11, 2022
Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online.
The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee’s account.
“Cisco experienced a security incident on our corporate network in late May 2022, and we immediately took action to contain and eradicate the bad actors,” a Cisco spokesperson told BleepingComputer.
“Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations.
University of Kashmir
The personal data of one million students of the University of Kashmir was hacked and put on sale as the varsity has fallen victim to a cyber attack. #databreach https://t.co/8LrYZOxUnS
— DevaOnBreaches (@DevaOnBreaches) August 11, 2022
The personal data of one million students of the University of Kashmir was hacked and put on sale as the varsity has fallen victim to a cyber attack.
The alleged database of the students has been put on sale for just $250 on a hacking forum by “ViktorLustig”. The name is inspired by the infamous con artist who “sold” the Eiffel Tower, not once but twice, International Business Times reported.
The threat actor has shared a database index to show the data he has in his possession. It claims to include student information, registration number, phone number, email address, password, employee data and more.
Twilio
Communications giant Twilio has confirmed hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. @carlypage_ #databreach https://t.co/MFhsnuYEeM
— DevaOnBreaches (@DevaOnBreaches) August 11, 2022
Communications giant Twilio has confirmed hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials.
The San Francisco-based company, which allows users to build voice and SMS capabilities — such as two-factor authentication (2FA) — into applications, said in a blog post published Monday that it became aware that someone gained “unauthorized access” to information related to Twilio customer accounts on August 4.