Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Have I Been Pwned. Show all posts
My Digital Office
Cyberattacks Cybersecurity CyberThreat Data Data Breach Have I Been Pwned Hilton Hotel Chain Hyatt Marriott My Digital Office

Otelier Security Breach Leaks Sensitive Customer and Reservation Details

 


The International Journal of Security has revealed that some of the world's biggest hotel chains have had their personal information compromised following a threat actor's attack on a program provider that serves the industry. As part of a data breach on Otelier's Amazon S3 cloud storage system, threat actors were able to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt after breaching the cloud storage. 

According to the threat actors, almost eight terabytes of data were stolen from Otelier's Amazon AWS buckets during the period July 2024 through October 2024, with continued access continuing to this date until October.   Hotelier, one of the world's leading cloud-based hotel management platforms, has reportedly confirmed a data breach affecting its Amazon S3 storage that exposed sensitive information from prominent hotel brands such as Marriott, Hilton, and Hyatt through the exposure of sensitive data from its Amazon S3 storage, according to reports. 

There were reports of unauthorized access to 7.8 terabytes of data from threat actors during this period. These threats were reported as starting in July 2024 and continuing until October 2024. There has been no report of any incident at Otelier as of now, but they have reportedly suspended their operations and have entrusted an expert team to investigate the incident. 

A freelance security expert, Stacey Magpie, speculates that the stolen data may contain sensitive data like email addresses, contact information, the purpose of the guest's visit, and the length of the stay, all of which could be utilized for phishing schemes and identity theft attacks. Telier, also formerly known as "MyDigitalOffice," has not yet made an official statement regarding the breach, but it is thought that a threat group is responsible for the attack. 

By using malware, the group may have been able to gain access to an employee's Amazon Web Services credentials and then transfer the stolen data to the company's servers. A spokesperson from the company has confirmed that no payment, employee, or operational data was compromised during this incident. An Otelier employee was recently reported to have had his Atlassian login credentials stolen by malicious actors using an information stealer. 

A user with this access is then able to scrape tickets and other data, which allows the attackers to get the credentials for S3 buckets, which is where the attackers obtained the credentials. As a result of this exfiltration, the hackers managed to get 7.8TB of data from these buckets, including millions of documents belonging to Marriott. The information contained in these buckets included hotel reports, shift audits, and accounting data, among other things. 

Among the data samples offered by Marriott were reservations, transactions, employee emails, and other internal data about hotel guests. There were instances where the attackers gained the names, addresses, phone numbers, and email addresses of hotel guests. The company confirmed that through Otelier’s platform, the breach indirectly affected its systems. A forensic analysis of the incident has been conducted by Otelier as a result of the suspension of the company's automated services with Otelier, which said it had hired cybersecurity experts to do so. 

Additionally, according to Otelier, affected accounts were disabled, unauthorized access had been terminated, and enhanced security protocols had been implemented to prevent future breaches from occurring. According to Otelier, affected customers have been notified of the breach. It is said that the hackers accessed Otelier's systems by compromising the login credentials of an employee who used malware to steal information. By using these credentials, they were able to access the Atlassian server on which the company's Atlassian applications were hosted. 

These credentials allowed them to gather additional information from the company, including credentials for Amazon S3 buckets. Based on their claims, they were able to extract data, including information regarding major hotel chains, using this access. In their initial attempt to get Marriott's data, the attackers mistakenly believed that the data belonged to Marriott itself. To avoid leaking data, they left ransom notes that demanded cryptocurrency payments. Otelier rotated their credentials in September, which eliminated the attacker's access. 

There are many types of data in the small samples, including hotel reservations and transactions, employee emails, and other internal files. In addition to information about hotel guests, the stolen data also includes information and email addresses related to Hyatt, Hilton, and Wyndham, as well as information regarding the properties owned by these companies. As Troy Hunt revealed during an interview for BleepingComputer, he has been given access to a huge dataset of data, which contains 39 million rows of reservations and 212 million rows of users in total. As a result of the substantial amount of data, Hunt tells us that he found 1.3 million unique email addresses, many of which appeared several times in the data. 

As a result of the recently discovered vulnerability, the exposed data is now being added to Have I Been Pwned, making it possible for anyone to examine if their email address appears to be a part of the exposed data. The breach affected a total of 437,000 unique email addresses which originated during reservations made with Booking.com and Expedia.com, thus resulting in a total of 1,036,000 unique email addresses being affected. 

A robust data protection strategy should be implemented by businesses in the hospitality sector to minimize risks, including the implementation of effective data continuity plans, the application of regular software updates, the education of staff regarding cybersecurity risks, the automation of network traffic monitoring for suspicious activity, the installation of firewalls to prevent threats, and the encryption of sensitive information.
Read more »
Phishing Attacks
1Password Manager 2FA Data Breach Have I Been Pwned Phishing Attacks

Zacks Data Breach Exposes 8 Million Users' Personal Information

 

A new data breach has been reported by Have I Been Pwned, revealing that Zacks, a prominent financial research and analysis firm, has suffered a massive security incident that has impacted approximately 8 million users. The breach highlights the ongoing threat to personal data and the need for enhanced cybersecurity measures.

The breach, which was first detected and reported by Have I Been Pwned, has exposed a wide range of personal information belonging to Zacks users. This includes names, email addresses, usernames, hashed passwords, and potentially other sensitive data. The severity of the breach underscores the potential risks faced by users whose personal information has been compromised.

Zacks, a well-known provider of financial data and research, has acknowledged the incident and is taking immediate steps to address the breach. They are working closely with cybersecurity experts to investigate the extent of the attack and determine how the breach occurred. Additionally, Zacks is notifying affected users about the breach and advising them to reset their passwords and remain vigilant for any suspicious activity.

This breach serves as a reminder of the importance of maintaining strong security practices, both for individuals and organizations. Users who have accounts with Zacks or any other online service should consider the following steps to protect their personal information:

  1. Change passwords: Resetting passwords is crucial to ensure that compromised credentials are no longer valid. Use unique and strong passwords for each online account and consider utilizing a password manager to securely store and manage passwords.
  2. Enable two-factor authentication (2FA): Implementing 2FA adds an extra layer of security by requiring an additional verification step, such as a unique code sent to a mobile device, in addition to the password.
  3. Regularly monitor accounts: Stay vigilant by monitoring financial accounts, email inboxes, and other online services for any suspicious activity. Report any unauthorized transactions or signs of identity theft immediately.
  4. Be cautious of phishing attempts: Cybercriminals may exploit data breaches to launch phishing attacks. Be cautious of unsolicited emails or messages asking for personal information and avoid clicking on suspicious links.

In response to this breach, Zacks should enhance its security measures to prevent similar incidents in the future. This includes implementing robust data encryption, conducting regular security audits, and providing comprehensive cybersecurity training to employees.

Ultimately, the Zacks data breach serves as a stark reminder of the persistent threats to personal data. Individuals and organizations must prioritize cybersecurity measures to protect sensitive information and stay one step ahead of malicious actors. By adopting strong security practices, users can mitigate the risks associated with data breaches and help safeguard their digital identities.
Read more »
User Privacy
Data Breach Have I Been Pwned Password Phishing Attacks Stolen Data User Privacy

20M User Data Breach Reported by PeopleConnect

Hackers stole a 2019 backup database holding the personal details of millions of users, PeopleConnect, the company behind the background check services TruthFinder and Instant Checkmate, acknowledged that they experienced a data breach.

Customers can run background checks on others using subscription-based services like TruthFinder and Instant Checkmate. Access to numerous databases containing personal data, including email addresses, physical addresses, social media profiles, arrest histories, and phone numbers, is offered.

Data for 20.22 million potential TruthFinder and Instant Checkmate users who utilized the services up to April 16th, 2019, were allegedly leaked on January 21 by a member of the Breached cybercrime and data breach forum.

When Have I Been Pwned's Troy Hunt informed PeopleConnect of the data leak, the business promptly initiated an investigation and reiterated that it intended to make the situation official? TruthFinder and Instant Checkmate received notifications from PeopleConnect stating that there had been a data breach on both sites.

"The list, which appears to cover all client accounts created between 2011 and 2019, was made, as we have confirmed, several years ago. Our organization produced the list that was published. Although our investigation is ongoing, it looks that this was an accidental list release or theft. It does not appear that any user activity, such as reports or queries on our system, was involved in the published list in question, and it does not appear that payment information, passwords that can be read or used, or other methods of breaching user accounts were involved," the data security firm told.

The business hired a cybersecurity organization from outside to look into the event, but there was no sign that their network had been compromised. PeopleConnect advises that targeted phishing attempts are to be on the lookout for and will provide more updates as new information becomes available.



Read more »
User Privacy
API Bug Cyber Crime Have I Been Pwned Ransomware Attacks. Security flaw Twitter User Privacy

Hackers Expose Credentials of 200 million Twitter Users

Researchers suggest that a widespread cache of email addresses related to roughly 200 million users is probably a revised version of the larger cache with duplicate entries deleted from the end of 2022 when hackers are selling stolen data from 400 million Twitter users.

A flaw in a Twitter API that appeared from June 2021 until January 2022, allowed attackers to submit personal details like email addresses and obtain the corresponding Twitter account. Attackers used the vulnerability to harvest information from the network before it could be fixed. 

The bug also exposed the link between Twitter accounts, which are frequently pseudonymous, numbers and addresses linked to them, potentially identifying users even if it did not allow hackers to obtain passwords or other sensitive data like DMs. 

The email addresses for a few listed Twitter profiles were accurate, according to the data that Bleeping Computer downloaded. It also discovered that the data had duplicates. Ryushi, the hacker, asked Twitter to pay him $200,000 (£168,000) in exchange for providing the data and deleting it. The information follows a warning from Hudson Rock last week regarding unsubstantiated claims made by a hacker that he had access to the emails and phone numbers of 400 million Twitter users.

Troy Hunt, the founder of the security news website Have I Been Pwned, also investigated the incident and tweeted his findings "Acquired 211,524,284 distinct email addresses; appears to be primarily what has been described," he said. 

The social network has not yet responded to the enormous disclosure, but the cache of information makes clear how serious the leak is and who might be most at risk as a consequence. Social media companies have consistently and quickly minimized previous data scrapes of this nature and have dismissed them as not posing substantial security risks for years.

Read more »
User Privacy
Dark Web Email Fraud Have I Been Pwned MFA Password Phishing Attacks Privacy User Privacy

 Find Out if Your Email Address Is Being Sold on the Dark Web


Almost everybody uses email. You have probably had a data breach if your private information, like your email address, is discovered on the dark web. There are numerous methods to sell and use your personal information.  

The portion of the Internet that is hidden and inaccessible with a standard web browser is known as the dark web.  The dark web's material is encrypted and needs special permission to access. The most popular method for accessing the black web is Tor, a program that masks IP addresses and locations. Additionally, hackers can easily purchase and sell identity-related information on the dark web, including credit card data, Social Security numbers, medical records, passports, etc. 

How to search for your email on the dark web

1. Launch a computer scan

Unusual or suspicious activity is a certain indication that your email account has been hijacked. Monitoring your laptop for viruses. For instance, it is very likely that your account has been hijacked if you find that your recovery email address or phone number has changed. 

2. Search Have I Been PWned?

You can utilize the website Have I Been Pwned to determine whether your data has been exposed as a result of a breach. The free tool gathers data while searching the internet for database dumps.

3. Employ a password manager

The entire objective of password managers is to assist users with all aspects of password management. A built-in password generator is typically included with password managers, allowing you to create complicated, secure passwords right away. 

4. Make use of two-factor authentication

A hacker will have a much harder time gaining access thanks to the additional layer of security provided by two-factor authentication. 

You must confirm the login attempt after providing your normal information. Usually, to do this, you will get a text message with a random number that you must enter in order to access your account. By doing this, even someone who knows your email and password cannot access your accounts.  

In some circumstances, opening a new email account could be the best and safest choice. From social media to banking, disconnect all of the accounts from the compromised address and link them to a new one.  

Users ought to use more than one email account to achieve optimal security. Decentralizing your online presence and protecting your devices from cyber risks can be accomplished in large part by setting up distinct accounts for work, banking services, social networking, and newsletter subscriptions. Users must ensure they are aware of cybersecurity fundamentals because maintaining online safety takes more than just securing their email account.
Read more »
USA
Darkweb Data Breach FTC Have I Been Pwned Phishing Attacks Private Data USA

Owner of CafePress Penalized $500,000 for Hiding a Data Breach

 

CafePress's past owner Residual Pumpkin firm has been fined $500,000 by U.S. Federal Trade Commission (FTC) in their final order over a 2019 data breach that impacted 23 million customers.

CafePress is a US site that sells print-on-demand items like apparel, housewares, and kitchenware. Sellers can register on the website and upload their designs, and CafePress takes a percentage of every sale. 

Social Security numbers and password recovery responses were kept in plain text and for a longer period by the Residual Pumpkin firm. Additionally, the organization did not implement existing safeguards and react to security vulnerabilities. After several attacks on its servers, it attempted to hide the significant data breach carried on by its inadequate security protocols. 

A unanimous 5-0 vote accepted the FTC's order. The FTC has mandated that the corporations immediately implement multi-factor authentication of stored data and set an encryption key for all social security numbers, in addition to imposing fines on the businesses. 

As a result, the company's current owner PlanetArt, who acquired CafePress in 2020, has set up an alert system to notify all customers and vendors whose private information has been compromised.

Unknown attackers acquired access to files stored as SHA-1 hashes during a February 2019 breach of CafePress' servers, exploited, and later sold 23,205,290 CafePress users' personal information on the dark web. However, after receiving notifications via Troy Hunt's Have I Been Pwned service, several users became aware of the situation. The fact the users seemed to reset their passwords on checking in without being informed of the data breach was the only indication that something was wrong. 

Since some of its merchants' accounts had been hacked since at least January 2018, as per FTC's claim, CafePress was aware that it had vulnerabilities even before the 2019 incident.

Instead of letting users acknowledge the instances, CafePress terminated their accounts and assessed a $25 account closure fee to each of them. Before the 2019 security breach, the company's network was again affected by several malware infestations, and CafePress once again neglected to look into the attacks.
Read more »
Spyware
Anti Malware Tool Data Breach Have I Been Pwned RedLine Spyware

441K accounts Were Taken by RedLine Virus, according to Have I Been Pwned.

 

Have I Been Pwned may now search the RedLine data for 441,657 unique email addresses taken by RedLine. RedLine is viewed as right now the most generally utilized data-taking malware. It is conveyed through phishing efforts with pernicious connections, YouTube tricks, and warez/break locales. The RedLine malware, once introduced, will endeavor to take qualifications, treats, Visas, and auto-complete data put away in programs. 

The Have I Been Pwned information on data breach notice currently allows you to browse in the event that your email and secret phrase are one of 441,000 records taken in a data-taking effort utilizing RedLine malware. 

The illegally taken information is gathered into a file, called "logs," and transferred to a distant server from where the aggressor can later gather them. Aggressors utilize these logs to think twice about records or sell them on dull web criminal commercial centers for just $5 per log. 

RedLine is a trojan that may be purchased individually or as part of a membership-based on underground forums. This spyware collects information from applications such as saved accreditations, autocomplete data, and Mastercard information. When executing on an objective system, a framework inventory is taken to include details such as the username, location information, equipment setup, and information about installed security programming. Later versions of RedLine included the ability to accept digital currency. This malware can transfer and download records, execute orders, and occasionally send back data about the infected PC. FTP and IM customers are also clearly identified by this family, and this malware can transfer and download records, execute orders, and occasionally send back data about the infected PC. 

Bob Diachenko, a security researcher, discovered a site with over 6 million RedLine logs from August and September 2021 last weekend. This server was most likely utilized by the threat actor to store stolen data, although it was not effectively secured. The server is still accessible, according to Diachenko, but it does not appear to be used by threat actors because the amount of logs has not increased. 

Diachenko shared the data with Troy Hunt, who added it to his Have I Been Pwned service to make it simpler for others to check if a hacker got their data in the exposed RedLine malware operation. 

Have I Been Pwned assuming an organization you have a record with, has experienced an information break it's conceivable your email might have been pwned; presented to cybercriminals haveibeenpwned.com(link is outside) is a site that checks assuming a record has been compromised 

RedLine is attempting to steal cryptocurrency wallets, you should transfer any tokens you hold to another wallet and reset the passwords for all accounts used on the machine, including work VPN and email accounts, as well as other personal accounts.

Ultimately, if your email address appears in the RedLine data, you should run an antivirus scan on your computer to detect and remove any malware.
Read more »
Have I Been Pwned
Carding Mafia Credit Card Credit Card Hacking Forum Data Breach Have I Been Pwned

Credit Card Hacking Forum Compromised 300,000 User Accounts Due To A Data Breach

 

As per the information provided by the website ‘Have I Been Pwned’, Carding Mafia, a credit card stealing and trading platform that exposed nearly 300,000 user accounts, has indeed been compromised. However, Motherboard indicates that there was no indication that its consumers were warned on either the Carding Mafia Forum or its community telegram channel. According to forum data, Carding Mafia has more than 500,000 users. 

The breach potentially released 297,744 users' e-mail addresses, IP addresses, usernames, and hashed credentials. The authenticity of stolen data was verified by the founder of Have I Been Pwned, Troy Hunt. Hunt has stated that the carding site identifies e-mail addresses leaked through the 'forgot password' feature although it declined to identify and use any other random e-mail addresses. The carding website cautioned that when anonymous e-mails are submitted, a notification pops up which reads, “you have not entered an email address that we recognize” as per the Motherboard. 

The data reportedly hacked from this carding facility was 990 GB in the size of 660,000 artworks and 130,000 threads, according to the screenshots shared by Motherboard. The accused hacker presented the database through their inbox for free. Researchers noticed some months ago that too many cybercrime payments were being shifted to private message applications, to prevent alerting officials and security researchers that typically warn of compromised organizations. 

It is not unusual for hackers to post the stolen data publicly on popular hacking forums to gain "street cred" or a reputation. One can use this credibility to claim data or even request premium prices. Hackers find it harder to individually sell hacked information and use data brokers to divide over-generous fees. 

Hacker on hacker Cybercrime is a common way to stifle competitiveness by offering similar services to rival gangs. It may also be a simple way to get the gigabytes of compromised data free of charge or to boost the credibility of the hacker. Although IP information could encourage law enforcement agencies to identify the whereabouts of cybercriminals, as most criminals use VPN services to hide their real internet addresses. In order to register for hacking websites, hackers also use untraceable email addresses from vendors including Mailinator. However, new hackers are likely to be mistaken by logging into their actual IP addresses or by using real email addresses on the carding hacking pages. 

Meanwhile, Ilia Kolochenko, Founder and Chief Architect at ImmuniWeb, says: “Most of the compromised accounts have fake data and IPs from anonymous VPNs or proxies that are not likely to bring much actionable evidence to law enforcement agencies for investigation. Moreover, even the Western law enforcement agencies are currently underequipped to investigate and prosecute cybercrime on a large scale and will probably not initiate investigatory operations after the leak.”
Read more »
Subscribe to: Posts (Atom)