Tag: data leak

Ramaphosa’s personal data hacked

Source: Cape Town etc

President Cyril Ramaphosa was recently hacked, with sensitive details exposed by the group “SpiderLog$”.

According to the Sunday Times, his home address, ID and cellphone numbers, as well as a loan Ramaphosa took out back in the early 2000s, were accessed.

The data was reportedly obtained from an earlier breach as TransUnion contested.

The aim of the hack was to expose how much of a “playground” South Africa is for hackers, as the group said to Sunday Times, with whom they also supplied screenshots that inferred access to military intelligence datasets.

MyBroadband reports that part of the vulnerabilities ‘secured’ by the government, is the DigiTech app store, which showed an “inability to properly secure online system.”

Although it may come as a shock to some that our president was hacked, the gaping holes in security at the top echo what appears to be the gaping limitations of data security in SA.

More Absa customers hit by data leak

Source: MyBroadband

Absa has continued to send notifications to more customers impacted by a data leak in October 2020.

Customers have told MyBroadband they received emails from the bank this past week informing them the leak also impacted them.

“Following Absa’s announcement of an isolated data leak in November 2020, and a resultant independent forensic investigation, we have now identified more compromised data and are contacting impacted customers directly,” it states.

“Unfortunately, this leak encompassed some of your personal information, including your identity, contact details and transactional account number,” the bank added.

The leak, which an Absa employee orchestrated, resulted in the exposure of customer data that included identity numbers, contact details, addresses, and account numbers.

The employee, who served as a credit analyst, had been caught selling the private information of retail banking clients to third parties.

He was subsequently dismissed and criminally charged, and Absa notified the Information Regulator about the issue.

In its initial acknowledgement of the breach in November 2020, the bank labelled the incident as “isolated” and claimed it affected a “limited number of customers”.

Absa chief security officer at the time, Sandro Bucchianeri, later revealed the bank believed the information of 200 000 customers was exposed. For reference, Absa had around 9.7 million customers as of September 2020.

Bucchianeri left Absa in June 2021 and joined National Australia Bank as chief security officer.

Number of new accounts impacted unclear
The latest notification is at least the second time since the initial notice that Absa has informed additional impacted customers their details were exposed in the leak.

In April 2021, Absa sent a similar email to customers it had determined were also impacted.

An Absa spokesperson told MyBroadband independent investigations were ongoing, and the bank continued to reach out to customers as new information came to light.

“Throughout this process, we have taken extra precautions and heightened monitoring of customer accounts,” the spokesperson said.

The spokesperson did not respond to a question about exactly how many impacted customers had been added to the original tally of 200,000.

Absa advised customers suspecting suspicious activity on their accounts to contact its fraud hotline on 0860 557 557.

The bank also offers a free digital fraud warranty for customers that use its mobile app.

 

The entirety of Twitch has been leaked

By Chris Scullion for Video Game Chronicles 

An anonymous hacker claims to have leaked the entirety of Twitch, including its source code and user payout information.

The user posted a 125GB torrent link to 4chan on Wednesday, stating that the leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”.

VGC can verify that the files mentioned on 4chan are publicly available to download as described by the anonymous hacker.

One anonymous company source told VGC that the leaked data is legitimate, including the source code for the Amazon-owned streaming platform.

Internally, Twitch is aware of the breach, the source said, and it’s believed that the data was obtained as recently as Monday.

Twitch has confirmed the leak is authentic: “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”

The leaked Twitch data reportedly includes:

  • The entirety of Twitch’s source code with comment history “going back to its early beginnings”
  • Creator payout reports from 2019
  • Mobile, desktop and console Twitch clients
  • Proprietary SDKs and internal AWS services used by Twitch
  • “Every other property that Twitch owns” including IGDB and CurseForge
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

Some Twitter users have started making their way through the 125GB of information that has leaked, with one claiming that the torrent also includes encrypted passwords, and recommending that users enable two-factor authentication to be safe.

If you have a Twitch account, it’s recommended that you also turn on two-factor authentication, which ensures that even if your password is compromised, you still need your phone to prove your identity using either SMS or an authenticator app.

To turn on two-factor identification:

  • Log on to Twitch, click your avatar and choose Settings
  • Go to Security and Privacy, then scroll down to the Security setting
  • Choose Edit Two-Factor Authentication to see if it’s already activated. If not, follow the instructions to turn it on (you’ll need your phone)

The torrent also reportedly includes Unity code for a game called Vapeworld, which appears to be chat software based on Amazon’s unreleased Steam competitor Vapor.

Meanwhile, Vapor, the codename for an alleged in-development Steam competitor, is claimed to integrate many of Twitch’s features into a bespoke game store.

Finally, the leaked documents allegedly show that popular streamers such as Shroud, Nickmercs and DrLupo have earned millions from working with the popular streaming platform.

What it doesn’t include is money that streamers have earned outside of Twitch, including merchandise, YouTube revenue, sponsorships and external donations.

The anonymous leaker has stated that this is just the first part of the content due to be leaked, but hasn’t stated what they plan to also release.

One cyber security expert said on Wednesday that, if fully confirmed, the Twitch hack “will be the biggest leak I have ever seen”.

Twitch has regularly found itself under fire from creators and users who feel the site doesn’t take enough action against problematic members of the Twitch community.

Last month a group of Twitch streamers called on other channels and viewers to boycott the site for 24 hours as a response to hate raids.

On the same day as the campaign was initially announced, Twitch posted a thread on Twitter explaining that it was attempting to stop hate raids but that it was not “a simple fix”.

“No one should have to experience malicious and hateful attacks based on who they are or what they stand for,” it stated. “This is not the community we want on Twitch, and we want you to know we are working hard to make Twitch a safer place for creators.

“Hate spam attacks are the result of highly motivated bad actors, and do not have a simple fix. Your reports have helped us take action – we’ve been continually updating our sitewide banned word filters to help prevent variations on hateful slurs, and removing bots when identified.

“We’ve been building channel-level ban evasion detection and account improvements to combat this malicious behaviour for months. However, as we work on solutions, bad actors work in parallel to find ways around them – which is why we can’t always share details.”

 

Department of Justice hacked

By Jan Vermeulen for MyBroadband

At least 1 200 files were exfiltrated from Department of Justice computer systems before attackers infected them with ransomware and brought South Africa’s legal system to its knees.

This is according to a notice published by the Information Regulator of South Africa to inform its users of the breach.

It said that according to the Department of Justice and Constitutional Development (DoJ&CD), these files may have contained personal information such as addresses and bank account details.

Personally identifying information of South Africa’s information officers may also have been exposed.

The Information Regulator said that the following personal information might have been exposed:

  • Names, addresses, identity numbers, and phone numbers of information officers
  • Names, residential addresses, identity numbers, phone numbers, qualifications, bank accounts, and salaries of employees
  • Names, addresses, and bank details of the service providers.

The Regulator noted that this is just an early indication of the type of personal data that might have been compromised.

“The DoJ&CD has indicated in its report to the Regulator that at this stage, the investigations are inconclusive in terms of the exact nature of the information that was sent outside the ICT systems of the DoJ&CD,” it stated.

“Therefore, the types of personal information of its data subjects that may have been compromised is not yet determined.”

In addition to details of the data breach, the Information Regulator also revealed that it only found out about the attack because of a media statement issued by the DoJ.

“The Regulator became aware of the possible security compromise through a media statement on 9 September 2021 and was officially notified on 13 September 2021,” it stated.

It was only formally notified after reminding the department of its obligation to notify the Regulator and data subjects per section 22 of the Protection of Personal Information Act (POPIA).

The Information Regulator explained that the attack on the DOJ&CD places it in a curious position.

When the Information Regulator was established, as an interim measure, its computer systems were set up under the structures of the Department of Justice.

This makes the Information Regulator a “data subject” of the department and a “responsible party” that must notify its own data subjects in terms of POPIA.

The DoJ&CD was hit by a ransomware attack on 6 September, knocking several critical systems offline. These included:

  • E-mail
  • Bail services
  • Payment of child maintenance
  • No way to correspond with magistrates or judges — no one can file court papers
  • Recording and transcription of court proceedings offline
  • Master’s offices

Several cases in South Africa’s lower courts were postponed due to the outage, and the court system remains disrupted as the DoJ&CD works to restore its IT systems.

On 17 September, the department said it had recovered some functionality of its system for child maintenance payments, MojaPay.

The Master’s Offices around South Africa have been forced to revert to manual systems, also causing severe disruptions with the following services impacted:

Deceased estates — including issuing letters of executorship and urgent payments out of frozen bank accounts
Curatorships
Orphans whose affairs are being managed by the state
Democratic Alliance MP and former prosecutor Glynnis Breytenbach has said that the disruption to the Master’s Offices is a significant concern.

“They are no longer geared to operate manually. They don’t have the staff,” she stated.

“We need to get these systems back up and running. The Master’s office is so dysfunctional this is going to be the last straw,” she said.

Example of ransomware note without specific amount demanded, pointing victim to a dark web chat service.
The Information Regulator said it currently does not know the person’s identity that broke into the DoJ&CD’s systems. An investigation is underway.

In correspondence received from the DoJ&CD dated 20 September 2021, the Regulator was informed that the issue was detected within the Citrix environment — where applications are hosted.

Connectivity was lost between application and database servers on the evening of 05 September 2021, and, as a result, all user accounts on the Active Directory were locked.

The analysis of the attack concluded that it was a malware infection suspected to be ransomware.

The DoJ&CD informed the Regulator that even though the person’s identity that breached their systems is unknown, the investigation has led to the discovery of text files consistent with ransomware.

These files contain instructions to the department to contact what seems to be the perpetrators.

However, the DoJ&CD has advised that no demand for money has been made as of 20 September 2021.

A source has told MyBroadband that the claim from the DoJ that they didn’t receive a ransom amount is incorrect and that the attackers have asked for 50 bitcoin — around R33 million.

The DoJ&CD has disputed this and maintained that it has received no ransom demand.

 

Absa suffers data breach

By Dhivana Rajgopaul for IOL

Absa has laid criminal charges against the employee behind the data breach that resulted in clients’ personal information being leaked to third parties.

“Absa has brought criminal charges against the employee, and internally the requisite consequence management has been undertaken. Absa may take further action in relation to the recipients of the data once the full scope of the leak is identified and all investigations are completed,” said the bank in a statement.

According to the bank, an employee unlawfully made customer data available to external parties.

Absa warned the affected clients through an email on November 30 which informed them their personal information had been shared with external parties.

Absa said a “small portion” of clients’ personal information was leaked, but investigations would continue.

The personal information of clients that was shared with third parties includes identity numbers, account numbers, contact details and physical address.

The bank also secured an order from the High Court to carry out search and seizure operations and secured the devices that contained the data.

According to Absa, the data on the devices was destroyed.

The bank said it would contact customers who were affected by the data breach about potentially suspicious transactions.

It has also enhanced the monitoring of customer accounts that have been affected to date as well as put in place additional control measures to minimise the risk of re-occurrence in future.

 

By Bradley Prior for MyBroadband

HaveIBeenPwned has added a large data breach – involving popular writing website Wattpad – to its database of data breaches.

In June 2020, Wattpad – a website that allows users to publish their own literary content and critique the work of others – suffered a large data breach which exposed almost 270 million user records.

This data was reportedly sold to a private purchaser for $100,000, and has since reportedly been published to a public hacking forum – where it was shared broadly.

The data exposed in this breach includes names, usernames, email addresses, IP addresses, passwords, genders, and birth dates, HaveIBeenPwned said.

According to the post on the hacker website, included in the database are 145 million passwords hashed with bcrypt, and another 44-million hashed with SHA256.

“We are aware of reports that some user data has been accessed without authorisation. We are urgently working to investigate, contain, and remediate the issue with the assistance of external security consultants,” said Wattpad director of PR and communications Kiel Hume.

“From our investigation, to date, we can confirm that no financial information, stories, private messages, or phone numbers were accessed during this incident. Wattpad does not process financial information through our impacted servers, and active Wattpad users’ passwords are salted and cryptographically hashed.”

Hume said Wattpad is committed to maintaining the trust of its users “to ensure the safety and security of the Wattpad community”.

How to check if you are affected

HaveIBeenPwned allows you to check if your data was affected by data breaches including the recent breach of Wattpad.

To do this, users need to navigate to HaveIBeenPwned’s homepage and enter their email address into the search bar.

Check your email address here.

By Jan Vermeulen for MyBroadband

The Unemployment Insurance Fund (UIF) has made changes to the website for its Temporary Employer-Employee Relief Scheme (TERS) after a security researcher reported a data leak.

This leak allowed anyone to obtain the UIF reference numbers of employers who had been paid out, and look up how much they had been paid.

UIF reference numbers were published as part of a list of paid employers on a website hosted under the Department of Employment and Labour’s domain.

This list of paid employers can still be downloaded in CSV format from the UIF website, but it no longer includes UIF reference numbers.

After MyBroadband and the security researcher reported the issue, the UIF reference numbers were removed from the downloadable list.

Armed with a list of UIF reference numbers, an attacker could go to the “My Payment Status” page and query the reference number.

While this page now features a Captcha, it did not have one a few weeks ago. The Captcha was only added after we raised the matter with the UIF.

Before the Captcha was implemented, it would have been simple for an attacker to write a script to extract the amounts paid and processing dates for each of the UIF reference numbers that were readily downloadable from the same website.

It is also still possible to look up the payment status and amount paid for anyone so long as you have their UIF reference number, or ID number.

The UIF does not require that you register an account or log in to look up this information.

Screenshots of the information returned by the My Payment Status page are included below.

MyBroadband contacted the Ministry of Labour for comment and was directed to speak directly to representatives of the UIF.

The UIF did not respond to a request for comment.

By Hemani Sheth Mumbai for The Business Line

Hackers are selling over 500 000 Zoom accounts on the dark web and hacker forums for less than a penny each, and in some cases, for free according to a recent report by web platform Bleeping Computer.

Bleeping computer in the report said that they had first been informed of these accounts being posted on said platforms by cybersecurity intelligence firm Cyble who started noticing the posts around 1 April.

The firm had then reached out to the sellers who had put up the account for sale and had bought credentials for 530 000 Zoom accounts at $0.002 for a single account in an attempt to warn the customers of the breach.

Findings
According to the report, the accounts were hacked using credential stuffing attacks. Hackers use previously leaked accounts to login to the Zoom app. The credentials that enable them to successfully log into the app are then compiled and put up for sale on the dark web.

These credentials include email address, passwords, personal meeting URLs, and HostKeys, as per the report. Almost 290 accounts from the hacked accounts were related to universities and colleges, it said.

In a statement to BleepingComputer, Zoom had said that the company is already working on finding these password dumps to reset affected users’ passwords, the report said.

This is not the first instance of hackers zeroing in on the video-conferencing app that has gained massive popularity owing to global shutdowns in light of the coronavirus pandemic. According to a recent report by Motherboard, hackers have been cashing in on Zoom’s ‘zero-day’ vulnerabilities and selling data stolen from the app on the dark web.

‘Zero-day’ vulnerabilities are faults in software that hackers can use to target specific users. The price for zero-day vulnerabilities in Zoom on the dark web ranges from $5,000 to $30,000, the report said.

Zoom CEO Eric Yuan had recently held a Livestream conference acknowledging the privacy and security issues within the app ensuring that the company was working on fixing them.

By Jack More for Mashable 

They wouldn’t have numbered it if it was the only one.

On 16 January, security research Troy Hunt uploaded a massive cache of leaked e-mails and passwords to his invaluable website have i been pwned.

The 87GB dataset, dubbed “Collection #1,” was admittedly years old, and had been passed around by hackers for some time now. Still, the sheer scale of it — containing over 772-million email addresses — turned heads. Hold onto your digital butts, because as Krebs on Security reports, you ain’t seen nothing yet.

According to Krebs, the Collection #1 data breach is, unsurprisingly, part of a much larger collection of stolen online credentials being sold online. And, taken as a whole, it dwarfs Collection #1’s size.

Just how big are we talking? According to the hacker allegedly selling access to the data who communicated with Krebs over Telegram, the entire data set of email addresses and passwords comes close to 1TB. Brian Krebs, the infosec journalist behind Krebs on Security, tweeted a screenshot purportedly depicting a page listing the data for sale.

In addition to the 87GB Collection #1, there’s a 526GB Collection #2, a 37GB Collection #3, a 178GB Collection #4, a 42GB Collection #5, and two other folders totaling an additional 126GB worth of credentials.

The seller told Krebs that, in total, they had close to 4TB of so-called password packages. Yeah, that’s a lot. According to the image above, the “Price for access lifetime” is only a cool $45 (R630).

So your email, along with one or more passwords to various throwaway online accounts you’ve used and discarded over the years, is likely being traded on the dark web. What does this mean for you?

Well, if you’re smart about your online security, probably not too much immediately. Assuming you use unique passwords for each account online — and you definitely should — any of your passwords contained in the dataset would only gain a hacker access to one specific online service. Like, say, your old Tumblr account. And, if you use two-factor authentication, you’re likely in the clear.

However, all this goes out the window if a hacker gets access to your main email account and can initiate password resets. And if the email account in question just so happens to share a password with your now-defunct Neopets account or whatever? You might legit be in trouble. Consider getting a password manager, and make sure your email has a unique password and 2FA.

And then go about your normal online business, comfortable in the knowledge that your personal data is being sold to hackers for the low, low price of $45 (R630).

To see whether your email address has been breached, visit have i been pwned.

Facebook has made its data crisis worse

Facebook Inc tried to get ahead of its latest media firestorm. Instead, it helped create one.

The company knew ahead of time that on Saturday, the New York Times and The Guardian’s Observer would issue bombshell reports that the data firm that helped Donald Trump win the presidency had accessed and retained information on 50-million Facebook users without their permission.

Facebook did two things to protect itself: it sent letters to the media firms laying out its legal case for why this data leak didn’t constitute a “breach.” And then it scooped the reports using their information, with a Friday blog post on why it was suspending the ad firm, Cambridge Analytica, from its site.

Both moves backfired.

On March 16, Facebook said it “received reports” that Cambridge Analytica hadn’t deleted the user data, and that it needed to suspend the firm. The statement gave the impression that Facebook had looked into the matter. In fact, the company’s decisions were stemming from information in the news reports set to publish the next day, and it had not independently verified those reports, according to a person with knowledge of the matter. By trying to look proactive, Facebook ended up adding weight to the news.

On March 17, any goodwill the company earned by talking about the problem first was quickly undone when reporters revealed Facebook’s behind-the-scenes legal manoeuvring. “Yesterday Facebook threatened to sue us. Today we publish this,” Carole Cadwalladr, the Observer reporter, wrote as she linked her story to Twitter, in a post shared almost 15,000 times. The Guardian said it had nothing to add to her statement. The Times confirmed that it too received a letter, but said it didn’t consider the correspondence a legal threat.

Front-running the stories along with the letters to newsrooms are but two of several ways Facebook failed to contain fallout from the Cambridge Analytica revelations. Silence on the part of chief executive officer Mark Zuckerberg and chief operating officer Sheryl Sandberg didn’t help. Nor did a report late March 19 in the New York Times that chief security officer Alex Stamos is leaving after clashing with other executives, including Sandberg, over how Facebook handled Russian disinformation campaigns. Facebook said Stamos is still at the company, but didn’t outright deny that he plans to leave.

“Most of its executives haven’t done a real interview in ages, let alone answer deep questions,” Zeynep Tufecki, an associate professor at the University of North Carolina who specialises in social networks and democracy, wrote in a post on Twitter.

In a sign of investor dismay, Facebook shares tumbled 6.8% on March 19, the biggest decline since March 2014. As the stock fell and criticism from lawmakers poured in from the US and Britain, the company worked to make it clear that it didn’t actually have enough information, on its own, to react to Saturday’s news reports in a stronger way.

Facebook put out another blog post, saying that Cambridge Analytica and the researcher who provided them the data, Aleksandr Kogan, had agreed to a digital forensics audit to prove they deleted it. Facebook said the one person who didn’t agree to the audit was Christopher Wylie, the former Cambridge Analytica contractor who spoke to the newspapers about the data leak. With the post, Facebook aimed to stir more scepticism around Wylie’s information, according to a person familiar with the matter.

That didn’t resolve things quickly either. The auditors were already on site at Cambridge Analytica’s London office March 19 when they had to pause their work. The UK Information Commissioner’s Office is pursuing a warrant to conduct its own on-site investigation.

The Cambridge Analytica saga is the latest in a series of bungled Facebook responses, often reactionary and sometimes unintentionally stirring public outrage instead of resolving concerns. The company’s interaction with the public tends to start with a carefully crafted blog post, and then evolve into a much more improvised Twitter-based conversation with lower-level executives who defend the social network and explain its decisions. It doesn’t always go well.

Earlier this year, when the US government indicted 13 Russians who used Facebook to manipulate voters, a Facebook advertising executive took to Twitter to clarify that overall, the Russian ads were primarily used to divide Americans, not influence the election. His comments went viral after President Donald Trump used them to back up attacks on the “fake news media.”

In 2017, Facebook made its disclosures on Russia’s activities in a slow drip, each time illustrating a bigger problem. An April white paper on “information operations,” for example, didn’t name the country. The company that October said 10 million users saw Russia’s ads. Later that month, Facebook said 126 million people saw Russia’s posts in general. The company upped the number to 150 million during Congressional interrogation, when a senator asked if Facebook could include Instagram, the photo-sharing app it owns, in the count.

Stamos, who has favoured more forthright disclosure, was frequently outvoted, according to the New York Times. He’s planning to leave the company in August, the newspaper reported. On Twitter, he later said he’s still fully engaged with his work at Facebook, without answering questions about his plans. But that would make him the most high-profile exit since Facebook’s election-related troubles began.

Meanwhile, higher ranking executives remain quiet. Zuckerberg and Sandberg, who in past years would post frequently about the issues of the day, have shied away from reacting to the most controversial news. Lawmakers have now called out Zuckerberg by name in both the US and the UK.

Zuckerberg and Sandberg plan to remain quiet on the Cambridge Analytica situation until the company completes its internal review of what happened, according to a person familiar with the matter. Until they do, questions about Facebook’s ability to cope with the Cambridge Analytica crisis will undoubtedly persist. — Bloomberg

By Sarah Frier for The Star
Image: 123rf

  • 1
  • 2

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top