As summer’s second month wraps up, we hope you have had some time to relax or are heading off on a vacation. To add a splash of excitement to your workdays, we share a compilation of sizzling summer IS incidents. In this edition: the latest twist in the Snowflake saga, the adventures of robots.txt, and the case of meme-coin theft.
Showleak sequel
What happened: AT&T experienced its largest data breach ever.
How it happened: Attackers accessed AT&T's database through the company's Snowflake account. The database contained phone numbers and detailed data about 110 million customers' incoming and outgoing SMS and calls.
According to Mandiant, the attack was caused by insufficient account security. The hackers used infostealers to obtain login data. Meanwhile, the client companies had not been using an available MFA function.
Initially, the attackers wanted to get $1 million for deleting the stolen database, but in the end, they were paid $370,000. One of the alleged hackers has been detained. The search for accomplices continues.
AT&T claims that right after the leak was discovered, the company cooperated with IS experts and notified the relevant authorities, including the U.S. Department of Justice, which allowed it to postpone a public announcement until recently due to potential national security risks.
Earlier, we wrote about the Snowflake hack, which impacted TicketMaster. Hacker forums are still selling stolen data, including tickets for upcoming concerts by popular musicians. Snowflake's clients are mostly the world's largest companies: AT&T and HP, so their data might already be compromised as well.
Looks like i am famous
What happened: A computer hardware manufacturer accidentally leaked customer data.
How it happened: In early June, the YouTube channel Gamers Nexus released a video titled “Zotac's Big Mistake,” revealing that Zotac's private data, such as invoices, addresses, customer contact information, and requests, were indexed by search engines. This meant that the information became publicly accessible when searching for terms like “Zotac RMA.”
This likely happened due to the misconfiguration of the robots.txt file, which guides web crawlers on what should or should not be indexed.
The incident was initially discovered by one of Gamers Nexus' viewers. He came across his personal data online and reported it to Zotac. The response to this particular request was quick, but the broader issue remained unresolved. Only the affected viewer's data disappeared from the search engine.
To bring attention to the issue, the concerned viewer contacted Gamers Nexus, and the channel shared this news. Zotac only fully addressed the problem and removed the leaked data after the situation attracted significant attention and criticism from business partners on social media.
Schrödinger’s villian in disney
What happened: Disney fell victim to a hacker attack.
How it happened: On June 12, a post with more than a terabyte of confidential Disney data appeared on a hacker forum. The leak included images, accounts, code, marketing materials, information about upcoming projects, employee correspondence, and data related to Disneyland Paris.
The attackers claimed that they were assisted by an insider who backed out at the last minute. Nevertheless, with the help of an insider or not, the hackers were able to access information from the corporate messenger Slack.
The group, which refers to itself as hacktivists, stated that their attack on Disney was targeted. They claimed their motives were to "protect the rights of artists," "ensure fair compensation for their work," and address the company's treatment of employees and consumers. Disney is currently investigating the incident.
Crypto heist
What happened: Hackers stole $235 million from the Indian crypto exchange WazirX.
How it happened: The incident was revealed on July 18, when the crypto exchange reported it on its social media. The hackers managed to compromise a multi-signature wallet, which requires the approval of at least two signatories to authorize transactions. There were six signatories in total: five from WazirX and one from Liminal, a company specializing in digital asset management and providing multi-signature wallets.
The attackers exploited a discrepancy between the interfaces used by the two parties. According to WazirX, the cyberattack occurred due to a mismatch between the data shown in the Liminal interface and the actual transaction details.
In the end, the hackers withdrew $235 million in various cryptocurrencies, including SHIB, PEPE, Ethereum, Matic, USDT, and Gala. Media reports also indicate that the attackers are using the decentralized exchange Uniswap.
In response to the incident, WazirX has suspended cryptocurrency withdrawals and said it is actively investigating the incident, promising to provide updates as more information becomes available.
We win and lose… confidential data together
What happened: The Fédération Internationale de l'Automobile (FIA) was hit by a hacking attack.
How it happened: On July 3, a statement regarding a recent data incident appeared on the FIA website. The Formula 1 organizer revealed that a phishing attack led to unauthorized access to two email accounts, compromising the personal data contained within them.
The FIA did not provide further details about the breach, such as what specific data was exposed or stolen, when the attack was discovered, or for how long the hackers had access to their systems.
However, the organization highlighted that it has taken additional security measures to prevent similar attacks in the future and expressed regret for any inconvenience caused to those affected.
A team to kill & a team to heal
What happened: Rite Aid, the third-largest pharmacy chain in the U.S., faced a cyberattack.
How it happened: On July 12, the company told the media that it was investigating the June IS incident and began notifying affected parties. The company has hired third-party security specialists to restore its systems and assist with the investigation.
Rite Aid did not specify what data was compromised but assured that health and financial information were not affected by the incident.
Later, a hacking group claimed responsibility for the incident. On their darknet website, the attackers reported capturing 10 GB of information with 45 million rows of data, including names, IDs, addresses, dates of birth, and information from a rewards program.
According to the media, this hacker group targets companies that refuse to pay ransom demands. The stolen data is then sold on their site, often in an auction-style format.
Ain’t no mfa secure enough to keep me from getting to you
What happened: The data of the Twilio Authy multi-factor authentication service users were leaked.
How it happened: Unknown attackers exploited a vulnerability in the system to obtain users' phone numbers, account statuses, and information about connected devices. This stolen data was then listed for sale on a hacker forum.
During the attack, an unprotected API endpoint was exploited. The hackers input a vast amount of phone numbers into it. If a number was valid, the endpoint returned information about the associated accounts.
Twilio swiftly addressed the issue by shutting down the vulnerable endpoint and blocking unauthorized requests. The company also published a blog post advising users to update their software to enhance security.
Cyber brawl stars
What happened: Data from attendees of the Roblox developers' conference was revealed.
How it happened: In early June, the company started sending out messages warning about a data leak, which affected attendees of the 2022, 2023, and 2024 Roblox developer conferences.
One of Roblox's partners responsible for user registration was hacked.
Roblox stated that one of the vendors notified the company that its website had unauthorized access to Roblox user information from the 2022-2024 Developer Conference attendee list.
The stolen data included full names, email addresses, and IP addresses. According to Have I Been Pwned, 63% of the emails were new and had not been involved in previous leaks. Roblox has taken measures to prevent future incidents.
IS tip of the month: IS Tip of the Month: Summer is the traditional holiday season, but not for cybercriminals and insiders. These “hard-working” fellows are eager to take advantage of the colleagues’ absence or the holiday rush of IS specialists. The DCAP system can help you counteract these “all-season workers” and reduce IS risks. Try it free for 30 days at this link!
Comments