CloudPets Stuffed Toys Leak Details of Half a Million Users*:
- A security vulnerability allowed anyone to view personal information, photos, and recordings of children’s voices from CloudPets toys.
- According to a report by security researcher Troy Hunt, over 820,000 user accounts were exposed, including 2.2 million voice recordings.
- CloudPets toys connect to mobile apps and let parents and loved ones send messages to their children that are played through the stuffed animals.
- When you create an account with CloudPets, you give it your child’s name, and email address, and a photo.
- Like other toys that connect to the internet, CloudPets stores all that data in the cloud, but kids’ information was stored in an insecure database that didn’t require authentication to access it.
- Someone deleted all of the data and posted a ransom note for CloudPets.
- The data is no longer publicly accessible, but CloudPets has not informed users of the leak and has not responded to emails from reporters and users with questions about the exposed data.
*Source: CNN, February 27, 2017
40 Online Stores Affected in Aptos Data Breach*:
- Shoppers of 40 online stores have had their bank card numbers and addresses taken by a malware infection at backend provider Aptos.
- The security breach occurred late last year when a hacker was able to inject spyware into machines Aptos used to host its retail services for online shops, and was able to access payment card numbers, full names, addresses, phone numbers, and email addresses.
- According to the affected stores, the malware was active on Aptos systems from February through December of 2016.
- Aptos released a statement stating that they are working closely with the customers impacted by the incident to ensure the affected consumers are notified in a timely manner.
- According to a report from Bitdefender, 34% of US-based companies experienced some type of online security breach last year.
- Online retail is a massive market, with nearly 80% of Americans shopping online, but it doesn’t come without risks.
- Aptos hasn’t released a full list of impacted clients, but some of the known companies affected include Abbott Nutrition, Liberty Hardware, and Purdys.
*Source: WAPT News, March 04, 2017
Here's What You Need to Know About the Massive 'Cloudbleed' Data Breach*:
- A huge data breach that may have exposed users' private information and log-in details for thousands of websites was uncovered in February, in what looks to be the most significant internet leak of 2017 so far.
- Dubbed ‘Cloudbleed’ in reference to the notorious ‘Heartbleed’ breach in 2014, the leak stems from a bug found in code operated by web infrastructure company Cloudflare, which provides security and hosting services for thousands of major internet sites.
- Some clients are big-name web companies – including Uber, Yelp, FitBit, and OKCupid – and due to a tiny but significant error in some of Cloudflare’s code, sensitive user information from some of these sites was being randomly inserted into web pages when visited by other people.
- The leak was discovered on February 17 by security researcher Tavis Ormandy from Google's Project Zero bug-hunting team.
- What they found was snippets from user sessions on Cloudflare-hosted sites being randomly replicated on other Cloudflare sites, including things like encryption keys, cookies, and passwords.
- Ormandy reached out to Cloudflare, which assembled an international team of engineers to fix the problem, and who were able to stop the bug in less than 7 hours.
- The leakages may have been active from as far back as 22 September 2016, and there’s no way of knowing how many people’s sensitive information was exposed during that time.
- Cloudflare CTO explained they hadn’t detected any malicious activity resulting from the bug, but it’s difficult to say how many user credentials may have been leaked.
- The peak of the bug occurred, with around one in every 3,300,000 HTTP Cloudflare requests potentially resulting in data leakage.
- While the overall level risk to any particular user is probably very low, a lot of personal data could have been leaked, so it’s a good idea to change your passwords for any potentially compromised sites.
*Source: Science Alert, February 27, 2017
Hitachi May Face Rs.10crore Liabilities for Card Breach*:
- Hitachi Payment Services may face liability claim of `10 crore for a security breach caused by a malware in its system, compromising 3.2 million debit cards.
- Most banks have already filed their complaints with the regulator and are trying to ascertain who will bear the expense.
- The claims include money stolen and compensations for bank expenses after the fraud happened.
- Hitachi said earlier this month its system was affected by a malware that enabled fraudsters to steal information and funds from customers who swiped their debit cards in ATMs on the infected network.
- Hitachi released a statement saying, “as soon as the breach was discovered, we followed due process and immediately informed the Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), banks and card schemes to ensure the safety of their customers' sensitive data.”
- Despite using some of the best security devices, hackers created a `dummy code book' within its systems -capturing all possible four-digit numbers from 0000 to 9999 -to steal the PINs of customers as and when they used their cards to withdraw money from ATMs.
*Source: Economic Times, March 01, 2017
Only 2 in 3 Cyber Attacks Can Be Stopped with Current Defenses*:
- Only 64% of cyber-attacks can be stopped, detected or prevented with the current resources, on average, according to a Bitdefender survey of 250 IT decision makers at companies in the US with more than 1,000 PCs.
- Bitdefender’s survey shows that 64% of IT decision makers think their IT security budget is sufficient, 2% say the budget is enough, but they are understaffed, and 7% percent say funding is sufficient but can’t accommodate future expansion.
- Less than 20% of IT decision makers say they could stop more than 90% of cyber-attacks, while another 20% say they could detect and prevent less than a quarter.
- The survey shows 34% of respondent companies were breached in the past 12 months, with 74% reporting they don’t know how their company was breached.
- Cloud security spending at 48% of respondent companies increased in the past year while spending for other security activities remained the same.
- Migrating information from traditional data centers to a cloud infrastructure has significantly increased companies’ attackable surface, bringing new threats and more worries to CIO offices about the safety of their data.
- This survey was conducted in October 2016 by iSense Solutions for Bitdefender on 250 IT security purchase professionals and others from enterprises with 1,000+ PCs based in the United States.
*Source: Dark Reading, February 28, 2017