The Week in Breach: 02/09/19 – 02/15/19

February 21, 2019

This week, Dunkin’ faces a 2nd credential stuffing attack, a Canadian photo-sharing platform discovers hack, a French cybersecurity society gets compromised, and Australian property data is leaked.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums (99%)
Top Compromise Type: Domain (99%)
Top Industry: Medical and Healthcare
Top Employee Count: 1 – 10 Employees (94%)

United States – Dunkin’ Donuts
https://www.zdnet.com/article/dunkin-donuts-accounts-compromised-in-second-credential-stuffing-attack-in-three-months/

Exploit: Credential stuffing attack
Dunkin’ Donuts: One of the world’s leading baked goods and coffee chains

Risk to Small Business: 1.777 = Severe: On February 12th, Dunkin’ Donuts announced that it suffered a credential stuffing attack back in January. This news comes just a few months after the company fell victim to a similar attack on October 31, 2018. As we’ve covered before, hackers employ credential stuffing attacks by leveraging previously leaked usernames and passwords to access user accounts. In this case, they were able to breach DD Perks rewards accounts and are putting them up for sale on Dark Web forums. Aside for the “double whammy” of two attacks within a short time-frame, loyal customers who have lost their rewards will likely bring their business elsewhere.

Individual Risk: 2.571 = Moderate: The exposed accounts contain personal information such as first and last names, email addresses, 16-digit account numbers, and QR codes. Although the accounts have been put up for sale so that buyers on the Dark Web can cash out on reward points, they can also use credentials to orchestrate further cyberattacks.

Customers Impacted: 12,000
How it Could Affect Your Customers’ Business: The trend of credential stuffing is only the first wave resulting from billions of recently leaked usernames and passwords. Companies that experience similar attacks on user accounts will be held liable, regardless of whether they are the source of the breach. To protect from future attacks, businesses must team up with security providers to ensure state-of-the-art password protection and Dark Web monitoring.

ID Agent to the Rescue: Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Find out how you can work with us here: https://www.idagent.com/dark-web/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – Truluck’s Seafood, Steak, & Crab House
https://www.cutimes.com/2019/02/14/seafood-restaurant-cards-possibly-hooked-by-hackers/?slreturn=20190117180225

Exploit: Malware injection into point-of-sale (POS) systems
Truluck’s Seafood, Steak, & Crab House: Houston-based chain restaurant

Risk to Small Business: 2.111 = Severe: Truluck’s recently disclosed a data breach notification to one of its servers, which occurred between November 21 to December 8 of 2018. The investigation has revealed that malware was injected into POS systems of 8 restaurant locations across Austin, Houston, Naples, Southlake, and Chicago. Although payment information was compromised, personal information was not stored, which means that the company will likely deal with breach-related expenses but be able to retain customers.

Individual Risk: 2.111 = Severe: Compromised information included debit or credit card numbers and expiration dates. Hackers can use such details to execute payment fraud, so previous restaurant patrons should continuously review account statements and monitor credit reports.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: The payment breach was discovered two months after it was initially conducted, signaling an opportunity for Truluck’s to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage.

ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web/

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

United States – DataCamp
https://www.tripwire.com/state-of-security/latest-security-news/datacamp-implements-partial-password-reset-after-data-security-incident

Exploit: Unauthorized system access
DataCamp: Online learning platform for data science

Risk to Small Business: 2 = Severe: Last Monday, the site announced that it had suffered a breach affecting users of the platform. A third-party was able to gain access to one of its systems, and the company has notified users, logged out all accounts, and reset passwords since then. Additionally, an investigation has been initiated to discover the exact cause of the breach and how many users are affected.

Individual Risk: 2.574 = Moderate: Personal information including names, email addresses, and optional information such as location, company, biography, education, and profile picture were exposed. This was coupled by account details containing hashed passwords, account creation dates, last sign-in dates, and IP addresses. Users should immediately reset their passwords across all associated accounts, especially if they created a complete profile on DataCamp.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: Striking the balance between convenience and security becomes increasingly difficult during a breach incident. In this scenario, DataCamp took an added precaution by logging all users out of their accounts and requesting password resets. However, it is entirely possible that users will switch over to other platforms after being inconvenienced. To maintain a loyal customer base, companies should focus on security solutions that are not intrusive to the customer’s path to purchase.

ID Agent to the Rescue: DarkWeb ID can help you proactively monitor if customer data is being leaked on the Dark Web without interrupting business processes. See how you can benefit here: https://www.idagent.com/dark-web/

Canada – 500px
https://www.engadget.com/2019/02/13/500px-2018-breach-exposed-user-data/

Exploit: Server hack
500px: Photo sharing platform

	Risk to Small Business: 2 = Severe: The online marketplace for photographers recently reported that its servers were hacked all the way back in July 2018. Everyone who signed up for account before then, which amounts to 14.8M accounts, were exposed. Although the breach has compromised personal information, passwords were encrypted, and no payment data was involved.
	Individual Risk: 2.428 = Severe: Hackers were able to access first and last names, usernames, hashed passwords, and birth-dates, along with gender and location. These details can be leveraged for credential stuffing attacks and other forms of cyber fraud, which means users should take proactive measures to reset passwords and secure accounts.

Customers Impacted: 14,800,000 users
How it Could Affect Your Customers’ Business: 500px implemented a one-way cryptographic algorithm to hash user passwords, making it almost impossible to crack into them. Other online businesses should take notice and do the same, since encrypting passwords can mitigate the burden of a breach significantly. Additionally, the company has offered to send affected users all their data on file within 72 hours, a unique proposition that all should adopt to protect and engender trust with users after a breach.

ID Agent to the Rescue: Dark Web ID offers industry-leading detection for monitoring the Dark Web and finding out how compromised data is being used by hackers. Learn how you can partner with us here: https://www.idagent.com/dark-web/

Canada – College of Physicians and Surgeons of Saskatchewan
https://www.cbc.ca/news/canada/saskatchewan/privacy-broncos-patient-records-1.5015014

Exploit: Employee breach
eHealth Saskatchewan: Electronic health record system

Risk to Small Business: 1.777 = Severe: Saskatchewan’s privacy commissioner Kruzeinski reported a breach discovered by eHealth in last April and May. Following a crash involving the Humboldt Broncos junior hockey team, seven physicians inappropriately accessed health information about the crash victims without a “need-to-know”. Upon discovery, Kruzeinski has recommended monthly audits for the violating physicians and enforcement of the “need-to-know” basis organization-wide. It remains to be seen if patients will become aware of the incident and go elsewhere for care.

Individual Risk: 2.142 = Severe: The privacy breach was contained to the victims of the car crash, but protected health information such as lab results, medications, and other chronic diseases could have been accessed.

Customers Impacted: 13 team members
How it Could Affect Your Customers’ Business: Employee breaches can be disheartening for morale and overall culture. To prevent such an incident from occurring, organizations should implement safeguards that can deny access to employees that are searching for information unrelated to their work. Although eHealth decided to monitor this specific instance due to the high-profile nature of the crash, there is no system in place for real-time detection. All companies should partner with MSPs that can offer constant monitoring to discover customer and employee data breaches in a timely manner.

France – CLUSIF
https://www.cyware.com/news/security-lapse-at-clusif-result-in-the-leak-of-personal-details-of-its-2200-members-53fc4c64

Exploit: Human error resulting in data leak
CLUSIF: Paris-based information security company

Risk to Small Business: 2 = Severe: Personal records of the cybersecurity professionals that are members of CLUSIF could have been viewed by third parties on search engines. The president explained that the incident was due to human error and would allow users searching online to gain access to the data set by typing in ‘clusif’ or ‘csv’. As an organization dedicated to cybersecurity, the ironic incident may result in members leaving.

Individual Risk: ? = To Be Determined as Investigation Progresses: Although the scope of the information that was leaked and available online is not yet known, an investigation is underway.

Customers Impacted: Up to 2,200 cybersecurity professionals
How it Could Affect Your Customers’ Business: For companies that are doing business in the cybersecurity sector, a breach caused by human error can tarnish brand reputation and reduce authority in the space. Businesses that highlight their dedication to cybersecurity should partner with security solutions that can further demonstrate, instead of denigrate, the power of breach mitigation.

ID Agent to the Rescue: Dark Web ID can help you proactively monitor if customer, employee, or member data is being leaked on the Dark Web, helping reduce the losses incurred from such a breach. See how you can benefit here: https://www.idagent.com/dark-web/

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Australia- LandMark White
https://www.smh.com.au/business/companies/home-loan-details-in-major-data-breach-20190212-p50xas.html

Exploit: Database leak
Huaxia Bank: Large property evaluation firm

Risk to Small Business: 2 = Severe: Valuations completed by the firm have been found exposed across the Internet, along with the personal information of homeowners, residents, and property agents. Since the incident, the Commonwealth Bank of Australia (CBA) and ANZ Bank have suspended Landmark White from its panel of valuers, and an investigation has begun. However, the firm believes that there is no evidence of the information being misused.

Individual Risk: 2.571 = Moderate: Everything from property valuations and details, personal contact numbers, and residential addresses could have been accessed. No bank information was compromised in the breach, but the disclosure of property data can have serious ramifications when placed in the wrong hands

Customers Impacted: Up to 10,000
How it Could Affect Your Customers’ Business: Companies that are deeply integrated in B2B operations can face severe consequences in the wake of a breach. In this scenario, two of its partners openly spoke out and suspended usage of the property valuation firm until assessing the incident. By implementing advanced search techniques that can comb the Internet and Dark Web for exposed user data, firms can avoid interrupting business processes with their partners.

ID Agent to the Rescue: Dark Web ID combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor customer data. Learn how you can partner with us here: https://www.idagent.com/dark-web/

Australia- Optus
https://www.zdnet.com/article/optus-disables-my-account-site-after-users-complain-of-privacy-breach/

Exploit: Website glitch and phishing
Optus: Telecommunications company that is looking to be first-in-market with a 5G home broadband service

Risk to Small Business: 2.111 = Severe: Optus recently disabled its website after receiving user complaints of a system glitch displaying the wrong account information. Customers report being able to see each other’s information, and others have reported receiving phishing emails posing as the company itself. Since then, the company decided to reopen its website and contact customers who might have been impacted.

Individual Risk: 2.857 = Moderate: After being able to view the names, account numbers, services, and numbers of other users, customers are concerned that the website has been hacked and their login data has been accessed. However, until recently, they were unable to change their details since the website was taken down. This news comes shortly after the company paid multiple fines and refunds for misleading customers and developing proper identity verification safeguards. Users should be on high alert, as it is quite probable that a hacker was able to gain system access.

Customers Impacted: To be determined
How it Could Affect Your Customers’ Business: As the proverb states, forewarned is forearmed. Companies that attempt to conceal a data breach can end up in the news cycle longer than normal and should instead work quickly to detect and mitigate the compromise. Without advanced detection, businesses run the risk of losing customer trust and facing additional consequences, making the benefits vs. costs assessment very clear.

ID Agent to the Rescue: Find out why the largest private and public sector organizations globally rely on Dark Web ID to provide actionable stolen credential data and make informed decisions here: https://www.idagent.com/dark-web/

In Other News:

MyFitnessPal and CoffeeMeetsBagel data go for sale on the Dark Web

After the breach of MyFitnessPal last year involving 150M user accounts, the data has finally been packaged up along with stolen credentials from 15 other websites to be sold on the Dark Web. The asking price? Less than $20,000 in Bitcoin.

Other websites included are CoffeeMeetsBagel, Dubsmash, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, Artsy, and DataCamp. In total, 617 million compromised records are involved.

Cybercriminals can combine such databases to find users who are recycling passwords across multiple sites, allowing them to hack into valuable accounts that can be leveraged for fraud. By investing in solutions that can consistently monitor the Dark Web, companies can quickly understand how hackers are planning to use exposed information and implement cybersecurity safeguards.

http://fortune.com/2019/02/14/hacked-myfitnesspal-data-sale-dark-web-one-year-breach/

What We’re Listening To:

Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e

A note for your customers:

What we can do to stop putting our data at risk of identity theft

5 quick and easy tips for updating your data security

It’s safe to say that data breaches are one of the primary threats affecting the ways in which small businesses operate. All industries face the risk of exposing valuable personally identifiable information (PII) or protected health information (PHI). To compound the matter, innovations such as Internet of Things (IoT) become deeply integrated into operations and can create additional risk.

However, to mitigate even the most advanced cybersecurity concerns, we must begin by thinking simple and effective. Here are 5 steps for proactively preventing breaches and protecting your data in the event of a compromise:

1. Foster cybersecurity team buy-in

Consider implementing an incentive program for employees who detect significant vulnerabilities in cybersecurity. Create a workplace culture that values customer and employee privacy and offer continued education.

2. Make regular updates

Schedule timely updates and involve employees in the process by sending notifications and ensuring compliance.

3. Encrypt data

By making data unreadable for hackers, SMBs can dodge hefty fines and tarnished reputations in the event of a breach.

4. Backup data

By backing up your data onto multiple servers, you can prevent information from being lost in the case of a ransomware attack. Diversifying the format of how data is stored and keeping multiple copies that are secure offers additional protection.

5. Test cybersecurity protocols

By assessing vulnerabilities and conducting penetration testing, you can anticipate weaknesses in your security. Teaming up with security providers to stay constantly alert will offer the two-pronged benefit of preventing a breach from happening in the first place and being prepared pre- and post-incident.

https://www.itproportal.com/features/before-the-breach-five-tips-for-upgrading-data-security/

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!

Categories

Tags

The Week in Breach: 02/09/19 – 02/15/19