106 million Americans exposed as massive data leak rocks background check firm | Sept. 26th, 2024 | Story by Kurt Knutsson, CyberGuy Report
MC2 Data, a background check firm exposed the sensitive data of around one-third of the U.S. population (106 million people) to the entire internet. This occurred as a result of MC2 Data leaving a database containing 2.2TB of personal data without a password. It was noted that on August 7 its research team discovered that MC2 Data had left a database containing 2.2TB of personal data unprotected and easily accessible to anyone on the internet.
The leaked information of subscribers is particularly concerning, as these individuals could be high-value targets for cybercriminals. The subscribers may include employers, landlords, law enforcement, and similar entities.
The leaked data included names, emails, IP addresses, user agents, encrypted passwords, partial payment information, home addresses, dates of birth, phone numbers, property records, legal records, and family, relatives, and neighbors’ data as well as employment history.
106 million Americans exposed as massive data leak rocks background check firm (msn.com)
A bug was found in the NVIDIA Container Toolkit that allows attacks to use CVE-2024-0132 to try and break container isolation and have full access to the underlying host. Discovered under a high-scoring 9.0 CVSS rating, it has subsequently affected all versions of the toolkit up to v1.16.1 and the GPU Operator up to 24.6.1. An attacker could use this TOCTOU vulnerability to run arbitrary commands as root and create a very dangerous scenario in orchestrated multi-tenant environments. Patches for those are already released by NVIDIA in version v1.16.2, and updates need to be done immediately. What is interesting here in this vulnerability is that even modern, highly utilized containerization technologies are not immune to traditional security flaws and remind us that basic infrastructure security is still important.
A crypto scam app, disguised as the legitimate WalletConnect protocol, was discovered on the Google Play Store, leading to the theft of approximately $70,000 over a five-month campaign. The app, identified by Check Point, used fake reviews and branding to gain over 10,000 downloads. Once installed, the app tricked users into signing transactions that gave attackers control over their cryptocurrency wallets, draining their funds. The malicious app did not rely on typical attack methods like keylogging but leveraged smart contracts to perform unauthorized transactions. While the app has been removed from the Play Store, users are still at risk if they downloaded it from third-party sources.
Cryptocurrency scammers, who have taken control of OpenAI company leadership’s accounts before, also compromised OpenAI’s official press account on X. The post on X reportedly advertised a new blockchain token, “$OPENAI,” that is not real. The phishing site mirrored the legitimate OpenAI website and featured a big “CLAIM $OPENAI” button to connect their cryptocurrency wallets. It also provided additional details about the token in a fact sheet. It’s the third time OpenAI’s accounts have been hijacked to push crypto scams, a growing criminal activity that has seen a 45% increase in schemes since last year according to the FBI, and which the Federal Trade Commission believes will continue or accelerate through at least 2024. The X accounts of other high-profile tech companies and celebrities have also been hacked to promote crypto scams.
Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks
Storm-0501 is a cybercriminal group currently targeting the government, manufacturing, transportation, and law enforcement. They have been active since 2021, having mainly focused on targeting education entities with Sabbath before evolving into ransomware-as-a-service. Sabbath ransomware steals bulk data from an organization (attempting to make backup data unavailable) and then extorts ransom. Storm-0501 uses a multi-stage attack designed to compromise hybrid cloud environments and move laterally through the system (on-premise to cloud environment). Lateral movement is a method used by cybercriminals to explore infected networks to find vulnerabilities; starting with an initial entry point and moving “across” the network. This will result in data exfiltration, credential theft, tampering, and persistent back-door access. A notable aspect of Storm-0501 attacks is that they gain initial access through weak credentials and over-privileged accounts.
Kuwait’s Ministry of Health was the victim of a cyberattack that put systems at multiple hospitals, its website, and the Sahel healthcare app offline. The ministry reported that numerous important systems, including those at the Kuwait Cancer Control Center and administrative functions like health insurance and expatriate check-up systems, have been restored from backups. Government security agencies helped suppress the attack, and efforts were taken to increase infrastructure protection. While the essential databases were protected, the ministry suspects it may have been a ransomware attack, but no group has claimed credit yet. Full recovery of damaged systems is expected soon.
“Capitol Cyber Attack Poses Risk Congressional Staffers Could Be Blackmailed”
This article discusses an intelligence study done by private companies Proton and Constella Intelligence. The study concluded that almost 20 percent of U.S. congressional staffer’s official government email addresses have been compromised through data leaks. It is unknown how these compromised emails will be used but the findings have raised many areas of concern. In addition, some congressional staffers have also had plaintext passwords and personal details leaked. The data leaks are largely attributed to the use of official government email addresses for personal online services with high risk indicating troubling cybersecurity practices among individuals working within the heart of the U.S. government. The biggest area of concern would be that the compromised information could be used to create highly sophisticated phishing and social engineering attacks that could be used to gain access to sensitive government information. The hope would be that the systems these staffers use to access sensitive information would have extra layers of protection such as Multi factor authentication (MFA). Either way these findings should serve as an important lesson for everybody. The staffers whose emails have been affected have been contacted by Proton informing them of the exposure and providing guidance on mitigating potential risks. https://www.newsweek.com/capitol-cyber-attack-poses-risk-congressional-staffers-blackmail-1959576
This article discusses a phishing campaign targeting Australian organizations, particularly law firms, using Atlassian workspaces as a cover to steal employee credentials. The attacks, which also exploit platforms like Archbee and Nuclino, disguise themselves as compliance updates to trick employees into clicking malicious links. The campaign’s sophistication includes using personalized emails, multiple URL obfuscation techniques, and Japanese ISPs to evade detection. The rise of AI and phishing kits is making these attacks easier to launch and more convincing, extending beyond email to collaboration tools and social media platforms.
Physical Security Firm ADT Confirms Hack and Data Breach
In a report to SEC, hackers recently accessed certain databases containing customer order information of ADT (a provider of alarm and other physical security systems for homes and small businesses). The company’s investigation to date shows that the attackers obtained “limited customer information” such as email addresses, phone numbers, and postal addresses.
The Company is continuing its investigation into this cybersecurity incident and has notified the customers it believes to have been affected, who comprise a small percentage of the Company’s overall subscriber base (stated by the company)
The confirmation from ADT comes roughly one week after a threat actor claimed on a popular hacking forum that they had obtained over 30,000 ADT customer records, including emails and physical addresses.
Over 90 million French records exposed: mysterious data hoarder leaves instances open
A recent data leak exposed over 95 million records belonging to French citizens, revealing sensitive information such as names, phone numbers, emails, addresses, and partial payment details. The database was found on an open Elasticsearch (a tool for real-time data analytics) server. The compromised data affects various sectors, including telecommunications, e-commerce, social media, and retail. The origin of the database is unclear, but researchers believe it was collected from numerous breaches, possibly with malicious intent, given the database’s lack of security and compliance with the EU’s General Data Protection Regulation (GDPR). The exposure puts millions at risk of identity theft, fraud, and targeted phishing attacks.
The leak affects numerous well-known companies and services, including Lycamobile, Snapchat, and Pinterest. Cybernews recommended improving security measures, such as enforcing strong authentication, conducting audits, and ensuring compliance with GDPR to prevent such incidents.
Remote hacking of millions of KIA Cars.
Vulnerabilities in a website dedicated to Kia vehicle owners could have allowed attackers to remotely control millions of cars, security researcher Sam Curry says.
The issues, the researcher explains, could have allowed attackers to gain control of key vehicle functions in roughly 30 seconds, using only the car’s license plate.
Furthermore, the bugs allowed the attackers to harvest the victim’s personal information, such as name, address, email address, and phone number, and to create a second user on the vehicle, without the owner’s knowledge.
Hurricane Helene has created cellular outages across southeastern US states. 2 million people are without power, along with many other inland eastern states having sizeable outages. Major cellular companies are deploying disaster recovery response units. AT&T states that this is one of the largest mobilizations of their recovery response teams, as there is extensive damage to cell towers and fiber cuts. Verizon has deployed more than 20 mobile satellite assets to provide temporary connection. Prolonged power outages have hindered the restoration of telecommunications, creating another obstacle in an already lengthy disaster recovery attempt. ISP Spectrum as a company has especially been hit hard, as they have lost an entire data center to the natural disaster. Its regional data center, located in Spartanburg, SC, was severely damaged by the storm. Before any repairs can begin to the data center, they first need power, which as of October 1st, still has not been repaired.
The Irish Data Protection Commission (DPC) got find 91 million pounds ($101.56 million) for something that happened in 2019. Meta was found to have violated four articles under the European Union’s General Data Protection Regulation (GDPR). In short they were storing passwords in plaintext**. The issue was originally raised when Meta announced that select facebook users had their passwords accessed because they were stored in plaintext. Meta said no evidence was found that the passwords or data were ” improperly accessed or abused internally”. A month later Meta announced instagram users were also affected and their passwords stored improperly. The DPC said “”It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data”. Meta said they immediately fixed the issue and “flagged it”.
**”In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms”**
U.S. government charges three Iranians in Trump campaign hack
The individuals allegedly used spearphishing and malware to target the accounts of “dozens” of current and former U.S. officials. The criminals are charged with conspiracy to obtain information from a protected computer, fraud, aggravated identity theft, wire fraud, providing material support to a terrorist organization, and aiding and abetting in an offense against the United States.
According to an indictment filed Sept. 26 in the District Court for the District of Columbia, the three individuals were tasked by Iran’s Revolutionary Guard Corps with carrying out a “wide-ranging hacking campaign” using social engineering and spearphishing to target the online accounts of current and former U.S. government officials, individuals associated with U.S. political campaigns, members of the press and nongovernmental organizations. FBI Director Christopher Wray described the alleged crimes carried out by the three Iranian hackers as part of “an attempt to sow discord and undermine our democracy.
According to court documents, on or around May 23, the hackers unsuccessfully attempted to log in to the email account of an individual (“Victim 10”), spurring the email provider to issue a password recovery code. The hackers then used IRGC infrastructure and a static IP address to access the email account of Victim 10, which was used to compromise the personal account of an official at an unnamed U.S. presidential campaign.
A U.K. hacker, Robert Westbrook, was charged for a $3.75 million insider trading scheme involving hacked executive emails. Between 2019 and 2020, he accessed Microsoft 365 accounts of U.S. corporate executives, obtaining confidential information about upcoming earnings announcements. He used this information to buy and sell securities for profit. Despite efforts to conceal his identity, advanced data analytics uncovered the scheme. Westbrook faces multiple charges, including securities fraud and wire fraud, with severe potential penalties.
Clement Tetteh Kpakpah says
106 million Americans exposed as massive data leak rocks background check firm | Sept. 26th, 2024 | Story by Kurt Knutsson, CyberGuy Report
MC2 Data, a background check firm exposed the sensitive data of around one-third of the U.S. population (106 million people) to the entire internet. This occurred as a result of MC2 Data leaving a database containing 2.2TB of personal data without a password. It was noted that on August 7 its research team discovered that MC2 Data had left a database containing 2.2TB of personal data unprotected and easily accessible to anyone on the internet.
The leaked information of subscribers is particularly concerning, as these individuals could be high-value targets for cybercriminals. The subscribers may include employers, landlords, law enforcement, and similar entities.
The leaked data included names, emails, IP addresses, user agents, encrypted passwords, partial payment information, home addresses, dates of birth, phone numbers, property records, legal records, and family, relatives, and neighbors’ data as well as employment history.
106 million Americans exposed as massive data leak rocks background check firm (msn.com)
Clement Tetteh Kpakpah says
https://www.foxnews.com/health/106-million-americans-exposed-massive-data-leak-rocks-background-check-firm?msockid=1b2eb85cafc36f3815d2ac87ae246e60
Steven Lin says
A bug was found in the NVIDIA Container Toolkit that allows attacks to use CVE-2024-0132 to try and break container isolation and have full access to the underlying host. Discovered under a high-scoring 9.0 CVSS rating, it has subsequently affected all versions of the toolkit up to v1.16.1 and the GPU Operator up to 24.6.1. An attacker could use this TOCTOU vulnerability to run arbitrary commands as root and create a very dangerous scenario in orchestrated multi-tenant environments. Patches for those are already released by NVIDIA in version v1.16.2, and updates need to be done immediately. What is interesting here in this vulnerability is that even modern, highly utilized containerization technologies are not immune to traditional security flaws and remind us that basic infrastructure security is still important.
https://thehackernews.com/2024/09/critical-nvidia-container-toolkit.html
Sara Sawant says
A crypto scam app, disguised as the legitimate WalletConnect protocol, was discovered on the Google Play Store, leading to the theft of approximately $70,000 over a five-month campaign. The app, identified by Check Point, used fake reviews and branding to gain over 10,000 downloads. Once installed, the app tricked users into signing transactions that gave attackers control over their cryptocurrency wallets, draining their funds. The malicious app did not rely on typical attack methods like keylogging but leveraged smart contracts to perform unauthorized transactions. While the app has been removed from the Play Store, users are still at risk if they downloaded it from third-party sources.
https://thehackernews.com/2024/09/crypto-scam-app-disguised-as.html
Daniel Akoto-Bamfo says
Crypto scammers hack OpenAI’s press account on X
Cryptocurrency scammers, who have taken control of OpenAI company leadership’s accounts before, also compromised OpenAI’s official press account on X. The post on X reportedly advertised a new blockchain token, “$OPENAI,” that is not real. The phishing site mirrored the legitimate OpenAI website and featured a big “CLAIM $OPENAI” button to connect their cryptocurrency wallets. It also provided additional details about the token in a fact sheet. It’s the third time OpenAI’s accounts have been hijacked to push crypto scams, a growing criminal activity that has seen a 45% increase in schemes since last year according to the FBI, and which the Federal Trade Commission believes will continue or accelerate through at least 2024. The X accounts of other high-profile tech companies and celebrities have also been hacked to promote crypto scams.
https://techcrunch.com/2024/09/23/crypto-scammers-hack-openais-press-account-on-x/
Lily Li says
Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks
Storm-0501 is a cybercriminal group currently targeting the government, manufacturing, transportation, and law enforcement. They have been active since 2021, having mainly focused on targeting education entities with Sabbath before evolving into ransomware-as-a-service. Sabbath ransomware steals bulk data from an organization (attempting to make backup data unavailable) and then extorts ransom. Storm-0501 uses a multi-stage attack designed to compromise hybrid cloud environments and move laterally through the system (on-premise to cloud environment). Lateral movement is a method used by cybercriminals to explore infected networks to find vulnerabilities; starting with an initial entry point and moving “across” the network. This will result in data exfiltration, credential theft, tampering, and persistent back-door access. A notable aspect of Storm-0501 attacks is that they gain initial access through weak credentials and over-privileged accounts.
https://thehackernews.com/2024/09/microsoft-identifies-storm-0501-as.html
https://www.fortinet.com/resources/cyberglossary/lateral-movement#:~:text=lateral%20movement%20mean%3F-,Lateral%20movement%20refers%20to%20a%20group%20of%20methods%20cyber%20criminals,to%20app%20and%20so%20forth.
Yash Mane says
Kuwait’s Ministry of Health was the victim of a cyberattack that put systems at multiple hospitals, its website, and the Sahel healthcare app offline. The ministry reported that numerous important systems, including those at the Kuwait Cancer Control Center and administrative functions like health insurance and expatriate check-up systems, have been restored from backups. Government security agencies helped suppress the attack, and efforts were taken to increase infrastructure protection. While the essential databases were protected, the ministry suspects it may have been a ransomware attack, but no group has claimed credit yet. Full recovery of damaged systems is expected soon.
https://securityaffairs.com/169031/security/cyberattack-on-kuwait-health-ministry-impacted-hospitals.html
Charles Lemon says
“Capitol Cyber Attack Poses Risk Congressional Staffers Could Be Blackmailed”
This article discusses an intelligence study done by private companies Proton and Constella Intelligence. The study concluded that almost 20 percent of U.S. congressional staffer’s official government email addresses have been compromised through data leaks. It is unknown how these compromised emails will be used but the findings have raised many areas of concern. In addition, some congressional staffers have also had plaintext passwords and personal details leaked. The data leaks are largely attributed to the use of official government email addresses for personal online services with high risk indicating troubling cybersecurity practices among individuals working within the heart of the U.S. government. The biggest area of concern would be that the compromised information could be used to create highly sophisticated phishing and social engineering attacks that could be used to gain access to sensitive government information. The hope would be that the systems these staffers use to access sensitive information would have extra layers of protection such as Multi factor authentication (MFA). Either way these findings should serve as an important lesson for everybody. The staffers whose emails have been affected have been contacted by Proton informing them of the exposure and providing guidance on mitigating potential risks.
https://www.newsweek.com/capitol-cyber-attack-poses-risk-congressional-staffers-blackmail-1959576
Lili Zhang says
This article discusses a phishing campaign targeting Australian organizations, particularly law firms, using Atlassian workspaces as a cover to steal employee credentials. The attacks, which also exploit platforms like Archbee and Nuclino, disguise themselves as compliance updates to trick employees into clicking malicious links. The campaign’s sophistication includes using personalized emails, multiple URL obfuscation techniques, and Japanese ISPs to evade detection. The rise of AI and phishing kits is making these attacks easier to launch and more convincing, extending beyond email to collaboration tools and social media platforms.
https://www.techrepublic.com/article/phishing-attacks-australia-atlassian/
Justin Chen says
Physical Security Firm ADT Confirms Hack and Data Breach
In a report to SEC, hackers recently accessed certain databases containing customer order information of ADT (a provider of alarm and other physical security systems for homes and small businesses). The company’s investigation to date shows that the attackers obtained “limited customer information” such as email addresses, phone numbers, and postal addresses.
The Company is continuing its investigation into this cybersecurity incident and has notified the customers it believes to have been affected, who comprise a small percentage of the Company’s overall subscriber base (stated by the company)
The confirmation from ADT comes roughly one week after a threat actor claimed on a popular hacking forum that they had obtained over 30,000 ADT customer records, including emails and physical addresses.
https://www.securityweek.com/physical-security-firm-adt-confirms-hack-and-data-breach/
Aaroush Bhanot says
Over 90 million French records exposed: mysterious data hoarder leaves instances open
A recent data leak exposed over 95 million records belonging to French citizens, revealing sensitive information such as names, phone numbers, emails, addresses, and partial payment details. The database was found on an open Elasticsearch (a tool for real-time data analytics) server. The compromised data affects various sectors, including telecommunications, e-commerce, social media, and retail. The origin of the database is unclear, but researchers believe it was collected from numerous breaches, possibly with malicious intent, given the database’s lack of security and compliance with the EU’s General Data Protection Regulation (GDPR). The exposure puts millions at risk of identity theft, fraud, and targeted phishing attacks.
The leak affects numerous well-known companies and services, including Lycamobile, Snapchat, and Pinterest. Cybernews recommended improving security measures, such as enforcing strong authentication, conducting audits, and ensuring compliance with GDPR to prevent such incidents.
https://cybernews.com/security/french-records-exposed-by-mysterious-data-hoarder/?utm_source=tldrinfosec
Rohith says
Remote hacking of millions of KIA Cars.
Vulnerabilities in a website dedicated to Kia vehicle owners could have allowed attackers to remotely control millions of cars, security researcher Sam Curry says.
The issues, the researcher explains, could have allowed attackers to gain control of key vehicle functions in roughly 30 seconds, using only the car’s license plate.
Furthermore, the bugs allowed the attackers to harvest the victim’s personal information, such as name, address, email address, and phone number, and to create a second user on the vehicle, without the owner’s knowledge.
Rohith says
https://www.securityweek.com/millions-of-kia-cars-were-vulnerable-to-remote-hacking-researchers/
Elias Johnston says
Hurricane Helene has created cellular outages across southeastern US states. 2 million people are without power, along with many other inland eastern states having sizeable outages. Major cellular companies are deploying disaster recovery response units. AT&T states that this is one of the largest mobilizations of their recovery response teams, as there is extensive damage to cell towers and fiber cuts. Verizon has deployed more than 20 mobile satellite assets to provide temporary connection. Prolonged power outages have hindered the restoration of telecommunications, creating another obstacle in an already lengthy disaster recovery attempt. ISP Spectrum as a company has especially been hit hard, as they have lost an entire data center to the natural disaster. Its regional data center, located in Spartanburg, SC, was severely damaged by the storm. Before any repairs can begin to the data center, they first need power, which as of October 1st, still has not been repaired.
https://www.datacenterdynamics.com/en/news/hurricane-helene-causes-cellular-outages-across-several-us-states/
Sarah Maher says
https://thehackernews.com/2024/09/meta-fined-91-million-for-storing.html
The Irish Data Protection Commission (DPC) got find 91 million pounds ($101.56 million) for something that happened in 2019. Meta was found to have violated four articles under the European Union’s General Data Protection Regulation (GDPR). In short they were storing passwords in plaintext**. The issue was originally raised when Meta announced that select facebook users had their passwords accessed because they were stored in plaintext. Meta said no evidence was found that the passwords or data were ” improperly accessed or abused internally”. A month later Meta announced instagram users were also affected and their passwords stored improperly. The DPC said “”It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data”. Meta said they immediately fixed the issue and “flagged it”.
**”In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms”**
Parth Tyagi says
U.S. government charges three Iranians in Trump campaign hack
The individuals allegedly used spearphishing and malware to target the accounts of “dozens” of current and former U.S. officials. The criminals are charged with conspiracy to obtain information from a protected computer, fraud, aggravated identity theft, wire fraud, providing material support to a terrorist organization, and aiding and abetting in an offense against the United States.
According to an indictment filed Sept. 26 in the District Court for the District of Columbia, the three individuals were tasked by Iran’s Revolutionary Guard Corps with carrying out a “wide-ranging hacking campaign” using social engineering and spearphishing to target the online accounts of current and former U.S. government officials, individuals associated with U.S. political campaigns, members of the press and nongovernmental organizations. FBI Director Christopher Wray described the alleged crimes carried out by the three Iranian hackers as part of “an attempt to sow discord and undermine our democracy.
According to court documents, on or around May 23, the hackers unsuccessfully attempted to log in to the email account of an individual (“Victim 10”), spurring the email provider to issue a password recovery code. The hackers then used IRGC infrastructure and a static IP address to access the email account of Victim 10, which was used to compromise the personal account of an official at an unnamed U.S. presidential campaign.
Read more at https://cyberscoop.com/iranians-charged-in-trump-campaign-hack/
Haozhe Zhang says
A U.K. hacker, Robert Westbrook, was charged for a $3.75 million insider trading scheme involving hacked executive emails. Between 2019 and 2020, he accessed Microsoft 365 accounts of U.S. corporate executives, obtaining confidential information about upcoming earnings announcements. He used this information to buy and sell securities for profit. Despite efforts to conceal his identity, advanced data analytics uncovered the scheme. Westbrook faces multiple charges, including securities fraud and wire fraud, with severe potential penalties.
https://thehackernews.com/2024/10/uk-hacker-charged-in-375-million.html