Here’s your weekly data breach news roundup.
A hacker is sharing what they state are 3.2 million Pluto TV user records that were stolen during a data breach.
Pluto TV is an Internet television service that lets you stream free TV shows with advertisements. The service has over 28 million members, and its mobile apps have been installed over 10 million times.
Japanese game developer Capcom has revealed that it suffered a security breach earlier this week which saw malicious hackers access its internal systems.The maker of such well-known video games as “Resident Evil” and “Street Fighter” disclosed in a short press release that in the early hours of Monday some of its networks “experienced issues” that affected access to email and file servers.
Technology and culture news website Mashable has announced that the personal data of users has been discovered in a leaked database posted on the internet.In a statement issued late yesterday (November 8), Mashable confirmed that a database containing information from readers who made use of the platform’s social media sign-in feature had been found online.The media company said that “a hacker known for targeting websites and apps” was responsible for the breach. The suspect has not been named.
A Luxottica data breach has exposed the personal and protected health information of 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices.
Luxottica is the world’s largest eyewear company with a portfolio of well-known eyeglass brands, including Ray-Ban, Oakley, Oliver Peoples, Ferrari, Michael Kors, Bulgari, Armani, Prada, Chanel, and Coach.
In addition to selling eyeglasses, Luxottica also operates the EyeMed vision benefits company and partners with eye care professionals as part of their LensCrafters, Target Optical, EyeMed, and Pearle Vision retail outlets.
Outdoor clothing giant The North Face has notified customers that it has been hit by a credential stuffing attack which may have given third parties access to their personal information.
In a data breach notice filed with the Californian Office of the Attorney General (OAG), the San Francisco-headquartered firm claimed that the brute force attack had been launched against its site on October 8-9.
A credential stuffing attack occurs when cyber-criminals use automated software to try previously breached log-ins across a large range of sites: they’ll be able to access accounts where the individual has reused their password.
Vertafore, a provider of insurance software, has disclosed this week a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers.
The incident is believed to have taken place sometime between March 11 and August 1, and happened as a result of human error when three data files were inadvertently stored in an unsecured external storage service.Vertafore said the files were removed from the external storage system, but after an investigation, they discovered that the files had been accessed without authorization.
123RF is a popular stock photo and vector site that sells royalty-free images, videos, and audio to be used on websites, printed content, and videos. Over the past weekend, a known data breach broker began selling a database containing 8.3 million user records stolen from 123RF.com during a data breach.
From the samples of the database seen by BleepingComputer, the stolen data includes a 123RF members’ full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. There is no financial information stored in the database.
Animal Jam is a virtual world created by WildWorks, where kids can play online games with other members. Geared towards children ages 7 through 11, Animal Jam has over 300 million animal avatars created by kids, with a new player registering every 1.4 seconds.
Yesterday, a threat actor shared two databases belonging to Animal Jam for free on a hacker forum that they stated were obtained by ShinyHunters, a well-known website hacker.
The two stolen databases are titled ‘game_accounts’ and ‘users’ and contain approximately 46 million stolen user records.
As part of the free release, the threat actor shared only a partial database containing approximately 7 million user records for children/parents who signed up for the game.
Last week, Bidvest Bank said an “isolated incident” linked to its online banking platform exposed sensitive information of its clients, including names, account numbers, and bank balances.
It is understood that Bidvest Bank became aware of the problem in early September and fixed it a few days later.
A Bidvest Bank spokesperson told MyBroadband they investigated the issue and their evidence shows that the incident was neither a security breach nor a technical security flaw.
5.8 million RedDoorz user records for sale on hacking forum. After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum.
RedDoorz is a Singapore-based hotel management & booking platform with over 1,000 properties across Southeast Asia. Using the website or mobile app, users can register an account to browser available budget hotels and book a reservation.
At the end of September 2020, RedDoorz disclosed that they suffered a data breach after an unauthorized person accessed one of their databases. At the time, though, no RedDoorz financial information or passwords were exposed “to the best of its knowledge.”
Check How Safe Is A Password ?