WEEK OF SEPTEMBER 05, 2022
Nelnet Servicing breach exposes data of 2.5M student loan accounts
- Sometime in June, unidentified intruders compromised Nelnet Servicing and stayed on its systems until July 22. The hackers compromised the company’s network likely after exploiting a vulnerability.
- About 2,501,324 individuals have been impacted by the breach.
- Although Nelnet states it blocked the cyberattack as soon as the breach was detected, a subsequent investigation that was completed on August 17, 2022, determined that certain student loan account registration information might have been accessed.
- The exposed information includes full name, physical address, email address, phone number and social security number.
Neopets hackers had network access for 18 months
- Neopets has confirmed that its IT systems were compromised from January 2021 through July 2022, exposing 69 million user accounts and source code.
- “It appears that email addresses and passwords used to access Neopets accounts may have been affected,” the company explained. “We strongly recommend that you change your Neopets password.”
- The admission comes just weeks after a cyber-attacker was reportedly shopping a stolen Neopets database with 69 million member records and the Neopets source code for four bitcoin (which is currently worth less than $80,000, and falling).
Kentucky city authorities investigate electronic theft of $4 million in federal funding
- About $4 million in federal funding intended for housing assistance in Kentucky was stolen after someone directed that money to a private bank account, officials of the City of Lexington said.
- Lexington officials discovered the theft late last week when the intended recipient of the funds, the nonprofit Community Action Council, reported not receiving the money, according to a news release from the city. Lexington officials have asked local police to investigate the incident.
- “Police believe a person or persons outside government directed an electronic funds transfer into a private account,” the city said. “Initial information shows no criminal involvement of City or Community Action Council employees.”
Malicious chrome extensions plague 1.4m users
- Analysts find five cookie-stuffing extensions, including one that’s Netflix-themed, that track victim browsing and insert rogue IDs into e-commerce sites to rack up fake affiliate payments.
- Researchers have flagged five separate malicious Chrome extensions masquerading as Netflix viewers and more. They track user activity and insert code into any e-commerce sites they visit, letting cyber-attackers steal payments through the retailer affiliate programs.
- McAfee Labs analysts found the Chrome extensions being marketed to let users watch Netflix in groups, automatically clip coupons, and take screenshots. All together, the apps have been downloaded 1.4 million times, they found.
- The researchers warn end users to take extra precautions to verify an extension’s safety if it asks for additional permissions.
A huge Chinese database of faces and vehicle license plates spilled online
- Another mass data lapse exposes new weaknesses in China’s sprawling surveillance state.
- While its contents might seem unremarkable for China, where facial recognition is routine and state surveillance is ubiquitous, the sheer size of the exposed database is staggering.
- At its peak the database held over 800 million records, representing one of the biggest known data security lapses of the year by scale, second to a massive data leak of 1 billion records from a Shanghai police database in June.
- The exposed data belongs to a tech company called Xinai Electronics based in Hangzhou on China’s east coast. The company builds systems for controlling access for people and vehicles to workplaces, schools, construction sites and parking garages across China.
Montenegro hit by ransomware attack, hackers demand $10 million
- The government of Montenegro has provided more information about the attack on its critical infrastructure saying that ransomware is responsible for the damage and disruptions.
- Public Administration Minister Maras Dukaj stated on local television yesterday that behind the attack is an organized cybercrime group. The effects of the incident continue for the tenth day.
- The minister added that a “special virus” is used in this attack and there is a ransom demand of $10 million.
- Dukaj also added that at this point, the state could not give an estimate of when the services will become available.