A Week of Data Leaks

If 2020 wasn’t bad enough for world health and the economy, 2021 is off to a rocky start. Federal Reserve Chairman Jerome Powell warns that both COVID-19 and cyberattacks are spreading once again. Powell further elaborates that cyberattacks on financial institutions are the Fed’s current and biggest concern.

Last week proved to be an active week for data leaks in the industry. Powell’s warnings only leave the industry and the world alike wondering if the ‘big one’ is coming soon and how we can prepare. Here is a compilation of some of the major occurrences that transpired last week. 

Facebook’s 500 Million-User Data Leak — Everything You Need to Know

Roughly 530 million Facebook accounts were made public. Since Saturday, April 3, 2021, personal details that were revealed online included profile names, Facebook ID numbers, email addresses, and phone numbers. The details were collected prior to 2019 via the malicious misuse of a feature on the social media platform and recently made public in an online database. According to Reuters, Facebook addressed the most recent leak in a blog post on Tuesday stating that “malicious actors” obtained this information prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for syncing contacts. It is unclear if this blog post was posted and deleted because it cannot be found in the company’s blog section of their website.

Facebook settled with a $5 billion civil penalty with the U.S. Federal Trade Commission for misuse of user-base details in 2019. It was the largest civil penalty ever imposed for a violation of consumer privacy. This settlement now requires Facebook to report unauthorized access to details of 500 or more users. Incidents must be provided within 30 days of confirming an incident. However, a Facebook spokesperson stated on Wednesday that the platform does not currently have plans to notify the 500+ million account members of the most recent breach. They elaborated that they were not confident they had full visibility on exactly which users would need to be notified. Furthermore, Facebook claims the personal information from the leak is already publicly available, and even if notified, users wouldn’t be able to fix the issue. 

While Facebook has been under fire previously for violation of consumer privacy, this newest leak is just another resource in which spammers, phishers, and scammers can easily obtain everything that they need to prosper from domains that millions of users put their trust in.  

How to Check if You Were Impacted by the Facebook Data Breach

Facebook users can verify if their information was part of this breach with monitoring services like Have I Been Pwned or Have I Been Zucked. Have I Been Pwned has upped their Facebook search to include email address or linked phone number to assist in this process. It is important to note that their front page also shows 509,458,528 Facebook accounts as recently breached.

500 Million LinkedIn Profiles Are Up for Sale by Hacker Group

On the heels of the Facebook personal information leak, 500 million LinkedIn accounts have also been exposed online. The Microsoft-owned social network confirmed that they have investigated the report of the scraped data in a recent statement:

‍We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.

“An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author,” reported CyberNews. The particulars include the profile users’ first names, email addresses, phone numbers, workplace information, among other details that are included in the sale, that contains a minimum 4-digit asking price. Cyber News’ investigation team was able to confirm that the information was scraped from LinkedIn, but stated it’s unclear if it includes up-to-date LinkedIn profiles or if it was taken from a previous company breach or from other sites for that matter. 

Belden Health Benefits Data Stolen in 2020

Networking, connectivity, and cable products manufacturer, Belden, has disclosed more information relating to their cyberattack in 2020. This is believed to be a ransomware attack and it’s not known if Belden paid a ransom. In their issued statement, they disclosed that this attack also shared details about spouses, dependents, and relatives of some of their current and former employees.

"In addition to containing personal information of some current and former employees, we subsequently learned that the impacted servers also contained some personal information of some spouses, dependents and relatives of some current and former employees. Further, on or after February 9, 2021, we learned that information exposed in the incident also included health-related information.”

Some of the employee health-related specifics include names, gender, benefits details, group numbers, coverages, and the person’s relationship to the employee, while information related to health conditions or diagnoses were not believed to be included, according to Bleeping Computer. No threat actors have gone live with this breached data.

Swarmshop Hack Results in over 600,000 Leaked Stolen Credit Cards

Swarmshop, the card marketplace that sells stolen personal and payment records, fell victim to a community information breach with a database popping up on another underground forum. As a classic case of karma would have it, collected records of Swarmshop’s entire community and the stolen card data that is traded on their forum. A reported 12,344 records of nicknames, hashed passwords, contact details, activity history of sellers, buyers, and forum administrators were exposed.

This leak was discovered to have occurred on March 17, 2021, by cybersecurity company Group-IB. They found “498 sets of online banking account credentials and 69,592 sets of US Social Security Numbers and Canadian Social Insurance Numbers.” The recent Swarmshop dump has included details from 623,036 payment cards that were issued by banks around the world—U.S., Canada, Mexico, Saudi Arabia, China, Singapore, Brazil, and France.

This is also not their first time being targeted by their “peers.” In January 2020, their records were leaked by a user on yet another underground forum. Group-IB presumes it was likely motivated by revenge and the user attempted to sell the database and posted a screenshot of the card shop’s admin panel. 

Swarmshop claims that the most recent data leak was from this previous occurrence, but this recently exposed data includes the latest user timestamps. It was also requested that members changed their passwords after that 2020 debacle, in which the card shop said they fixed the bug. 

Microsoft’s Cyberattack Simulator

In a means to test security researchers and data scientists on recognizing vulnerabilities in their environments and how to handle cyberattacks, Microsoft has released a simulator named CyberBattleSim. Built using a Python-based Open AI Gym interface, CyberBattleSim creates a simulated network environment that shows how a threat actor can spread through a network laterally upon entry. 

To see how well researchers fare against AI-controlled cyber agents, they create network nodes, indicate services that run on them, identify their vulnerabilities, and detail the protection of the device. "The simulated attacker’s goal is to take ownership of some portion of the network by exploiting these planted vulnerabilities. While the simulated attacker moves through the network, a defender agent watches the network activity to detect the presence of the attacker and contain the attack," the Microsoft 365 Defender Research team behind the project shared in their latest blog post related to the project. 

"With CyberBattleSim, we are just scratching the surface of what we believe is a huge potential for applying reinforcement learning to security. We invite researchers and data scientists to build on our experimentation. We’re excited to see this work expand and inspire new and innovative ways to approach security problems." - Microsoft.

If you liked this, you might find these helpful:

https://constellix.com/news/taking-accountability-of-outages

https://constellix.com/news/overloaded-azure-dns-servers-to-blame-for-microsoft-outage

https://constellix.com/news/dns-outage-takes-down-microsoft

Main photo and thumbnail source: The Cyber Talk