Tag: leak

By Rual de Vries for MyBroadband

Chinese authorities are censoring any posts on domestic social media platforms regarding an alleged data leak containing 1 billion citizens’ data, Financial Times reports.

In a post on Breach Forums, user “ChinaDan” claimed they possessed one billion Chinese nationals’ data, including names, addresses, ID numbers, mobile numbers, and any criminal records or case details, BleepingComputer reported.

The hacker named the Shanghai National Police database the leak’s source.

To confirm the claims, The Wall Street Journal’s Karen Hao called five individuals listed, who verified their names and associated case details.

Following news of the leak, hashtags like “Shanghai national security database breach” and “data leak” started to trend on Chinese social media platforms Weibo and WeChat.

However, by Monday, 4 July, the respective platforms had blocked any mention of the leak.

Chinese authorities reportedly invited some Weibo users to discuss their posts and removed a popular cyber security blogger’s post exploring the leak’s implications.

Binance CEO Zhao Chanpeng said its threat intelligence spotted these records for sale on the dark web and added the leak was likely due to a bug in an Elasticsearch deployment by a government agency.

“Apparently, this exploit happened because the gov developer wrote a tech blog on [the Chinese Software Developer Network] and accidentally included the credentials,” Zhao said.

More Absa customers hit by data leak

Source: MyBroadband

Absa has continued to send notifications to more customers impacted by a data leak in October 2020.

Customers have told MyBroadband they received emails from the bank this past week informing them the leak also impacted them.

“Following Absa’s announcement of an isolated data leak in November 2020, and a resultant independent forensic investigation, we have now identified more compromised data and are contacting impacted customers directly,” it states.

“Unfortunately, this leak encompassed some of your personal information, including your identity, contact details and transactional account number,” the bank added.

The leak, which an Absa employee orchestrated, resulted in the exposure of customer data that included identity numbers, contact details, addresses, and account numbers.

The employee, who served as a credit analyst, had been caught selling the private information of retail banking clients to third parties.

He was subsequently dismissed and criminally charged, and Absa notified the Information Regulator about the issue.

In its initial acknowledgement of the breach in November 2020, the bank labelled the incident as “isolated” and claimed it affected a “limited number of customers”.

Absa chief security officer at the time, Sandro Bucchianeri, later revealed the bank believed the information of 200 000 customers was exposed. For reference, Absa had around 9.7 million customers as of September 2020.

Bucchianeri left Absa in June 2021 and joined National Australia Bank as chief security officer.

Number of new accounts impacted unclear
The latest notification is at least the second time since the initial notice that Absa has informed additional impacted customers their details were exposed in the leak.

In April 2021, Absa sent a similar email to customers it had determined were also impacted.

An Absa spokesperson told MyBroadband independent investigations were ongoing, and the bank continued to reach out to customers as new information came to light.

“Throughout this process, we have taken extra precautions and heightened monitoring of customer accounts,” the spokesperson said.

The spokesperson did not respond to a question about exactly how many impacted customers had been added to the original tally of 200,000.

Absa advised customers suspecting suspicious activity on their accounts to contact its fraud hotline on 0860 557 557.

The bank also offers a free digital fraud warranty for customers that use its mobile app.

 

The entirety of Twitch has been leaked

By Chris Scullion for Video Game Chronicles 

An anonymous hacker claims to have leaked the entirety of Twitch, including its source code and user payout information.

The user posted a 125GB torrent link to 4chan on Wednesday, stating that the leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”.

VGC can verify that the files mentioned on 4chan are publicly available to download as described by the anonymous hacker.

One anonymous company source told VGC that the leaked data is legitimate, including the source code for the Amazon-owned streaming platform.

Internally, Twitch is aware of the breach, the source said, and it’s believed that the data was obtained as recently as Monday.

Twitch has confirmed the leak is authentic: “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”

The leaked Twitch data reportedly includes:

  • The entirety of Twitch’s source code with comment history “going back to its early beginnings”
  • Creator payout reports from 2019
  • Mobile, desktop and console Twitch clients
  • Proprietary SDKs and internal AWS services used by Twitch
  • “Every other property that Twitch owns” including IGDB and CurseForge
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

Some Twitter users have started making their way through the 125GB of information that has leaked, with one claiming that the torrent also includes encrypted passwords, and recommending that users enable two-factor authentication to be safe.

If you have a Twitch account, it’s recommended that you also turn on two-factor authentication, which ensures that even if your password is compromised, you still need your phone to prove your identity using either SMS or an authenticator app.

To turn on two-factor identification:

  • Log on to Twitch, click your avatar and choose Settings
  • Go to Security and Privacy, then scroll down to the Security setting
  • Choose Edit Two-Factor Authentication to see if it’s already activated. If not, follow the instructions to turn it on (you’ll need your phone)

The torrent also reportedly includes Unity code for a game called Vapeworld, which appears to be chat software based on Amazon’s unreleased Steam competitor Vapor.

Meanwhile, Vapor, the codename for an alleged in-development Steam competitor, is claimed to integrate many of Twitch’s features into a bespoke game store.

Finally, the leaked documents allegedly show that popular streamers such as Shroud, Nickmercs and DrLupo have earned millions from working with the popular streaming platform.

What it doesn’t include is money that streamers have earned outside of Twitch, including merchandise, YouTube revenue, sponsorships and external donations.

The anonymous leaker has stated that this is just the first part of the content due to be leaked, but hasn’t stated what they plan to also release.

One cyber security expert said on Wednesday that, if fully confirmed, the Twitch hack “will be the biggest leak I have ever seen”.

Twitch has regularly found itself under fire from creators and users who feel the site doesn’t take enough action against problematic members of the Twitch community.

Last month a group of Twitch streamers called on other channels and viewers to boycott the site for 24 hours as a response to hate raids.

On the same day as the campaign was initially announced, Twitch posted a thread on Twitter explaining that it was attempting to stop hate raids but that it was not “a simple fix”.

“No one should have to experience malicious and hateful attacks based on who they are or what they stand for,” it stated. “This is not the community we want on Twitch, and we want you to know we are working hard to make Twitch a safer place for creators.

“Hate spam attacks are the result of highly motivated bad actors, and do not have a simple fix. Your reports have helped us take action – we’ve been continually updating our sitewide banned word filters to help prevent variations on hateful slurs, and removing bots when identified.

“We’ve been building channel-level ban evasion detection and account improvements to combat this malicious behaviour for months. However, as we work on solutions, bad actors work in parallel to find ways around them – which is why we can’t always share details.”

 

By Jordan Valinsky for CNN Business

Over the weekend, cybersecurity experts revealed that about half a billion Facebook users’ personal information was breached – a treasure trove of data the includes full names, birthdays, phone numbers and their location.

Facebook said that massive leak stems from an issue in 2019, which has since been fixed. Still, there’s no clawing back that data. More than 30 million accounts in the United States were affected and the company isn’t making it easy to find out if your data was included in the breach.
But a third-party website, haveibeenpwned.com, makes it simple to check by inputting your email. For now, it just checks if your email was among those stolen.

That’s a pretty big catch: Although 533 million Facebook accounts were included in the breach, only 2.5-million of those included emails in the stolen data. So you’ve got less than a half-percent chance of showing up on that website, even though you’ve got about a 20% chance of being hacked if you’ve got a Facebook account.

HaveIBeenPwned creator and security expert Troy Hunt said on Twitter that he’s examining whether to add phone numbers.
“The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address,” Hunt’s website said.

Although this data is from 2019, it could still be of value to hackers and cyber criminals like those who engage in identify theft.
Facebook (FB) didn’t immediately respond to CNN on Monday about whether if it will create a way to see if their information was leaked.

Source: MyBroadband

The person behind the recent Absa data breach was a credit analyst at the bank who had access to risk modelling systems and sensitive client information.

The employee, who Absa said they trusted, leaked the client data to an external platform and then sold it to third parties.

This is feedback from Absa chief security officer Sandro Bucchianeri, who was speaking to ENCA about the data breach.

Bucchianeri first learned about the data breach on 27 October, after which they informed the Information Regulator about it.

Around a month after first being alerted to the data breach, Absa sent an email to affected clients warning them that their personal information had been shared with third parties.

He said the communication with customers was delayed to ensure they did not compromise the investigation, which was going through a court process at the time.

To date, Absa has not provided much detail about the number of clients affected and the person behind the leak, but Bucchianeri has now shed more light on the issue.

He said the Absa credit analyst sold private information about their retail banking clients to third parties.

While Bucchianeri could not divulge who these third parties were, he said they were from a “marketing type perspective who were looking for that type of information”.

“They may use the information to sell services or try to commit fraud on these accounts,” he said.

This employee has subsequently been suspended pending further information. Absa has also brought criminal charges against the employee, and these are playing out in the courts now.

Bucchianeri said the information which was leaked included bank account numbers, names and surnames, ID numbers, and contact details.

He added that the details of around 200,000 of their retail banking customers have been compromised.

Absa has now destroyed the leaked data and the external party devices have gone through an independent forensic review.

“We are in the process now to obtain the files for our own investigation,” said Bucchianeri.

He said Absa may also bring charges against the third parties who had access to the leaked data.

Following the data breach, Absa has implemented heightened monitoring on all the clients’ accounts who were leaked.

 

 

By Tehillah Niselow for Fin24 

Liberty Holdings customers received SMSs on Saturday alerting them that personal information related to their insurance policies could have been stolen by an external party.

The Information Regulator, which has asked for information about the Liberty breach, is clearly concerned about the increasing number of cyber attacks affecting personal data in South Africa.

“Without a fully functional Information Regulator, these breaches will continue to occur without sanctions provided for in the Protection of Personal Information Act (POPIA),” said chairperson Advocate Pansy Tlakula.

Tlakula urged “the powers that be to assist it in fast tracking its operationalisation”.

According to corporate law firm Michalsons, certain limited sections of POPIA have already been implemented. However, the bulk of the legislation will only commence at a later date, to be proclaimed by the president. As there is a one-year grace period, the POPIA deadline might only be set for the end of 2019 or in 2020.

In the meantime, South Africans are coming under heightened attack from cyber criminals and hackers.

Andrew Chester, MD of Ukuvuma Security, told Fin24 that affected clients or users should immediately alert their banks and cellphone provider. They should also undertake a credit check as well as a Google search to determine whether their personal information is in the public domain.

Liberty email hack

In SMSs to clients on Saturday, financial services company Liberty informed them that its email repository had been breached by a third party trying to demand a “ransom” in exchange for the data.

Liberty has not revealed much about the breach, citing a police investigation. CEO David Munro confirmed that Liberty’s insurance clients were the only ones affected, and that none of its other business had been compromised.

The company said none of its clients have been impacted financially, and that individuals will be personally advised if their information has been affected.

ViewFines licence details

In May the Hawks, the State Security Agency and the Information Regulator said they would probe the breach of personal records of 943 000 South African drivers, allegedly from online traffic fine website ViewFines.

The information reportedly contained the names, identity numbers and email addresses of South African drivers stored on the ViewFines website in plaintext.

The ViewFines website is owned by Aggregated Payment Systems. News24 reported that its operations manager confirmed the company was “implementing security measures immediately” to improve the website after being informed of the breach.

The source of the data was located by Troy Hunt, an Australian security researcher and creator of the free service Have I Been Pwned, which checks whether an individual’s information has been compromised.

Facebook scandal

While Facebook founder and CEO Mark Zuckerberg had to face angry lawmakers in the US and European Union, it was reported that the data breach involving the UK political consultancy affected almost 60 000 South African users.

In May, the Information Commissioner’s Office of the United Kingdom (which regulates Facebook outside the US and Canada) advised the Information Regulator of South Africa that over 87 million people had been affected worldwide.

However, no evidence could be found of South Africans having been targeted, as the majority of users involved were in the US.

Master Deed’s data breach “biggest” digital security threat in SA

Hunt was once again instrumental in revealing what was known as the “biggest” data breach in South African history, together with iAfrikan CEO Tefo Mohapi in October 2017.

Over 60 million South Africans’ personal data, from ID numbers to company directorships, was believed to have been affected.

The information was traced to Jigsaw Holdings, a holding company for several real estate firms including Realty1, ERA and Aida. The information reportedly came from credit bureau agencies, and was used to vet potential clients.

The information trove was found not to have been hacked, as it was stored in an easily accessible manner on an open web server.

Ster-Kinekor’s database compromised

Movie theatre chain Ster-Kinekor was responsible for up to 7 million South Africans falling victim to a data leak in March 2017.

Fin24 reported that Durban developer Matt Cavanagh announced he had discovered a flaw in Ster-Kinekor’s booking website, and that he had reported it to the company.

There were between 6 and 7 million users in the database. Of those, 1.6 million people had email addresses linked to them on the movie theatre chain’s database.

By Eric Limer for Popular Mechanics 

Twitter is suggesting all users change their passwords as a precaution after a reported glitch caused some passwords to be stored in plain text. If you’ve ever used your Twitter password for another service, you’d be wise to change it in both places.

Twitter says there is no evidence of a breach, but the error would have allowed any snoopers inside the system to scoop up unprotected passwords with ease. Typically, passwords are “hashed” before they are stored, a process which transforms them password into a unique series of numbers and letters that can’t be translated back into the actually sequence of numbers and letters you type in. This prevents hackers from snagging a phrase they can try on your other accounts.

Even with no evidence of an actual breach, this bug serves as a good reminder for some basic security hygiene. Use unique passwords for every service you use; a password manager can help you keep track of them all. Turn on two-factor authentication where available (it is available on Twitter). And while you’re at it, go look at the apps that have access to your account. These apps, if they’re insecure themselves, can offer hackers a limited way into your account without ever having to figure out your password.

The Paradise Papers: whose money is where

A new set of data taken from an offshore law firm again threatens to expose the hidden wealth of individuals and show how corporations, hedge funds and others may have skirted taxes. A year after the Panama Papers, a massive leak of confidential information from the Bermuda law firm Appleby Group Services, dubbed the Paradise Papers, has shone another light on the use of offshore accounts.

Here are the highlights so far of the reporting by the International Consortium of Investigative Journalists and partner news outlets on the so-called Paradise Papers. Bloomberg hasn’t seen the leaked documents:

  • The rich may be richer than you thought. Jim Simons, the billionaire founder of hedge fund Renaissance Technologies, has amassed more than $7.5 billion in a previously undisclosed, four-decade-old fund set up in Bermuda. Warren Stephens, an Arkansas banker and Republican donor, used a Bermuda-based family trust to reduce his tax bill and conceal his interest in a payday lender under US scrutiny. And George Soros, a liberal investor who has contributed to the ICIJ, used Appleby to manage a company that carried out reinsurance transactions that can be used to shield wealth from taxes.
  • More than a dozen members of President Donald Trump’s inner circle, including Secretary of State Rex Tillerson and top economic adviser Gary Cohn, held undisclosed offshore companies. Robert Mercer, a Republican donor who just said he would step down as Renaissance Technology’s co-CEO, was revealed to be a director of more than eight of RenTech’s offshore subsidiaries, who used other offshore firms to shelter money his family funneled to political causes. The Blackstone Group, co-founded by Trump economic adviser Stephen Schwarzman, used trusts and companies registered in tax havens to avoid paying taxes on two UK commercial
    properties.
  • After Irish officials closed a tax loophole that had allowed Apple to avoid billions of dollars in taxes, the US tech giant enlisted international law firms to help it find a new tax home and settled in the English Channel island of Jersey, the New York Times reported. The documents helped solve a two-year mystery of where the world’s biggest company by market capitalisation is booking a big share of its revenue.
  • Want to register a private jet in the US? Bank of Utah manages more than 1 390 aircraft trust accounts that obscure the identities of the jets’ (largely foreign) owners, the New York Times reported. Among the wealthy foreigners said to use the bank’s services: Russian oligarch Leonid Mikhelson, an ally of Russian leader Vladimir Putin whose gas company is under US sanctions.
  • US Commerce Secretary Wilbur Ross faces questions about his financial disclosures to Congress and the government after a report that he didn’t disclose business ties to the son-in-law of Russian President Vladimir Putin and an oligarch under US sanctions. The Appleby documents included details of Ross’s stake in a shipping company, Navigator Holdings, according to the New York Times.
  • House Republicans should slow down their consideration of a tax-overhaul bill after the investigative reports alleged offshore tax-avoidance by US multinational companies including Apple and Nike, congressional Democrats and tax-advocacy groups said.
  • The Monetary Authority of Singapore said it’s reviewing the documents and will take action against any financial institution or individual that breaches regulations. The regulator made the remarks on Wednesday after the consortium said that some of the files came from Asiaciti, a Singapore-based family-owned trust company. Asiaciti denied any wrongdoing.
  • Canadian tax authorities are reviewing reports linking a key fundraiser for Prime Minister Justin Trudeau to offshore trusts in the Caribbean. Montreal-based businessman Stephen Bronfman, son of billionaire Charles Bronfman, was among the individuals cited by news organisations including the Canadian Broadcasting Corporation, Radio-Canada and the Toronto Star in Sunday’s leak of bank documents.
    Commodities trader Glencore Plc was one of the top clients of Appleby, which even had a “Glencore Room” at its Bermuda office that kept information on the trader’s 107 offshore companies, according to the ICIJ investigation. (Peter Grauer, the chairman of Bloomberg LP, is a senior independent non-executive director at Glencore.)
  • Prominent Silicon Valley investor Yuri Milner, who was an early backer of Facebook Inc., partnered in two investments with the Russian state-controlled bank VTB Bank PJSC before it was sanctioned, his spokesman confirmed Friday. Details about the relationship between Milner and VTB surfaced in the wake of the Paradise Papers.
  • Indonesian authorities are investigating if former presidential candidate Prabowo Subianto and the children of ex-dictator Suharto, named in the leaked documents, are in breach of the country’s tax laws.
  • A North Korean was listed in the leaked documents as a shareholder in a Malta-based company which may have been involved in the overseas transfer of North Korean construction workers, according to Newstapa, a South Korean partner of the ICIJ.
  • Queen Elizabeth II of the UK made a series of investments in a Cayman Islands fund through the British Royal Family’s private estate, the Duchy of Lancaster, according to The Guardian newspaper.
  • Lord Michael Ashcroft, a major donor to the UK’s Conservative Party, had links to a Bermuda-based trust with assets worth as much as $450 million, The Guardian reported.
  • The Dutch Finance Ministry said it will review whether more than 4 000 cross-border tax rulings were issued in accordance with procedures. The decision follows the publication of an article in Het Financieele Dagblad reporting that correct procedures weren’t followed in an agreement between the Dutch tax authority and Procter & Gamble Co. “P&G has fully transparent relationships with governments and tax administrations worldwide,” the company said in a statement. “We may seek confirmation from governments and tax administrations that our interpretation of tax laws is correct. This is what was done in this instance.

Source: Marcus Wright for MoneyWeb / Bloomberg

Have you been breached?

It seems like there is a new data breach every other day, causing companies untold embarrassment and reputational damage when customers’ private details are leaked.

A new Web site called www.haveibeenpwned.com allows you to see if your details have been compromised by a data breach.

Simply click on the link, enter your email address and click the pwnd? button to find out if you’re a victim.

Major data breaches

Some high profile leaks in the last while include:

  1. RNC (2017)
    A misconfigured database containing the sensitive personal details of over 198-million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump.
  2. Zomato (2017)
    Zomato, which provides users with an online guide to restaurants, cafes and clubs, reported that data from 17-million users had been stolen, including email addresses and hashed passwords.
  3. NHS (2017)
    The recent WannaCry ransomware infected 47 NHS England Trusts and hundreds of companies across the world.
  4. ‘Eddie’ breach (ongoing)
    Security researchers at the Kromtech Security Research Center discovered a massive database of 560-million login credentials which is believed to come from up to 10 popular online services such as LinkedIn and Dropbox, obtained during previous data breaches.
  5. Wonga (2017)
    Payday loan company Wonga has fallen victim to a large data breach that could have hit as many as 245,000 of its customers including bank account numbers and sort codes.
  6. Tesco Bank (2016)
    Late last year, Tesco Bank, the consumer finance wing of the British supermarket giant, froze its online operations – after as many as 20 000 customers had money stolen from their accounts.
  7. Sage (2016)
    As a FTSE-100 firm, the apparent insider attack admitted by accounting and HR software firm Sage could turn out to be one of the most important in UK data breach history if its scale is confirmed.
  8. Ashley Madison (2015)
    In July 2015, a group calling itself “The Impact Team” stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group leaked more than 25 gigabytes of company data, including user details.
  9. Mumsnet (2014)
    A direct victim of the infamous and widespread Heartbleed SSL software flaw, the compromise allowed hackers to access anything up to 1,5-million user accounts on the hugely popular site, its owners revealed.
  10. Yahoo (2013, 2014)
    It seems hard to pin down just one data breach spawning from Yahoo’s 22 years in business. Last year appeared to unearth a mammoth lack of security on Yahoo’s part with reports uncovering a breach affecting over 500-million Yahoo user accounts during 2014.
  11. Sony PlayStation Network (2011)
    The largest data breach in history at the time, Sony’s disastrous 2011 breach saw hackers make off with the customer records of 77-million people relating to its PlayStation Network, including a small number revealing credit card numbers.

Sources: www.techworld.com; wikipedia; www.haveibeenpwnd.com

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top