CYBER SECURITY NEWS – WEEK OF NOVEMBER 28, 2022
WhatsApp data of 500 million users available for purchase, says report
- It is interesting to note that the massive WhatsApp data breach with around 500 million user data doesn’t seem to have any Indian user data.
- According to the report, an actor posted an ad in a hacking community forum to sell the data of over 487 million WhatsApp users, including their mobile numbers.
- The listing also claims that data consists of users from 84 different countries and includes user data of 32 million users from the USA.
- The list of compromised data also contains user data from countries like Egypt, Italy, Saudi Arabia, France, and Turkey.
Meta fined €265M for not protecting Facebook users’ data from scrapers
- Meta has been fined €265 million ($275.5 million) by the Irish data protection commission (DPC) for a massive 2021 Facebook data leak exposing the information of hundreds of million users worldwide.
- This concludes the DPC’s investigation of potential GDPR violations by Meta, launched on April 14, 2021, following the publishing of data belonging to 533 million Facebook users on a hacker forum.
- The exposed data included personal information, such as mobile numbers, Facebook IDs, names, genders, locations, relationship statuses, occupations, dates of birth, and email addresses.
Sonder confirms data breach
- Hospitality company Sonder has confirmed a data breach that has potentially compromised guest records.
- “Sonder believes that guest records created prior to October 1, 2021, were involved in this incident,” the company wrote. It added that they have no evidence to indicate that accounts created after November 14, 2022, were involved.
- “This suggests the company has improved their security since last October, that, or the attacker managed to access an old backup or copy of the data,” explained Mark Warren, product specialist at Osirium.
- The data potentially compromised in the breach reportedly include usernames and encrypted passwords, names, phone numbers, dates of birth, addresses and email addresses.
Canadian menswear chain Harry Rosen confirms cyber attack
- This comes after the BianLian group listed the company as a victim on the gang’s site. The page lists “File server data. Projects, Marketing, HR, Public Relations,” which suggests these are files that have been copied and will potentially be released.
- According to Brett Callow, a British Columbia-based threat analyst with Emsisoft, BianLian has released a 1GB file as proof of its attack. It claims the file is a list of Harry Rosen’s Gold+ clients, sales information, and various other types of documents.
- Asked in a follow-up to confirm that the attack was ransomware, and whether the attack affected company operations, Rosen said the retailer had no further comment.
Millions of twitter accounts potentially compromised
- Over five million user accounts may have been compromised in Europe and the US, according to cybersecurity expert Chad Loder.
- According to Loder, the breach affected any Twitter account with the “Let others find you by your phone” option enabled in Discoverability settings.
- “All accounts for the entire country code of France (+33) are listed in the dataset with their mobile numbers,” the security researcher wrote.
- Leaked data reportedly included Twitter IDs, names, login names, locations and verified status, alongside private information like phone numbers and email addresses.
Belgian police under fire after major ransomware leak
- A notorious ransomware group has begun leaking highly sensitive data it stole from Belgian police, in what is being described as one of the biggest breaches of its kind in the country.
- RagnarLocker has been connected to the incident, which hit the Zwijndrecht police force in the city of Antwerp.
- However, while administrative staff are most impacted by the incident, they’re certainly not the only ones.
- It’s unclear how many citizens are affected by the breach, but they include victims, perpetrators, witnesses and those under surveillance – with potentially far-reaching consequences if their identities are uncovered.