Four cloud-related data breaches
Welcome to Cyber Security Today. It’s Monday June 3rd, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.
 |
 |
 |
As IT departments increasingly switch to using cloud resources there are increasing reports of data thefts from cloud hosting or service providers. This podcast reports on some of the latest news:
You may recall on Friday I reported that the resurrected BreachForums dark website carries an offer by a threat actor to sell stolen data of 560 million Ticketmaster customers. Well, late last week the parent company of Ticketmaster, Live Nation Entertainment, acknowledged in a regulatory filing that there was unauthorized access to personal information on what it describes as a third-party cloud database that held company data. There are no details in the regulatory filing on how much or what kind of data might have been affected.
The criminal ShinyHunters gang — which appears to be behind the reborn BreachForums site — is selling what it says is stolen data on 30 million customers and employees of Santander bank in Spain, Chile and Uruguay. Last month the bank said the data was stolen from a Santander database hosted by a third party provider.
Meanwhile, in Australia a ticket-selling firm called Ticketek has notified the country’s national cyber security co-ordinator of a cyber incident. Australia’s SBS News quotes Ticketek saying data stored on an unnamed cloud-based platform of its third-party supplier had been affected.
Last Friday’s podcast also reported that a threat actor is using stolen credentials to break into organizations using Snowflake cloud databases. Over the weekend Snowflake and its cybersecurity investigators — CrowdStrike and Mandiant — issued a joint statement saying there is no evidence this activity was caused by a vulnerability, misconfiguration or breach of Snowflake’s platform. Nor is there evidence that the hacking was caused by compromised credentials of current or former Snowflake employees. A threat actor did obtain credentials to demo accounts used by a former Snowflake employee, but those accounts didn’t have sensitive data. That hack was possible because the employee didn’t enable multifactor authentication on the demo account.
There’s news about a couple of Canadian data breaches:
Newfoundland Broadcasting, which owns the NTV television and OZ FM radio stations, has acknowledged being hit by a cyber event. That’s according to the Newfoundland News. This comes after Emsisoft researcher Brett Callow said the Play ransomware gang has listed the company as one of its latest victims. On-air operations of the TV and FM stations haven’t been affected.
The Canadian town of Westlock, Alta., has now acknowledged a data theft that took place in January. In a statement the town’s chief administrator said an unspecified number of people affected by the theft have been notified.
Seven reporters and activists who now live outside of Russia and Belarus and are critics of those governments were recently targeted or had mobile devices infected with Pegasus spyware. That’s according to an investigation by the University of Toronto’s Citizen Lab and Access Now, a digital rights non-profit. It’s a follow-up to an investigation into the hacked of an exiled Russian journalist. There are now eight documented cases of Pegasus spyware attacks against Russian and Belarusian-speaking opposition voices and independent media who live outside the countries. The report is another reminder that reporters, activists, dissidents or human rights defenders have to think twice about replying to texts or voice messages on mobile devices. Pegasus is a zero-click malware. Those with iPhones should enable Lockdown Mode.
The British Broadcasting Corp. is notifying more than 25,000 current and former employees that their personal data was copied in a data breach. That’s according to The Guardian. The BBC says the information involved members of the broadcasters’ pension scheme and included names, national insurance numbers, dates of birth and home addresses. It didn’t include bank or financial information.
Some EU, British and French politicians aren’t being careful with their email addresses. That’s the conclusion of a study done by researchers at Proton and Constella Intelligence. They looked at data being sold on dark web marketplaces and found about 1,000 addresses of politicians along with passwords, birth dates and more were up for grabs. The email addresses were publicly available. But how did they get on the dark web? Because politicians had used them to create accounts on third party websites which were later hacked. That data was then put up for sale. How secure were some of those websites? Not very: A large number of the passwords were stored in plaintext. The lesson to politicians and their staff: Listen to government security experts about cyber security before signing up for social media or other services.
Finally, a company that helps employees fill out government documents is notifiying 27,000 Americans of a data theft. Form I-9 Compliance says in February a threat actor accessed part of the company’s IT network. Among the data stolen were names and Social Security numbers.
Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.
