Welcome to GearBrain's Weekly Data Breach Report, a collection of known breaches into company databases where someone you don't know got access to your personal information. The frequency at which these break-ins happen appears to be growing, so every week we'll update our report with fresh news on the latest hacks and links on where you can go if there's action to be taken — whether you're concerned about your privacy or not.
This week, (and yes we're still in January) we're looking at a stolen database of email addresses and names leaked online — for free, plus a hack of security firm Malwarebytes, and personal data of potentially 400,000 gamers of "Resident Evil" and other titles, compromised.
- More than 15 percent of used drives sold on eBay still have personal data
- 5 ways to stay secure online
- Two-thirds of hotel websites found to leak personal guest data
Week of January 18, 2021: Capcom
Capcom says the number of account involved in a 2020 attack has grown
Gamers of the popular titles "Dark Stalkers" and "Resident Evil," should check their credentials — and start changing passwords. The developer of the titles, Capcom, is now expanding the number of accounts that may have been compromised in a ransomware attack from November 2020, reports Threatpost.
Originally thought to be 40,000 customers, the attack now may have affected 400,000 accounts with personal data involved.
A hacked database of millions of pieces of data has been leaked online for free
Nitro, a web-based PDF service, just got hit in one of the worst ways, with its database of more than 77 million records leaked online — for free. The details inside include email addresses, names and passwords and even IP addresses which is the unique number assigned to a device, like your computer, to get online.
While the hack actually happened in 2020, the database is actually now online, placed there after offering the download link for $3, according to BleepingComputer.
The same hacking group responsible for the SolarWinds attack is still at it
The security firm Malwarebytes is reporting a hack into its system, gaining access to some internal company emails. The breach gained access through Microsoft Office 365 and Azure, according to Ars Technica, which added that this is the same threat actor that was involved with the attack on SolarWinds in 2019.
Week of January 11, 2021: Parler
Parler app icon on an iPhone
Despite being taken offline, and distanced by Apple, Google and Amazon, millions of posts published to the Parler social media app are still visible online. The messages were accessed, 'scraped' from Parler before the service was taken offline on January 11, and uploaded to the Internet Archive. This was done by Twitter user @donk_enby, a so-called hacker and internet activist. She tweeted to say the scraped data included delete and private posts, plus videos that contained "all associated metadata." This data is thought to include the location of where the posts and videos were created.
A such, the data collected by @donk_enby could prove highly valuable, as law enforcement could potentially use the metadata to identify rioters who stormed the Capitol last week. Unusual for Parler is how it doesn't strip out the metadata of uploaded images and videos, as other social networks and web services do.
Ubiquiti Networks, a vendor of networking equipment and Internet of Things devices, informed its customers on January 11 to inform them of a recent security breach. The company said: "We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider." The targeted servers stored information relating to user profiles for the company's account.ui.com web portal.
While the company says it is "not currently aware of evidence of access to any databases that host user data," it admits it "cannot be certain that user data has not been exposed." This data, Ubiquiti says, may include customer names, email addresses and one-way encrypted passwords – in other words, passwords that are hashed and salted. Customers are urged to change their password, and also the passwords of any websites and services that use the same username and email address as on Ubiquiti. Customers should also enable two-factor authentication.
The European Medicines Agency (EMA) announced on January 12 that some of the data stolen from the servers of Pfizer and BioNTech, creators of a Covid-19 vaccine, has been leaked online. The EMA said: "The ongoing investigation of the cyberattack on EMA revealed that some of the lawfully accessed documents related to Covid-19 medicines and vaccines belonging to third parties have been leaked on the internet...Necessary action is being taken by the law enforcement authorities."
The agency was keen to point out that European medicines regulation services remain fully functional, and the evaluation and approval timelines of Covid-19 vaccines have not been affected by the data breach, reports BleepingComputer. It is claimed the stolen data, which was unlawfully accessed in December 2020, includes screenshots of emails, EMA peer-reviewed comments, Word documents, PDFs and PowerPoint presentations.
Week of January 4, 2021: British Airways £3 billion settlement
British Airways is beginning to talk settlement for the data breaches that hit the company in 2018
British Airways to starting to talk about settlements regarding 2018 data breaches that exposed details about 185,000 of the airlines rewards members as well as about 380,000 regular users of its app and web site.
Details from names to email addresses, and even credit card as well as the security codes were breached, and the settlement could reach up to £3 billion, according to Infosecurity magazine.
T-Mobile attacked again
Another data breach has hit T-Mobile less than a year after the one in March 2020
T-Mobile has started alerting customers about a data breach that involved their phone numbers, the number of lines on their accounts and even call records. But the company emphasized that details including Social Security numbers, passwords and even physical addresses were not compromised.
The unauthorized access was stopped, said T-Mobile, which is now investigating and has also "reported this matter to federal law enforcement," it said in a statement.
The company reported a similar attack back in March 2020.
Aurora Cannabis employee data breached
Former and current employees of a Canadian cannabis company had personal details breached.
Canadian cannabis company Aurora Cannabis has started to reaching out to employees — both current and past — about a breach on December 25, 2020. Involved were details that the company would have had on file about people who worked there including banking data and home addresses, reports MJBizDaily.
People report they first started hearing about it on December 31, which involved a breach into software including SharePoint and OneDrive.