Categories
The Week in Breach

The Week in Breach News: 06/10/21 – 12/10/21

Ransomware may make headlines, but this week’s report shows that cybercriminals aren’t limiting themselves to just one threat.



Twitch

Exploit: Hacking

Twitch: Streaming Platform

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

Leading streaming and gaming platform Twitch has been hacked. Source code for the company’s upcoming expansion to its streaming service, an unreleased Steam competitor from Amazon Game Studios, has appeared on message boards as well as data that details the terms and amounts of content creator payouts. An anonymous poster on the 4chan messaging board delivered the data in a 125GB torrent. That poster also claimed that the stream includes the entirety of Twitch and its commit history including the aforementioned creator payouts, twitch.tv, source code for the mobile, desktop and video game console Twitch clients, code related to proprietary SDKs and internal AWS services used by Twitch, data on other Twitch properties like IGDB and CurseForge and, details about the AGS project and information about the platform’s internal security tools.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Data is of immense value to cybercriminals in the booming dark web data markets, and this data will appeal to many different cybercriminal operations.


MoneyLion

Exploit: Credential Stuffing

MoneyLion: Financial Services Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.712=Severe

That old favorite credential stuffing makes an appearance this week with an attack on the financial services platform MoneyLion. The Utah-based fintech company provides mobile banking services for borrowing, saving, and investing money. MoneyLion informed customers that “an unauthorized outside party appears to have been attempting to gain access to your account on the application using an account password and/or possibly email address that appear to have been potentially compromised in a prior event”. The data breach notice outlined the attacks as taking place over the course of several weeks spanning June and July 2021. The company assured users that no information was stolen.   

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 8.5 million

How It Could Affect Your Customers’ Business Credential stuffing is a classic that is even easier these days thanks to the huge amount of data that includes huge batches of stolen passwords available on the dark web.


Next Level Apparel

Exploit: Phishing

Next Level Apparel: Clothing Manufacturer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.771 = Moderate

Next Level Apparel, a US-based clothing manufacturer, has announced that several of its employee accounts were compromised in a phishing attack. In a press release late last week, the company noted that cybercriminals were able to access the contents of several employee email accounts at various times between February 17, 2021, and April 28, 2021, including viewing customer and employee PII although the company could not confirm that any data was stolen.    

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate

Next Level Apparel noted that the customer and employee data accessible through the compromised accounts included names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business More than 80% of reported security incidents in 2020 were phishing-related, making this the biggest cyberattack vector for every business.


United Kingdom – Welland Park Academy 

Exploit: Hacking

Welland Park Academy: Secondary School 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.883 = Moderate

Hell hath no fury like an IT employee scorned, as Welland Park Academy discovered after a fired IT admin entered its environment and wreaked havoc. After his termination, the former employee wiped data on the school’s systems and changed all employee credentials. These actions made it impossible for the school to conduct distance learning. The same malicious individual also took revenge on the next company fired from, creating lockout chaos and wiping data at an unnamed IT company, as well as mucking up the company’s phone systems.   

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Malicious insider threats are a hazard that very business should remember, because vengeful employees can do serious damage quickly.


United Kingdom – The Telegraph

Exploit: Misconfiguration

The Telegraph: News Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.122=Severe

UK news giant The Telegraph is in hot water after researchers discovered an unsecured database that exposed an enormous amount of information, an estimated 10 TB of data. Much of the data appears to apply to Apple News customers. The researcher who discovered it noted that at least 1,200 unencrypted contacts were accessible without a password. The Telegraph announced that it quickly secured the database as soon as it was informed of the issue, which impacted less than 0.1% of its subscribers.  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.801=Moderate

The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens and unique reader identifiers, mostly for users who accessed The Telegraph through Apple News.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business It pays to make sure that companies are building a strong security culture to discourage neglectful practices.


Scotland – Weir 

Exploit: Ransomware

Weir: Heavy Equipment Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616 = Severe

Scottish heavy equipment company Weir was hit with a ransomware attack. The BBC reports the company was essentially shut down briefly by the incident, which took place sometime in September 2021, forcing the company to delay shipments of mining equipment worth more than £50m in revenue. The company noted in its release that because the attackers did not exfiltrate or encrypt any data, it was confident that no financial or sensitive data had been stolen about employees or customers. 

Individual Impact: No employee or customer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware gangs don’t just want to steal data anymore. They’re also more than happy to shut down production lines to obatain ransoms.


Scotland – BrewDog

Exploit: Misconfiguration

BrewDog: Bar and Restaurant Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615 = Severe

Scottish bar and restaurant chain BrewDog was responsible for exposing the data of 200,000 shareholders and customers, The company, famous for its crowd-ownership model as well as its beer, exposed that data over an 18-month period through a glitch in its mobile app that hard-coded authentication tokens for users into the mobile application instead of being transmitted to it following a successful user authentication event. Interested parties could simply append any customer ID to the end of the API endpoint URL and access sensitive PII (personally identifiable information) for that customer. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.701 = Severe

Potentially exposed customer/shareholder details include, the customer’s name, date of birth, email address, gender, all previously used delivery addresses, telephone number, number of shares held, shareholder number, bar discount amount, bar discount ID, number of referrals and types of beer previously purchased 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Having this data exposed through a blunder will hurt the reputation of a company that relies on customers as investors to stay in business.



Hong Kong – Fimmick Limited

Exploit: Ransomware

Fimmick Limited: Marketing Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.631 = Severe

Hong Kong marketing firm Fimmick has been hit with a ransomware attack that is purportedly the work of REvil. Cybersecurity researchers caught wind of the incident after REvil claimed to have burglarized Fimmick’s databases, snatching data that pertained to Fimmick’s work with a number of major brands. Sample data provided on REvil’s website as proof of the hack included data pertaining to the company’s work with Cetaphil, Coca-Cola and Kate Spade.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time, although the sample points to employee information exposure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Companies that provide services like this are especially tasty targets for ransomware gangs because even if they don’t pay the ransom their data on other businesses opens new doors.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Leave a Reply