Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 4 May 2020

Data Breaches Digest - Week 19 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 4th May and 10th May 2020.

10th May

ChatBooks discloses data breach after data sold on dark web

Hacker group ShinyHunters selling data of 11 enterprises on the dark web

How To Build A Business Case For Endpoint Security

Maze ransomware operators create havoc by leveraging attack on two US-based enterprises

Microsoft Github Account Reportedly Suffered A Cyberattack, Over 500 GB Data Stolen!

Protecting Privileged Identities In A Post-COVID-19 World

Sodinokibi ransomware can now encrypt open and locked files

Tax agents potentially compromised in early access to super fraud

The 4 Stages to a Successful Vulnerability Management Program

9th May

A hacker group is selling more than 73 million user records on the dark web

Cognizant: Ransomware Attack Expense at Least $50 Million

DigitalOcean suffers data breach after leaving internal document online

Entertainment Law Firm Hacked in Major Data Breach, Ransomware Attack

Hacker group floods dark web with data stolen from 11 companies

Law Firm Representing Lady Gaga, Madonna, Bruce Springsteen, Others Suffers Major Data Breach

Microsoft adds protection against Reply-All email storms in Office 365

Nefilim ransomware attacks BeyoncĂ©’s lingerie maker

Possible data breach reported at Pickering long-term care home

Possible privacy breach at Pickering long-term care home

Ransomware gang victimizes celebrities

REvil Ransomware Actors Threatening to Leak “GSMLaw” Documents

US Marshals says prisoners’ personal information taken in data breach

US Marshals Service exposed prisoner details in security breach

Virus Tracing App Raises Privacy Concerns in India

8th May

5 common mistakes that lead to ransomware

15 biggest hacks of the 2010s

86% of firms facing network security disruptions since switching to remote work

99% of enterprise users reuse passwords across accounts

Accenture says Unacademy hack has no impact on its data

Chinese APT group Naikon targeted Western Australia government

Cognizant expects to lose between $50m and $70m following ransomware attack

Covid-19 Impact: Demand for data centers surge as remote working catches up

Cyber-Attack on Stadler IT Network

Dating app MobiFriends silent on security breach impacting 3.6 million users

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data

Digital Ocean says it exposed customer data after it left an internal document online

Does Your Security Awareness and Training Program Account for Changing Work Environments?

Facebook-funded Unacademy data hacked, claims cybersecurity firm

Financial disputes scheme reports data breach

Financial Services Complaints (FSCL) reports email breach

Hacker gains access to a small number of Microsoft's private GitHub repos

Hackers Breach 3.5 Million MobiFriends Dating App Credentials

Hackers Try to Sell 26 Million Breached Records

Healthcare systems remain vulnerable to cybersecurity threats during COVID-19

HEPACO, LLC Provides Notice Of Data Privacy Incident

How COVID-19 may change the cyber insurance landscape

How Law Firms Can Demonstrate Strong Cybersecurity Practices

Identity-Based Attacks Proliferate as Exposed Credentials Become More Intimate

Incident of the Week: Impact Mobile Home Communities Breached

Judgment allowed hackers to impersonate Banco Santander

LabCorp Shareholder Files Suit Over Double Data Breach

Malvertising Attackers Target 900,000 WordPress Sites

Microsoft’s GitHub Account Gets Hacked

MobiFriends data breach: 3.68 million credentials exposed online

Moving away from good old passwords in the era of artificial intelligence

'Our data is secure': Bukalapak denies reports of user data breach

REvil ransomware threatens to leak A-list celebrities' legal docs

Shiny Hunters hackers try to sell a host of user records from breaches

Stop Phishing With Employee Training

Suit filed against Lurie Children’s Hospital over data breaches

To Pay or Not to Pay: How to Deal With – and Avoid – a Ransomware Incident

Unacademy assures users' sensitive info safe after admitting to data breach

Unacademy data breach: Hacker allegedly steals data of 22 Million users, sells it on dark web

Virus tracing app raises privacy concerns in India

What is privileged access management (PAM)?

What is the Average Cost of a Data Breach?

What one cybersecurity company has learned from responding to Maze ransomware

Why Data Breaches Of Large Organizations Still Occur

7th May - World Password Day

4iQ Report: The Era of Weaponized Data Breaches

5 common password mistakes you should avoid

500GB of data allegedly stolen from Microsoft’s private GitHub

9,000 reports of sextortion and porn watching emails in April

11 billion adult site records exposed

44 Million Pakistani Mobile Users Data Leaked Online

A Fifth of Consumers Hit by Fraud Over Past Year

Adult Cam Site CAM4 Exposed 10.88 Billion Records

Advanced Computer Software leak exposes nearly 200 law firms

As we move online, we need privacy

Assessing the Value of Corporate Data

Australian Tax Office confirms government’s early access superannuation scheme has been compromised

Coronavirus fallout: Four ways to manage fraud risk

COVID-19 Uncertainties Fuel Ransomware Attacks and Phishing Schemes

Cybercriminals are 'already taking advantage' of the COVID-19 crisis

Cybersecurity and COVID: 5 Lessons

Data breach at Indian learning platform Unacademy exposes millions of user accounts

Destination Cyberlandia: 3 keys to cyber happiness amid COVID-19

Early-access super scheme hacked

Five Unexpected Ways An Unprotected Chatbot Could Affect Your Business

GoDaddy Confirms Breach Affecting 28,000 Accounts

Hacker claims to have stolen over 500GB data from Microsoft’s private GitHub repositories

Hacker freed from suit

Hackers claim to breach Microsoft’s GitHub account; steal 500GB of data

Hackers Target WHO by Posing as Think Tank, Broadcaster

Harsher penalties required for privacy breaches, says Cambridge Analytica whistleblower

How COVID-19 is evolving the data breach communication process

How your passwords can end up for sale on the dark web

If you’ve watched porn on this popular site, your personal details may have been exposed

Is Passwordless Authentication the Future?

It’s only a matter of time before your business will suffer a cyber-attack

It’s World Password Day

JavaScript Skimmers Found Hidden in 'Favicon' Icons

Jump in vulnerable RDP ports is leaving networks open to hacking and cyberattacks

LastPass Report Finds Most People Reuse Passwords Despite Knowing the Risks

MAZE Claims Ransomware Attack on US Egg Supplier

Microsoft Offers $100,000 to Anyone Who Can Hack Linux OS

Microsoft: 150 million people are using passwordless logins each month

Old Tesla hardware containing owners' private data is surfacing on eBay

Online learning platform Unacademy hacked, details of 22 million users available for sale

Online Privacy During a Pandemic: New Challenges in a New World

Password managers can be a pain but they're good for security

Phishing: 160,000 dodgy emails flagged to scam-busting service in just two weeks

Privacy concerns over online learning grow at the university

Rebooting World Password Day

Retaining Encryption Keys

Saucy camgirl site CAM4 leaks 10.8 Billion files – including sexy chats, names and private info

The difference that a decade makes

The unseen COVID-19 ripple effect: Security misconfiguration risk

Unacademy data breach: 22 million users’ account details up for sale

Unacademy Data Breach: Data of Nearly 22 Million Users Sold On Dark Web

Unacademy Data Breached, Hacker Sold Data of Nearly 22 Million Users

Unacademy hacked, data of 20 million users up for sale

Unacademy Suffers a Data Breach; 22 Million User Records for Sale on Dark Web

Weaponized Data Breaches: Fueling Identity-based Attacks Across the Globe

Website provider GoDaddy suffers from a data breach

What is your password behaviour and how does it matter?

Whisper Users Sue Over Exposure of Almost 900 Million Records

Why AI and ML are increasingly important for effective IT security

Why World ‘Password’ Day Needs a Refresh

Windows 10 update breaks critical browser security feature

World Password Day: I Hate My PA$SW*RD

World Password Day: Six pieces of advice from the cybersecurity industry

Zoom security issues: Zoom buys security company, aims for end-to-end encryption

6th May

3 ways to boost your security with role-based security compliance training

6 Security Threats E-Commerce Businesses Frequently Face

91% of People Know Password Reuse is Insecure, Yet 75% do it Anyway

Alarming number of pharma executive login credentials available on the Dark Web

Attackers Claim Identity of Financial NGO to Steal Sharepoint, Office Credentials

Australian Breach Notifications increase in the second half of 2019 but continue to lag behind other nations

Bad Actors Are Now Leveraging Google's reCaptcha Checks To Raise Phishing Attack Success Rate

Battling Payments Fraud: Know Your Enemy

Biometric Data: Increased Security and Risks

Bukalapak Denies Alleged Data Breach on Dark Web

CAM4 live-streaming adult site exposed 7TB records publicly

COVID-19 Has Shut Down Lots of Things - But Not Privacy Regulators

Cyber attacks threaten tax pros and accountants during coronavirus crisis

Detecting and Mitigating IoT Breaches Require An “Inside-out” Approach to Security

Don’t give hackers a pass. Learn how to create stronger passwords to protect your information

Eight Basics of Risk Management

GoDaddy reveals widespread data breach

Hackers breach Roblox security to access user information

Hacker sells 22 million Unacademy user records after data breach

Half of Companies Have Suffered a Cybersecurity Issue Amid COVID-19 Crisis

Half of global businesses have already encounted a cyber scare since shifting to remote working during COVID-19

Healthcare Cyber Security Market report scrutinized in the new analysis

HMRC removes nearly 300 Covid-19 phishing scam sites

How COVID-19 is impacting marketers digital security

How your passwords can end up for sale on the dark web

Hybrid Cloud Security Solution is the Most Trusted Cloud Strategy

Illusive Networks Discovers New Nation-State Cyberattack Tools Linked to COVID-19 Phishing Scam

Large scale Snake Ransomware campaign targets healthcare, more

Learn to spot the data security risks while working remotely during Covid-19

Logistics giant Toll Group hit by ransomware for the second time in three months

Lurie Children's fires worker for improperly viewing 4,800 medical records

Many businesses cut security budgets to save costs amid pandemic

MAS Holdings targeted by cyber extortionists

Maze Ransomware Hackers Post Patient Data Stolen from 2 Providers

Maze Ransomware Operators Step Up Their Game

Microsoft's GitHub account allegedly hacked, 500GB stolen

Millions of Unacademy user accounts exposed in data breach

More people seem to be watching porn on work devices - and it’s a cybersecurity problem for employers

Nintendo Wii Source Code, Internal Documents, More Allegedly Leaked

Password psychology: People aren’t protecting themselves even though they know better

Possible shopDisney Security Breach May Have Exposed Your Personal Information to Other Shoppers During Star Wars Day Merchandise Release

Protecting Your Organization From Cyber Attacks While Implementing COVID-19 Remote Working Protocols

Ransomware Hackers Threaten to Release Credit Card Data From Costa Rican Bank

SaltStack Report Finds Automation and Alignment are Critical to SecOps Success

SAP Admits to Security Lapses in Some Products, but Says There Was No Data Breach

Search provider Algolia discloses security incident due to Salt vulnerability

Security concerns intensify amid shift to remote working

Singapore scrapes fraudulent COVID-19 healthcare products from online stores

Snake ransomware attack disrupts operations at hospital chain Fresenius Group

Stop data breaches

Tesla is reportedly not erasing previous owner’s data from older media control units (MCUs)

The Economic Shutdown’s Impact on Security Budgets

The GoDaddy Data Breach: What You Need To Know

The Rise of the PrivacyTechs

The State of XOps Report Reveals IT and InfoSec Alignment Increases IT Security Confidence by Three Times

Thinking Beyond Cybersecurity Vulnerability Assessments: What’s Next?

This phishing campaign targets executives with fake emails from their phone provider

UK City Leaves Nearly Nine Million License Plate/Location Data Records Exposed On The Open Web

US Department of Homeland Security Warns of Office 365 Security Risks

Watertight record-keeping and rigorous staff training can mitigate data breaches

WordPress Hacker Attacks One Million Sites in a Month

World Password Day

5th May

3 Emerging Remote Security Use Cases Addressable with SOAR Playbooks

10 Biggest Data Breaches in History

28 health system cyberattacks, data breaches so far in 2020

Accidental Internal Data Breaches Are on the Rise. Here’s How to Protect Your Business

Adult streaming website leaks 11 million emails and private chats

Beyonce and Victoria's Secret lingerie maker targeted by extortionists

Boone Hospital Center affected by possible data breach

Critical SaltStack vulnerabilities exploited in several data breaches

Cybercrime – Time to Focus on Prevention, Not Reaction

Details of 44 million Pakistani mobile users leaked online, part of bigger 115 million cache

Dispersed employees mean dispersed data

Do You Trust Your Cloud Provider to Protect Your Data? Maybe You Shouldn’t

Energy company's website takes ransomware hit from unknown hackers

Firms perceived to fake social responsibility become targets for hackers, study shows

Former Lurie Children's employee wrongfully viewed 4,824 patient records

GoDaddy Confirms Data Breach - 28,000 Customers Affected

GoDaddy Confirms Data Breach: What 19 Million Customers Need To Know

GoDaddy data breach shows why businesses need to better secure their customer data

GoDaddy owns up to October 2019 data breach

GoDaddy Suffers Data Breach

Hack Brief: An Adult Cam Site Exposed 10.88 Billion Records

Hackers Breached Over 160,000 Nintendo Accounts and Misused Payment Information, the Company Admits

Impact Mobile Home Communities Provides Notice Of Data Privacy Incident

It’s Time to Broaden the Definition of a Vulnerability

LabCorp Hit with Shareholder Lawsuit Over 2 Separate Data Breaches

LastPass Psychology of Passwords Report Reveals 91% of People Know Password Reuse is Insecure, Yet Two Thirds Do It Anyway

Learn How to Build an Effective Security Stack for Your Team

Nintendo's Old Files Have Been Stolen; That's Why There's Super Mario 64, Says Report

SAP discloses security lapses; says there was no data breach

Tesla Makes A Huge Mistake With Sensitive Customer Data

This common online behavior puts you and your data at great risk

Tokopedia Breach Exposes Govt's Lack of Personal Data Protection

Tokopedia data breach exposes vulnerability of personal data

Tokopedia Data Breach: Hackers Leaks 15 Million User Records

Under cyber attack

What is the best identity theft protection?

Why do we still use passwords?

Why you must prioritise security and convenience

Wii, N64, and GameCube Source Codes Leak Online

Working from Home? Here’s Top 6 Security Tips for Working Remotely

Your Applications Are the Weakest Security Link

Xiaomi's Data Collection Antics Raise Serious Questions About Consumer Trust

4th May

6 Things to Do After Implementing Cybersecurity AI for Alert Management

Attack On Crowdfunding Platform Impact Guru Highlights Covid-19 Cyber Threats

CAM4 adult cam site exposes 11 million emails, private chats

Councillors accuse Glasgow City Council of breaching data protection law

Cyber basics in a connected world

Cybersecurity Is Top of Mind for Boards Amid Pandemic

Dangers of Data Sprawl Increase during the Remote Work Revolution

Data owned by 193 law firms exposed via unsecured Advanced database

Data privacy musts while working from home

Edtech company suffers from third data breach

Emerging Security Threats Facing The Credit Union Space And How Data Analytics Can Help

French Newspaper Le Figaro Exposes 7.4 Billion Users’ Records

Ghost blogging platform servers hacked to mine cryptocurrency

GoDaddy notifies users of breached hosting accounts

Government Responds to Alleged Tokopedia Data Breach

Hackers seize on software flaw to breach two victims, despite patch availability

Here’s how human-like bots perform online fraud

How Organizations can Respond to Risk in Real Time

How to approach data breaches

How to Assess and Manage Third-Party Risk

Massive Nintendo Leak Reveals Wii Code, N64 Demos, and Early Pokemon Designs

Nintendo Source Code for N64, Wii and GameCube Leaked

Protecting corporate data in popular cloud-based collaborative apps

Protecting pharmacy against data breaches

Ransomware attack on Colorado hospital highlights fears of more healthcare hostage situation

Reliance Jio’s Coronavirus Symptom Checker App Exposes User Data

Revealed: Glasgow City Council faces accusations of breaching YOUR data privacy

Roblox Hacked by Bribed Insider

Serious iPhone Vulnerability Triggered by Simply Opening Mail App May Have Been Present for Nearly Eight Years

SMB Security Catches Up to Large Companies, Data Shows

Students, experts call for explanation after York University suffers 'extremely serious' cyber attack

Tesla personal data oversight highlights autonomous vehicle data privacy issue

Timely reminder about who bears responsibility for cloud security

Tokopedia probes alleged data leak of 91 million users

Tokopedia says payment info secure following alleged data leak of 91 million users

Xiaomi accused of collecting millions of people’s browser data

Xiaomi has been accused of collecting millions of people’s browser data