Weekly Databreaches Roundup Week 33-2023

22 Aug

Here’s your weekly #databreach news roundup:

Tesla, Luxair, LinkedIn, Discord.io, and Medicaid clients in Indiana.

Tesla

Tesla has begun notifying current and former employees whose information was included in a confidential #databreach in May.

In a notice posted on the Maine Attorney General’s website on Friday, Tesla said an investigation had found “two former Tesla employees misappropriated…
— DevaOnBreaches (@DevaOnBreaches) August 20, 2023

Tesla had a data breach in May where private info of about 75,735 people was leaked. Two former workers took this data wrongly and Tesla has sued them. The company got back the electronic devices with the data from these workers and made sure they can’t misuse the data anymore. A German newspaper got this data, but promised not to misuse or publish it. While no personal data has been misused yet, Tesla is offering free credit monitoring services to those affected.

Read more at : https://edition.cnn.com/2023/08/19/business/tesla-data-breach-employee-personal-info/index.html

Luxair

Luxair announced that it was informing its customers that a security incident, resulting in a #databreach of personal data, had occurred at an external service provider working for the airline.https://t.co/3pwHjWwsE8
— DevaOnBreaches (@DevaOnBreaches) August 20, 2023

On 18 August 2023, Luxair revealed a data breach involving an external service provider that assists with flight disruptions. This provider, storing data in a cloud, did not secure Luxair customer data properly, making it available online. Affected were those who had flight disruptions from November 2020 to 4 July 2023 and received meal vouchers, hotel bookings, or SMS warnings. Not all the data might have been accessed, but the breach is fixed now. The airline has paused the provider’s services and advises customers to be cautious of phishing attempts using Luxair’s brand. They’ve given tips to recognize and avoid such scams and have created a dedicated email for further inquiries about the incident.

Read more at : https://chronicle.lu/category/travel-1/46389-luxair-reports-data-breach-at-external-service-provider

Security researchers have identified that a widespread LinkedIn malicious hacking campaign has seen many users locked out of their accounts worldwide.https://t.co/xzZGxYIJFV
— DevaOnBreaches (@DevaOnBreaches) August 18, 2023

Hackers have targeted LinkedIn users, locking many out of their accounts. Some affected users were asked to pay a ransom to regain access and were threatened with account deletion. Others received warnings from LinkedIn about their accounts being locked due to suspicious activities like attempted password breaches or issues with two-factor authentication. Many victims voiced their frustrations on social media about inadequate support from LinkedIn. Interestingly, these hacking incidents were first revealed by independent researchers, not LinkedIn. As of now, LinkedIn hasn’t issued a public response.

Read more at : https://www.tripwire.com/state-of-security/linkedin-under-attack-hackers-seize-accounts

Discord.io

The https://t.co/kQ6RuEtbJL custom invite service has temporarily shut down after suffering a #databreach exposing the information of 760,000 members.https://t.co/fsy9CP81se
— DevaOnBreaches (@DevaOnBreaches) August 17, 2023

Discord.io, a third-party service for Discord, faced a data breach affecting over 760,000 users. On August 14, a database with users’ information appeared for sale on the dark web. A hacker named ‘Akhirah’ took responsibility and provided proof of the data. Discord.io confirmed its legitimacy, stopped its services, and began an investigation. The breach occurred due to a flaw in Discord.io’s code, allowing the hacker to access and sell the data on a hacking site. The leaked information ranged from non-sensitive details, like user IDs and avatar info, to sensitive data like usernames, email addresses, and older hashed passwords. Discord.io has since shut down its site for investigations and plans to enhance its security. Discord itself clarified that they aren’t linked to Discord.io and took measures to protect their users. They also advised users to activate two-factor authentication for safety.

Read more at : https://www.cshub.com/attacks/news/discordio-exposes-personal-data-of-more-than-760000-users

Medicaid clients in Indiana

The personal information of more than 700,000 Medicaid beneficiaries in Indiana has been exposed in a data breach in late May. #databreach https://t.co/5xOWclXaAU
— DevaOnBreaches (@DevaOnBreaches) August 17, 2023

Over 700,000 Medicaid beneficiaries in Indiana had their personal details exposed in a late May data breach. The Family and Social Services Administration (FSSA) revealed that a software, MOVEit, used by a third-party contractor named Maximus Health Services, was where the breach occurred. Information exposed includes names, addresses, case numbers, and Medicaid numbers. Additionally, four beneficiaries had their Social Security numbers revealed. Maximus, which has been working with Indiana Medicaid since 2007, is reaching out to the affected members and offering credit monitoring solutions.

Read more at : https://www.wfyi.org/news/articles/data-breach-exposes-personal-information-of-more-than-700000-medicaid-clients-in-indiana

No Comments

#WeeklyRoundup