Friday Five: 5/15 Edition
ChatBooks suffers a data breach, the Texas court system disables its network following a ransomware attack, and the FBI issues a security warning to healthcare organizations - catch up on the week's news with the Friday Five.
1. ChatBooks Discloses Data Breach After Data Sold on Dark Web by Ionut IIascu
ChatBooks, a company that allows users to create physical photo albums from images on Instagram and Facebook accounts, had over 15 million user records stolen from their systems following a cyber-attack. The data is now being offered for sale and is part of a spree of leaks from one group of hackers called the Shiny Hunters who claim to be selling over 73 million user records from 11 companies. The hacker group is selling the ChatBooks database for $3,500 and providing a sample with email addresses, hashed passwords, social media access tokens, and personally identifiable information to draw in potential buyers. The company discovered the intrusion on May 5 and notified all customers on May 8 of the bad news. The breach notification alerted users that the hackers gained access to login credentials to the service, names, email addresses, passwords, and in some cases, phone numbers and Facebook IDs. Fortunately, there is no evidence to suggest that personal data, such as photos, or payment and credit card information was taken. The company is advising all customers to change their passwords as soon as possible to prevent further compromise.
2. Package Delivery Giant Pitney Bowes Confirms Second Ransomware Attack in 7 Months by Catalin Cimpanu
The bad actors behind the well-known ransomware gang Maze has published a blog post this week that claims it has breached and encrypted Pitney Bowes’ network. The hackers provided screenshots portraying directory listings from inside the company’s network for proof of access. Pitney Bowes confirmed the incident on May 11th; this is the second ransomware attack that the package and mail delivery giant has suffered in just the past seven months. The company is working with third party security consultants to investigate the scope of the attack and discover the specific type of data that has been accessed. A spokesperson for the company said the data that Maze got a hold of appears to be limited and that there is no evidence of further unauthorized access to their IT systems. The investigation remains ongoing.
3. Texas Courts Hit by Ransomware, Network Disabled to Limit Spread by Sergiu Gatlan
On May 8, the IT provider for the appellate courts and state judicial agencies within the Texas Judicial Branch identified a ransomware attack against their branch network. The attack began overnight and was discovered in the early morning hours. As a result, all websites and servers on the network were immediately disabled to block the malware from spreading to other systems. David Slayton, Administrative Director of the Office of Court Administration (OCA), has said that they were able to catch the ransomware early and limit its impact, but the network will remain disabled until the breach is entirely dealt with. Fortunately, it does not appear that the Texas court system will be paying any ransom and there is no indication that any sensitive information was compromised. The OCA is working with the Texas Department of Information Resources to investigate the attack and resolve the system.
4. WeLeakData data leakers get their private data leaked – by WeLeakData by Teri Robinson
Oh sweet, sweet irony. A month after the hacker forum WeLeakData.com was closed, the private contents of the database are for sale... on that same hacking forum. It is likely that a new actor was able to compromise the database and then bring the forum back online. Researchers discovered the database contains email addresses, usernames, passwords, private messages and IP addresses belonging to forum members, which are mostly researchers, hackers, cybercriminals and crackers. Although the leak is ironic, researcher Trevor Morgan pointed out that the serious takeaway from this breach is that no data is safe as “even the data generated, collected, and stored by the people engaged in intrusion and data left” can be used against them. This breach could serve as a reminder to all organizations that even the data they may feel is of little value always has value to criminals so it's imperative to invest in cybersecurity.
5. China Hacking Poses ‘Significant Threat’ to US COVID-19 Response, Says FBI by Helen Davidson
The FBI and the Department of Homeland Security issued a warning on Wednesday to institutions and companies involved in vaccines, treatments, and testing for the coronavirus that they may be targeted by computer hackers linked to the Chinese government. No specific examples were cited, but the agencies urge these organizations to be aware of the potential threat and to take additional security measures to protect their data. The two agencies said they were issuing the alert to raise awareness of the potential threat and that additional technical details would be released in the coming days. The warning comes amid heightened tensions between the two countries and it echoes longstanding US complaints that China has engaged in the theft of technology and trade secrets to build its economy. Zhao Lijian, foreign ministry spokesman for China, has denied any government involvement in attempts to steal virus-related data.