InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Week in Breach News: 10/06/21 – 10/12/21
Twitch
https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitorExploit: Hacking
Twitch: Streaming Platform
Risk to Business: 1.402 = Extreme
Leading streaming and gaming platform Twitch has been hacked. Source code for the company’s upcoming expansion to its streaming service, an unreleased Steam competitor from Amazon Game Studios, has appeared on message boards as well as data that details the terms and amounts of content creator payouts. Ann anonymous poster on the 4chan messaging board delivered the data in a 125GB torrent. That poster also claimed that the stream includes the entirety of Twitch and its commit history including the aforementioned creator payouts, twitch.tv, source code for the mobile, desktop and video game console Twitch clients, code related to proprietary SDKs and internal AWS services used by Twitch, data on other Twitch properties like IGDB and CurseForge and, details about the AGS project and information about the platform’s internal security tools.
Customers Impacted: Unknown
How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and this data will appeal to many different cybercriminal operations.
MoneyLion
Exploit: Credential StuffingMoneyLion: Financial Services Platform
Risk to Business: 1.712=Severe
That old favorite credential stuffing makes an appearance this week with an attack on the financial services platform MoneyLion. The Utah-based fintech company provides mobile banking services for borrowing, saving, and investing money. MoneyLion informed customers that “an unauthorized outside party appears to have been attempting to gain access to your account on the application using an account password and/or possibly email address that appear to have been potentially compromised in a prior event”. The data breach notice outlined the attacks as taking place over the course of several weeks spanning June and July 2021. The company assured users that no information was stolen.
Customers Impacted: 8.5 million
How It Could Affect Your Business: Credential stuffing is a classic that is even easier these days thanks to the huge amount of data that includes huge batches of stolen passwords available on the dark web.
Next Level Apparel
https://portswigger.net/daily-swig/us-clothing-brand-next-level-apparel-reports-phishing-related-data-breachExploit: Phishing
Next Level Apparel: Clothing Manufacturer
Risk to Business: 2.771 = Moderate
Next Level Apparel, a US-based clothing manufacturer, has announced that several of its employee accounts were compromised in a phishing attack. In a press release late last week, the company noted that cybercriminals were able to access the contents of several employee email accounts at various times between February 17, 2021, and April 28, 2021, including viewing customer and employee PII although the company could not confirm that any data was stolen.
Individual Risk: 2.802 = Moderate
Next Level Apparel noted that the customer and employee data accessible through the compromised accounts included names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information.
How It Could Affect Your Business: More than 80% of reported security incidents in 2020 were phishing-related, making this the biggest cyberattack vector for every business.
United Kingdom – Welland Park Academy
https://www.bleepingcomputer.com/news/security/fired-it-admin-revenge-hacks-school-by-wiping-data-changing-passwords/Exploit: Hacking
Welland Park Academy: Secondary School
Risk to Business: 2.883 = Moderate
Hell hath no fury like an IT employee scorned, as Welland Park Academy discovered after a fired IT admin entered its environment and wreaked havoc. After his termination, the former employee wiped data on the school’s systems and changed all employee credentials. These actions made it impossible for the school to conduct distance learning. The same malicious individual also took revenge on the next company fired from, creating lockout chaos and wiping data at an unnamed IT company, as well as mucking up the company’s phone systems.
Customers Impacted: Unknown
How It Could Affect Your Business: Malicious insider threats are a hazard that very business should remember, because vengeful employees can do serious damage quickly.
United Kingdom – The Telegraph
https://www.bleepingcomputer.com/news/security/the-telegraph-exposes-10-tb-database-with-subscriber-info/Exploit: Misconfiguration
The Telegraph: News Organization
Risk to Business: 2.122=Severe
UK news giant The Telegraph is in hot water after researchers discovered an unsecured database that exposed an enormous amount of information, an estimated 10 TB of data. Much of the data appears to apply to Apple News customers. The researcher who discovered it noted that at least 1,200 unencrypted contacts were accessible without a password. The Telegraph announced that it quickly secured the database as soon as it was informed of the issue, which impacted less than 0.1% of its subscribers.
Risk to Business: 2.801=Moderate
The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens and unique reader identifiers, mostly for users who accessed The Telegraph through Apple News.
How it Could Affect Your Business: It pays to make sure that companies are building a strong security culture to discourage neglectful practices.
Scotland – Weir
https://www.bbc.com/news/uk-scotland-scotland-business-58801753Exploit: Ransomware
Weir: Heavy Equipment Manufacturer
Risk to Business: 1.616 = Severe
Scottish heavy equipment company Weir was hit with a ransomware attack. The BBC reports the company was essentially shut down briefly by the incident, which took place sometime in September 2021, forcing the company to delay shipments of mining equipment worth more than £50m in revenue. The company noted in its release that because the attackers did not exfiltrate or encrypt any data, it was confident that no financial or sensitive data had been stolen about employees or customers.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want to steal data anymore. They’re also more than happy to shut down production lines to obatain ransoms.
Scotland – BrewDog
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit: Misconfiguration
BrewDog: Bar and Restaurant Chain
Risk to Business: 1.615 = Severe
Scottish bar and restaurant chain BrewDog was responsible for exposing the data of 200,000 shareholders and customers, The company, famous for its crowd-ownership model as well as its beer, exposed that data over an 18-month period through a glitch in its mobile app that hard-coded authentication tokens for users into the mobile application instead of being transmitted to it following a successful user authentication event. Interested parties could simply append any customer ID to the end of the API endpoint URL and access sensitive PII (personally identifiable information) for that customer.
Individual Risk: 1.701 = Severe
Potentially exposed customer/shareholder details include, the customer’s name, date of birth, email address, gender, all previously used delivery addresses, telephone number, number of shares held, shareholder number, bar discount amount, bar discount ID, number of referrals and types of beer previously purchased
How it Could Affect Your Business: Having this data exposed through a blunder will hurt the reputation of a company that relies on customers as investors to stay in business.
Hong Kong – Fimmick Limited
https://www.zdnet.com/article/hong-kong-firm-becomes-latest-marketing-company-hit-with-revil-ransomware/Exploit: Ransomware
Fimmick Limited: Marketing Company
Risk to Business: 1.631 = Severe
Hong Kong marketing firm Fimmick has been hit with a ransomware attack that is purportedly the work of REvil. Cybersecurity researchers caught wind of the incident after REvil claimed to have burglarized Fimmick’s databases, snatching data that pertained to Fimmick’s work with a number of major brands. Sample data provided on REvil’s website as proof of the hack included data pertaining to the company’s work with Cetaphil, Coca-Cola and Kate Spade.
Customers Impacted: Unknown
How it Could Affect Your Business: Companies that provide services like this are especially tasty targets for ransomware gangs because even if they don’t pay the ransom their data on other businesses opens new doors.
About the author
