As per tradition, in the beginning of new month we are sharing with you the most notable Information Security incidents. In August, we had the following events: a nightmare for League of Legends fans, the largest leak in US history, and another Microsoft outage. 

Premature premiere

What happened: future Netflix novelties leaked online due to an attack on the contractor.

How it happened: on 9 August, episodes of Netflix anime and animated series that had not yet been released began to appear on social networks and on thematic forums. Among them: Arcane, Terminator Zero, Dandadan, Ranma ½ and others.

Netflix was quick to respond to the leak, saying that ‘hackers attacked one of our post-production partners.’ This is also confirmed by the low quality of the ‘leaked’ videos with ‘for work use’ watermarks.

The media giant tried to remove the leaked data from the network, and also posted a new story trailer of the most high-profile new product — the second season of the anime based on the League of Legends game — Arcane, to calm the hype. But it didn’t help, millions of fans waiting for the second season have already seen major plot spoilers.

Drive your dream, but don’t forget about InfoSecurity

What happened: Toyota’s US division fell victim to a cyberattack.

How it happened: 240 GB of data from Toyota’s California division appeared on a hacker forum on 16 August. Among the leaked information were employee and customer data, internal documents and databases, logins and passwords from admin accounts in plain text.

Notably, the attackers are not selling the data, but giving it away for free. This may suggest that the attack was an act of ‘hacktivism’.

Toyota confirmed the leak and assured that the incident was limited and the company has already launched an investigation. However, a few days after this statement, the leaked admin accounts were valid and still working.

To enter past the butler

What happened: hackers caused a major disruption in Indian banking apps.

How it happened: attackers attacked C-Edge Technologies, a major service provider. Because of this, mobile banking apps did not work almost all over India on 1 August.

The incident was investigated by Juniper Networks specialists. According to them, C-Edge Technologies was hacked because of a misconfigured Jenkins server. This is an automated system for testing and delivering mobile application modules.

The attackers started by sending a POST request to the server in an attempt to execute a malicious command. This succeeded, and the criminals gained a foothold on the server, accessed other company systems, and then injected the ransomware.

Notably, in addition to Jenkins being incorrectly configured, one of its parts incorrectly handled POST requests, the server itself had not been updated to the current version. This made it possible to exploit the critical vulnerability CVE-2024–23897 (CVSS score: 9.8/10) and conduct the attack.

Cold revenge from warm Italy

What happened: a former contractor attacked the crypto platform Holograph.

How it happened: Holograph is an omnichain tokenization protocol, enabling asset issuers to mint natively composable omnichain tokens. Hackers exploited a vulnerability in its system and used a proxy wallet to generate 1bn Holograph tokens — HLG.

The total value of the generated tokens was approximately $15 million. Due to such ‘cryptoinflation’ the value of HLG tokens fell from $0.014 to $0.0029 in a few hours.

After the incident, an international investigation was launched and the suspects were arrested on the territory of Italy. Their names were not disclosed, but it turned out that the organiser of the attack was a ‘disgruntled former contractor’, who understood the workings of the Holograph protocol.

PII Wars: Attack of the clones

What happened: 2.7 billion Americans’ data records were exposed.

How it happened: On 6 August, a hacker forum shared a post with the personal information of 2.7 billion Americans. It contained names, social security numbers, emails, and possible aliases of those affected.

Researchers believe that the alleged source of the leak is a company called National Public Data. It collects citizens’ personal data, and then for a fee provides access to them for criminal record checks and private investigators.

According to media reports, a dump with similar data was already sold on the same hacker forum this year in spring. Back then, another hacker claimed to have hacked National Public Data and obtained the personal data of US, UK and Canadian citizens.

After the initial leak, different hackers published partial copies of the data dump, with each copy containing a different number of records, and in some cases differing in the data itself. The latest and most complete version of the data dump appeared on 6 August.

So far, the exact authenticity of the leaked “clones” has not been identified. But it turned out that National Public Data collected Americans’ data without their consent from non-public sources. As a result, the company was indicted.

Six months together, already like family

What happened: Kootenai Health, a major US healthcare provider, fell victim to hackers.

How it happened: Attackers infiltrated the company’s infrastructure using ransomware. They then encrypted files and leaked customer and employee PII including: age, passport information, social security number, driver’s licence and medical records.

According to the researchers, the attackers infiltrated the company back in February 2024, but the problem was not discovered until August 2024. As a result, about 500,000 people were affected by the leak.

Microsoft’s unexpected day off

What happened: there was a global outage of Microsoft services.

How it happened: on 30 July, many Microsoft services and applications were unavailable: Azure, Outlook, Minecraft, Entura and Microsoft Intune, etc. This disrupted many organisations: courts, utilities, banks and medical facilities around the world!

Microsoft has openly stated that the disruption was due to a DDoS attack, and that their security measures only amplified the scale of the attack rather than mitigating it. A previously unknown group of hacktivists claimed responsibility for the outage.

The company also said it had configured Azure Web Application Firewall, a means of defending against such attacks. It’s unclear why the global IT giant didn’t install a web application firewall earlier.

Cleaner than pure

What happened: Hackers remotely wiped data from the devices of students around the world.

How it happened: Attackers compromised Mobile Guardian, a developer of MDM systems for the education sector. It develops cross-platform software to filter traffic, monitor student activity, and remotely manage devices.

According to the company, there was a cyberattack on 4 August which resulted in hackers gaining access to Mobile Guardian’s platform. The capabilities gained were not used to steal data, but to delete it. For example, in Singapore, data was deleted from 13,000 devices, and it ended with the cancellation of a contract with the country’s Ministry of Education.

The company, alas, gave up: after the attack, it completely shut down its management servers, so users cannot log in to Mobile Guardian, and students are restricted from accessing their devices.

Beavers attack!

What happened: Nexera’s blockchain infrastructure was attacked by hackers.

How it happened: on 7 August, unknown attackers hacked into the system for managing Fundrs smart contracts using the BeaverTail malware. This is how they were able to steal 47 million Nexera infrastructure tokens — NXRA worth $1.76 million.

The attackers cashed out 15 million tokens worth $450,000, while the Nexera team managed to remove the other 32 million from circulation. After that, the company suspended trading of its tokens on decentralised exchanges and recommended other platforms to do the same. However, this led to an 86% drop in the token price.

l’m Not Lovin’ It

What happened: hackers stole nearly $700k from McDonald’s subscribers.

How it happened: a hacker group hacked into McDonald’s Instagram account and advertised a fraudulent cryptocurrency token there. It was called the same name as one of the company’s mascots, Grimace.

The advertisement did its job, and the capitalisation of the token instantly grew from a few thousand to $25 million. After that, the fraudsters sold their tokens, thus earning about $700 thousand in the cryptocurrency Solana (SOL). The value of the token itself fell to $65 thousand.

In the end, the company was able to return his account, but in the description of his profile for some time ‘hung’ gratitude from hackers for cryptocurrency. McDonald’s apologised to subscribers for the incident.

IS tip of the month: After a relaxed summer and vacation season, your data storage could be in disarray: what new critical data is there and where is it now? But what’s more important is who has access to it and can edit an important file without permission? The DCAP system will help you clean up your storage and prevent data misuse.