(In) Secure Digest: the Unprotected Server, the Marine Data Leak and a Supply Chain Attack

It's time to share our traditional monthly roundup of major IS incidents. In May's edition, we'll reveal: the case of an unscrupulous medical company; accidental data leak caused by the SaaS vendor; consequences of the India's largest electronics manufacturer negligence.

ANALYTICAL MISCALCULATION

What happened: major US company Sisense fell victim of a cyberattack.

How it happened: on 11 April, the US Cybersecurity and Infrastructure Protection Agency (CISA) reported that a major US company, Sisense, was hacked. 

The company’s sphere of business activity is the development of business intelligence software. The list of company’s clients include some of the world's largest enterprises: Nasdaq, Philips Healthcare, Verizon, Air Canada and others.

The incident came to light thanks to unnamed researchers. They notified CISA about the leak of Sisense customer data. A preliminary investigation revealed that critical infrastructure organizations in the US were affected. 

No other details on the incident are not known yet

The regulator representatives advised Sisense customers to change all credentials and access tokens, related to the company's tools and services. Researcher Brian Krebs later shared a Sisense message that was distributed among the private customer mailing list. In their message, the company officials duplicated the regulator's recommendations and confirmed the leak of customer data.

SORRY, ITS OPEN!

What happened: Microsoft left one of the internal development servers of the Bing search engine unprotected and publicly available.

How it happened: SOCRadar researchers found an unprotected and publicly available Microsoft server. It was hosted on Microsoft's Azure cloud service and internal information was kept there. The data set included: code, scripts, passwords, user credentials, which Microsoft employees used to access other internal systems.

Although researchers notified Microsoft of the problem on 6 February, the issue hadn’t been solved until 5 May. It is unknown whether anyone except the researchers had accessed the server, as it wasn’t password-protected. The similar case happened earlier in 2020.

INCOGNITO, RIGHT?

What happened: Google will delete billions of records on Chrome browser Incognito mode users.

How it happened: In 2020, a $5 billion class action lawsuit was filed against Google for collecting Chrome browser Incognito mode users’ data. The corporation representatives initially wanted to seek a pre-trial settlement, but the judge denied the request. She argued that the description of the ‘Incognito’ mode didn’t fully notify users of the company's actions.

Finally, Google agreed with the plaintiffs on an agreement, according to which the corporation would update the description of the start page of the ‘Incognito’ mode, as well as delete some data on Incognito mode users. In addition, a spokesperson for the corporation said that the company was “happy to delete old technical data that was never associated with an individual and was never used for any form of personalization”.

INSIDER-STYLE DATA LEAK

What happened: data of 7.5 million customers of Indian electronics maker boAt leaked.

How it happened: on 5 April, a hacker with ‘ShopifyGUY’ nickname uploaded a database on Indian company boAt customer on the darknet. The data set included the following customer details: names, addresses, phone numbers, emails, etc. 

The hacker claimed, that the leak occurred back in March and affected 7.5 million of the company's customers.

The Indian company’s representatives told that the investigation was in process, but didn’t reveal any details. However, according to media reports, the leak occurred due to employees’ negligence.

Initially, experts doubted the authenticity of the data as the value of the leaked database was only $2. However, lately, several Indian media outlets have confirmed the authenticity of the information.

MARINE HACK

What happened: cybercriminals hacked MarineMax yacht retailer and gained access to sensitive information on its customers and employees.

How it happened: on 1 April, MarineMax, the world's leading yacht retailer representatives claimed that an unknown third party managed to gain unauthorized access to portions of company’s information environment. As a result of the incident, some business processes were disrupted and some sensitive data, including personal details, was leaked.

The Rhysida group claimed responsibility for the attack and put the company's database up for sale for 15 BTC (roughly $1 million). As proof of authenticity, the group shared several screenshots, containing the following: MarineMax's financial documents, employees' driving licences, employees’ passports and more.

PANDAS AT RISK 

What happened: Trading platform PandaBuy fell victim to a cyberattack that resulted into leak of  data on more than a million of customers.

How it happened: On 1 April, two malicious actors, known as Sanggiero and IntelBroker uploaded the database of major online platform PandaBuy to the darknet. The attackers managed to steal such information as: full name, user ID, phone number, IP address, order dates and numbers, home address, postcode, etc.

The hackers claimed that ‘The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website’.

The company itself has yet to comment on the leak, but PandaBuy is reportedly trying to cover up the incident by censoring user posts on Discord and Reddit.

OUTSIDERS AT HOME 

What happened: US retail chain The Home Depot fell the victim of a supply chain attack.

How it happened: On 4 April, a hacker, known as ‘IntelBroker’ uploaded The Home Depot's database to the darknet. According to the hacker's own statement, it contained the corporate data on about 10,000 employees of the retail chain.

The Home Depot did not deny the leak. The company officials stated that the leak occurred due to a mistake made by the employees of one of its SaaS vendors, who inadvertently provided a small sample of data (names, emails, user IDs) about employees during system testing.

TOTAL LACK OF MEDICAL CONFIDENTIALITY

What happened: healthcare company Cerebral was fined $7 million for sharing sensitive data.

How it happened: the US Federal Trade Commission (FTC) has fined telemedicine company Cerebral for passing sensitive customer information to third parties for advertising purposes.

According to the regulator officials, Cerebral transferred data on more than 3 million users to platforms such as LinkedIn, Snapchat and TikTok. The data was collected via a website, which utilized tracking apps and services. The data transmitted included names, medical information, addresses, phone numbers, dates of birth, IP addresses, insurance information and other details.

E-mail me when people leave their comments –

SearchInform is a 100% private company that develops risk management products being one of the industry leaders. More than 4,000 companies across 20+ countries are SearchInform clients. The development team has been creating search technologies for unstructured data since 1995 and started developing information security solutions in 2004. Today, the team has products and services for comprehensive protection against insider threats at all levels of corporate information systems.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

Community Guidlines


GlobalRisk Community Guidelines

The purpose of the Global Risk Community is to foster business, networking, and educational exploration among members. We reserve the right to remove any content or to ban a participant who does not follow the spirit of our…

Read more…
Views: 81
Comments: 0

The quick start guide


Dear New Member,
We're super excited to have you as part of our community. Feel free to invite new people, participate in discussions, activities and share knowledge. 

Special Bonus for new member:

20% off the…

Read more…
Views: 399
Comments: 0

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead