CYBER SECURITY NEWS – WEEK OF DECEMBER 19, 2022
Uber suffers new data breach after attack on vendor, info leaked online
- Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident.
- Early Saturday morning, a threat actor named ‘UberLeaks’ began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches.
- The leaked data includes numerous archives claiming to be source code associated with mobile device management platforms (MDM) used by Uber and Uber Eats and third-party vendor services.
- The threat actor created four separate topics, allegedly for Uber MDM at uberhub.uberinternal.com and Uber Eats MDM, and the third-party Teqtivity MDM and TripActions MDM platforms.
Social blade confirms breach after hacker offers to sell user data
- Social media analytics service Social Blade has confirmed a security breach after a hacker offered to sell a database allegedly stolen from the company’s systems.
- The Social Blade database was offered for sale on a hacker forum on Monday. The seller provided a sample of table names and content, claiming to have obtained 5.6 million records dated September 2022. The sample data suggests that many of the records contain user information.
- The seller said the data will only be sold to one or two people. A known hacker has vouched for the authenticity of the database on the forum.
- The company confirmed that email addresses, IP addresses, password hashes, client IDs and tokens for business API users, authentication tokens for connected accounts, and other non-personal and internal data was compromised.
Hacker claims breach of FBI’s critical-infrastructure portal
- A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of InfraGard, an FBI-run outreach program that shares sensitive information on national security and cybersecurity threats with public officials and private sector actors who run U.S. critical infrastructure.
- The hacker posted samples they said were from the database to an online forum popular with cybercriminals last weekend and said they were asking $50,000 for the entire database.
- The hacker obtained access to InfraGard’s online portal by posing as the CEO of a financial institution, they told independent cybersecurity journalist Brian Krebs, who broke the story. They called the vetting process surprisingly lax.
- The FBI declined to comment. Krebs reported that the agency told him it was aware of a potential false account and was looking into the matter.
Ex-Twitter worker gets prison time in Saudi ‘Spy’ case
- US justice officials on Thursday said a former Twitter worker convicted of spying for Saudi officials was sentenced to 3.5 years in prison.
- Ahmad Abouammo was found guilty in August on criminal counts including money laundering, fraud, and being an illegal agent of a foreign government, according to a copy of the verdict.
- “This case revealed that foreign governments, here, the Kingdom of Saudi Arabia will bribe insiders to obtain the user information that is collected and stored by our Silicon Valley social media companies,” US attorney Stephanie Hinds said in a statement.
- Defense attorney Angela Chuang countered that while there certainly appeared to be a conspiracy to get revealing information about Saudi critics from Twitter, prosecutors failed to prove Abouammo was part of it.
Email hack hits 15,000 business customers of Australian telecoms firm TPG
- Australia’s TPG Telecom this week announced that a threat actor has gained unauthorized access to a service hosting the email accounts of 15,000 customers.
- “TPG Telecom’s external cyber security advisers, Mandiant, advised that they found evidence of unauthorized access to a Hosted Exchange service which hosts email accounts for up to 15,000 iiNet and Westnet business customers,” the wireless carrier announced.
- The company claims that the attackers were searching for customer’s cryptocurrency and financial data, but did not specify whether customer information was indeed accessed during the attack.
- No home or personal iiNet or Westnet products were impacted in the incident, the company says.
EU moves closer to sewing up new data transfer deal with US
- The European Union moved closer to a clinching a revamped deal over transatlantic data transfers aimed at resolving concerns about U.S. spying with a draft decision that confirms “comparable safeguards” to those in the EU, which has stringent privacy rules.
- The EU’s executive Commission released its draft decision approving the pact Tuesday, which follows a breakthrough preliminary agreement in March between Brussels and Washington to resolve a yearlong battle over the privacy of EU citizens’ data that businesses routinely store in the U.S.
- That breakthrough was hailed by business groups, which said it will provide certainty to thousands of companies, including tech giants like Google and Facebook, sending data between Europe, which has stricter data privacy regulations, and the comparatively lax U.S., which lacks a comprehensive federal privacy law.
- Frictions over the transfers had raised the prospect that companies might need to keep European data out of the U.S.