Hack of 1.7M Snapchat Accounts Didn't Actually Happen*:
- Barely a day goes by anymore that we don’t hear about another big hack, but there are times when the hack never actually happened.
- There were reports recently of a massive Snapchat breach, exposing details on 1.7 million of the popular ephemeral messaging app's users.
- Snapchat is currently being sued by a former employee who made several allegations.
- A hacking group calling itself Hell Shield Hackers got involved and claimed to have account information on 1.7 million users.
- As security experts began investigating the hack, however, their claim started to fall apart; the dump actually contained only a small number of incomplete records that had been posted before.
- Given that Snapchat's security has found no evidence of any recent breaches, it fairly clear that the hackers' claims were all smoke and no fire.
*Source: Forbes, April 19, 2017
Large Australian Companies Expect Rising Cyber Risks*:
- Cybersecurity is becoming a board-level concern among Australia's largest companies.
- Only 29% of the companies surveyed say they’re “very confident” that they can detect and respond to an intrusion with minimal operational impact.
- Still, the broad trends illustrated by the survey are positive; many companies have cybersecurity training and considered how they would notify customers about a data breach.
- Australia pledged in April 2016 to spend AU$230 million (US$173 million) over the next four years on a range of initiatives to bolster the country's cybersecurity stance.
- It's estimated cybercrime costs the Australian economy a minimum of $1 billion a year, although the figure could be as high as $17 billion.
- Some 88 percent of boards now receive reports on cyber incidents, with 21 percent of those respondents establishing reporting procedures within the last year.
- Of increasing concern is how attackers look for weaknesses in the networks of a company’s partners; a third of survey respondents say they’ve not evaluated the cyber defenses of their suppliers or customers who have connections to their systems.
- Only 37 percent have a “clear understanding of their own key information assets,” which means the board doesn’t have a good understanding of where the data is.
*Source: Data Breach today, April 21, 2017
Immigration Phone Scam Seeks To Steal Victims' Identities*:
- Scam artists claiming to work for “U.S. Immigration” are calling victims across the country seeking to steal their personal information and commit identity theft, the Department of Homeland Security’s inspector general warned.
- The thieves are using a technique called spoofing, where they alter the caller ID so it looks like the call is coming from the Department of Homeland’s hotline number.
- The scammers demand to obtain or verify personally identifiable information from their victims through various tactics, including telling individuals that they are victims of identity theft.
- The inspector general said DHS never uses its hotline to make outgoing calls, and individuals shouldn’t answer calls from 1-800-323-8603.
- Immigrants often are afraid to come forward to report scams for fear of being ensnared in the heightened immigration enforcement dragnet.
- As scammers seek to capitalize on the anti-immigrant political climate, people should know never to offer payment or personal information over the phone.
*Source: CNN Money, April 20, 2017
1.3 Million K-12 Students Exposed By Now-Secured Data Breach*:
- More than a million American students had their information exposed this month in a data breach at a California-based company that offers data services to kindergarten through 12-grade schools.
- A security researcher discovered the Schoolzilla breach in early April while scanning the web for an “all too common” misconfiguration in Amazon cloud storage devices.
- The storage device discovered included a database that contains the personal information of approximately 1.3 million students in the United States, including some Social Security numbers.
- It has not been confirmed which U.S. schools may have been affected.
- Schoolzilla corrected the issue and secured the students’ information within 24 hours.
- Unfortunately, the quick response is atypical; it is a common issue that many companies respond with suspicion when reached by outside security researchers reporting vulnerabilities that expose their customers’ data.
*Source: Daily Dot, April 20, 2017
InterContinental Data Breach Expands From 12 to 1,200 Hotels*:
- InterContinental Hotels Group (IHG) has released new information on a data breach that shows the cyber-attack's consequences are far worse than originally believed.
- The company first asserted that the compromise was rather minor, having only impacted 12 IHG-managed properties.
- IHG called in reinforcements in the form of cybersecurity professionals to investigate the problem, and the team discovered that attackers were able to install malware on the servers that the hotels’ payment card processing systems relied on.
- Customers affected were notified, and this appeared to be the end of the issue
- However, IHG has quietly released additional information relating to the breach, and it’s not pretty.
- Rather than affecting only 12 properties, IHG said in a statement that the malware was designed to access payment card data at properties between Sept 2016 and Dec 2016, and the number of properties now numbers in the thousands.
- The hotel chain is offering franchised properties free computer forensic help and is pushing locations to implement the firm's Secure Payment Solution, which encrypts cardholder information.
- IHG is working with payment card networks as well as with cybersecurity experts to confirm that the malware has been eradicated from each location, and law enforcement has also been notified.
*Source: ZD Net, April 19, 2017