Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybernews. Show all posts
Mexican Users
Cybernews Data Breach Data Leak Data Safety User Data Data Visualisation healthcare data breach Mexican Users

Massive Data Breach in Mexican Health Care Sector Exposes 5.3 Million Users’ Data

 

In a significant data breach, Cybernews researchers discovered a 500GB unprotected database from a Mexican health care company on August 26, 2024, exposing sensitive details of approximately 5.3 million people. Information in the leak included names, CURP identification numbers, phone numbers, email addresses, and details of payment requests. This security lapse occurred due to a misconfigured Kibana visualization tool, which left the database publicly accessible. While health records were reportedly not taken, the exposed CURPs (Mexican ID numbers akin to Social Security numbers) create risks for identity theft and phishing attacks. 

The breach has been attributed to Ecaresoft, a Texas-based firm specializing in cloud-based Hospital Information Systems, which provides services like Anytime and Cirrus. Over 30,000 doctors and 65 hospitals rely on Ecaresoft’s solutions for scheduling, inventory management, and patient data handling. However, a lapse in securing this information has now exposed users to heightened cybersecurity risks. Besides personal details, the exposed database included patients’ ethnicities, nationalities, religions, blood types, dates of birth, and gender, along with specifics about medical visits and fees. Although hackers were not directly responsible for this breach, the open database left users’ data vulnerable to any threat actors actively scanning for unsecured files online. 

Ecaresoft has yet to release a statement addressing the issue. As the database has since been removed from public access, it remains unclear how long it was available or if the affected users are aware of the potential risk. The breach highlights a common yet preventable security oversight, where sensitive data left unprotected can be indexed by search engines or accessed by unauthorized parties. This incident underscores the broader importance of robust password management and server configuration practices. Past cases, such as Equifax’s breach in 2017 caused by the use of “admin” as a password, illustrate how easily weak configurations can lead to large-scale data theft. Such security lapses continue to raise awareness of the need for secure, authenticated access in cloud-based and digital health care systems. 

Data security in health care remains a global challenge as hospitals and medical systems rapidly digitize, exposing user data to increasingly sophisticated cyber risks. As this incident reveals, health organizations must adopt robust security measures, such as regularly auditing databases for vulnerabilities and ensuring all access points are secure.
Read more »
SSNs
Cybernews Data Breach Healthcare Healthcare Breach MFA Personal Data SSNs

Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals

 

A data breach at Florida-based recruitment firm MNA Healthcare has left sensitive information of over 14,000 healthcare workers and 10,000 hospitals exposed. Discovered on June 20, 2024, by the Cybernews research team, the breach was caused by a misconfiguration that left a database backup publicly accessible online. The database contained sensitive data, including full names, addresses, phone numbers, work experience, encrypted Social Security Numbers (SSNs), and hashed passwords.

The encryption used for the SSNs was found to be vulnerable due to an exposed environment file containing the Laravel App Key, which is used for encrypting SSNs. While encrypted, researchers indicated that decrypting the SSNs is possible, putting affected healthcare workers at risk of identity theft and fraud. The exposed data is particularly concerning because healthcare professionals are often targeted by cybercriminals, as their high salaries make them attractive for financial fraud.

MNA Healthcare is a staffing firm that operates in nine U.S. states, matching healthcare professionals with various organizations. Among the leaked information were communications between medical staff and MNA representatives, job assignments, and license copies. This breach puts not only doctors and healthcare workers at risk of identity theft, but also opens up opportunities for credential stuffing and phishing attacks.

The exposed data also increases the possibility of criminals using stolen SSNs to engage in fraudulent activities such as filing false tax returns, opening credit accounts, and misusing the information to obtain loans or benefits. As the leaked database included names of hospitals and medical institutions, these entities could also face reputational damage and potential legal ramifications.

To prevent future breaches like the one at MNA Healthcare, companies must implement more robust cybersecurity measures. One essential step is ensuring that databases containing sensitive information, such as SSNs and other personal data, are encrypted using stronger, more up-to-date encryption methods. Regular security audits should be conducted to detect any misconfigurations or vulnerabilities in their systems before malicious actors can exploit them.

Another crucial step is implementing stricter access controls and monitoring systems. Limiting access to sensitive data to only necessary personnel and tracking any unusual access attempts or data transfers can help detect a breach early. Additionally, using multi-factor authentication (MFA) for employees accessing critical systems adds an extra layer of security, making it harder for unauthorized individuals to infiltrate the system. Finally, companies should also educate their employees about cybersecurity risks and how to recognize phishing scams to minimize the risk of human error leading to data breaches.

Following the discovery of the breach, MNA Healthcare secured the exposed configuration, but concerns remain about the company’s overall infrastructure security. Security expert Aras Nazarovas pointed out that the backup and encryption issues raise questions about how the company stores sensitive information. 

The healthcare sector remains a popular target for cyberattacks, and this breach highlights the need for stronger cybersecurity practices in protecting personal information. Affected individuals are advised to monitor their financial accounts and consider identity theft protection to mitigate potential risks.
Read more »
Privacy
Cyberattacks CyberCrime Cybernews CyberThreat Data threats Hacking ObamaCare Password Privacy

Hackers Leak 10 Billion Passwords How Users Should Respond

 


Several months ago, security researchers discovered the world's largest collection of stolen passwords and credentials had been uploaded to an infamous criminal marketplace where cybercriminals would trade such credentials for a considerable amount of money. A hacker known as 'ObamaCare' has posted a database which, according to the hacker, contains nearly 10 billion unique passwords built over many years as a result of numerous data breaches and hacks he has been spreading across the web for several years. 

'ObamaCare', a user identified as 'ObamaCare', posted on a popular hacking forum on Thursday a collection of leaked passwords known as 'RockYou2024'. In the past, 'ObamaCare' has outsourced stolen data on the internet several times and it is not the first time they have done so. According to the report, the user had previously shared a database of Simmons & Simmons employees, a lead from the online casino AskGamblers, and applications from Rowan College in New Jersey before taking down the reports. 

The researchers at CyberNews have reported that on July 4, 2014, a hacker using the handle "ObamaCare" posted a file on a hacking forum that contained 9,948,575,739 unique plaintext passwords. The password dump that was recently found on the web is a more recent version of the "RockYou2021" data leak collection that surfaced in June 2021. 

In that particular instance, there were 8.4 billion unique passwords within the stolen collection of passwords at the time. This goldmine of thousands of unique passwords has been expanded by cybercriminals since 2021. The goldmine now includes 1.5 billion new and unique passwords added by these cyber criminals. “The team verified the leak passwords by cross-referencing the RockYou2024 leak passwords with a leaked password checker provided by Cybernews, which showed that these passwords were obtained from a mix of both old and new leaks,” Cybernews researchers wrote. 

There seem to have been a record number of stolen and leaked credentials discovered on the BreachForums criminal underground forum by security researchers from Cybernews. This collection has been the largest collection that has ever been seen on that site. A compilation of RockYou2024 appears to consist of an astonishing 9,948,575,739 unique passwords, all in plaintext form, with a total of 9,948,575,739 passwords. 

The database is said to have been built from an earlier credentials database called RockYou 2021, which contained eight billion passwords, and that has been added to with roughly 1.5 billion new passwords. The credential files cover a period to be measured between the years 2021 and 2024, and a total of 4,000 huge databases of stolen credentials have been estimated to contain information spanning a minimum of two decades in the latest credential file. 

Researchers stated that, in essence, the RockYou2024 leak contains a compilation of passwords that are used by people around the world. They also stated that, according to the researchers, the number of passwords used by threat actors is very large, which translates into a substantial risk of credential-stuffing attacks. There are several ways in which credential stuffing and brute force attacks can be mounted on passwords that have been leaked in such datasets. In credential stuffing attacks, the criminal acts by which they use passwords that have been stolen from one device or account to gain access to another device or account are described as the practice of the criminals. 

There is a premise at the foundation of this attack that users often have a single password for all of their accounts and devices, which allows criminals to access their account information, including other accounts or all their accounts, using that password. It is a process of using trial and error methods to try and guess sign-in information, passwords, and encryption keys for network systems. This is called a brute force attack. In a report published by Cybernews, the researchers said the database, which can be used to target all sorts of services, from online to offline, to internet-facing cameras and industrial hardware, is among the data. 

"By combining the data from RockYou2024 with other leaked databases from hacker forums, marketplaces, and other places where electronic mail addresses and other credentials can be published, it has the potential to trigger a cascade of data breaches, identity thefts, and financial frauds," the researchers stated. The multi-platform password manager that Bitdefender offers offers numerous benefits, including automatic password leak alerts that alert you as soon as your passwords and emails have been exposed online, with the ability to change them immediately. 

Users are advised to utilize a digital identity protection service to monitor their online identity and receive real-time alerts about data breaches and leaks involving their online information. One such service, Bitdefender Digital Identity Protection, offers a comprehensive solution for identity protection. Bitdefender Digital Identity Protection enables users to respond immediately to data breaches and privacy threats. 

Through instant alerts, users can take swift action to prevent damage, such as changing passwords with one-click action items. The service provides real-time monitoring by continuously scanning the internet and the dark web for personal information. Users receive alerts whenever their data is involved in a data breach or leak. Additionally, Bitdefender Digital Identity Protection offers peace of mind by immediately flagging suspicious activity and actively monitoring personal information. Users can rest assured that their digital identity is under constant surveillance. 

Furthermore, the service provides a 360° view of all data associated with a user’s digital footprint. This includes traces from services no longer in use but still retaining the user’s data. Users can also send requests for data removal from service providers, ensuring a more secure online presence. Overall, Bitdefender Digital Identity Protection is recommended for users seeking to safeguard their online identity and stay informed about potential security threats in real-time.
Read more »
RB Bank
Cyber Frauds Cyberattacks CyberCrime Cybernews Cybersecurity Data Breach Financial Information NCB Management Services RB Bank

American Financial Data Exposed by Debt Collector

 


An NCB breach notification letter has been sent to affected customers informing them that their data has been hacked. Over 1.1 million people have been exposed by this breach. On February 1st, a US-based company claimed that its systems were breached by attackers, claiming they had penetrated its network. After the company's systems were breached, NCB noticed it within three days of the incident.

Cybernews reported this morning that debt collection agency NCB Management Services has begun notifying customers of data breaches following a breach in February. The breach was first reported by the agency in early 2017. 

It has been reported that an unauthorized third party gained access to confidential information NCB maintains on client accounts recently. The company's letter to potential victims began with the statement: "In the wake of this incident, we are unaware that any of the information you have provided has been misused." 

A report has emerged claiming that NCB had its systems hacked in February. Despite this, it took the company three days to realize this security breach had occurred. 

As a result of cybercriminals stealing personal information from consumers, cybercriminals have launched targeted phishing campaigns via email, phone or text message to defraud those individuals. 

Based on the debt collector's investigation, the type of data accessed from April 19th until now has been determined. Upon reviewing information the company provided to the Maine Attorney General, it appears that the attackers gained access to financial account numbers or payment card numbers. This was done by using security codes, access codes, passwords, or PINs associated with the accounts.

There is a trend of stolen financial data being sold on dark web forums. This is so criminals can mask their illicit activities using others' names. This is done by using stolen information from their bank accounts. 

In my opinion, the amount of financial information exposed is quite concerning as users' credit card numbers could be sold on the dark web if there is no hacking involved. 

In the event hackers are also able to access sensitive data on affected users, it may be possible for them to use their own data to commit crimes such as identity theft or fraud. 

In fact, NCB is a debt collection agency that banks hire to get rid of outstanding amounts owed to them. This is due to its nature as an enforcement agency. This looks like TD Bank and Bank of America have also been indirectly affected by this data breach. 

According to a recent report by JD Supra, the legal advice site, TD Supra, has detailed the possibility that NCB's data breach might impact TD Bank customers as well. This is in a similar manner to that of TD Bank. 

The Toronto-based bank also notified the US Attorney General that the hackers responsible gained access to its customers' names, addresses, account numbers, dates of birth and Social Security numbers. In addition, they gained access to their account balances. This is based on an official filing the bank made with the Main Attorney General. 

One of the recent companies to be breached is Dish, another highly regarded satellite broadcaster in the US. The company has also tried to reassure its affected customers by stating that it had "received confirmation that the extracted data has been deleted." 

Cyber security experts say organizations should never succumb to criminals' demands, as the results are usually high-frequency attacks by the criminals themselves. The FBI and other law enforcement agencies also believe ransomware payments should not be made.

It has been announced that NCB is offering free services to affected users for two years. This will enable them to monitor identity theft for two years and prevent further attacks. 

The National Bank of Boston, in a sample notification letter submitted to the Maine Attorney General, revealed that the bank may also affect Bank of America through the same problem.  

Bank of America has said that if TD Bank offers free access to one of the most effective identity theft protection services, Bank of America will also offer the same to its customers. Bank of America has assured affected customers that it will provide a two-year Experian IdentityWorks subscription. If you have received a data breach notification from NCB, you will have all the information you need about how to set up the subscription. This information is in that notification. 

In the coming year, users affected by this data breach should carefully review their credit reports and account statements. They should look for any unusual activity associated with the breach. 

NCB is working closely with federal law enforcement agencies to figure out who is responsible for the breach and what group of hackers are responsible. Despite that, it is highly likely that the company could pay a fine. This is because hackers accessed its systems for several days before being discovered and getting their hands on them.
Read more »
Subscribe to: Posts (Atom)