Leaked voice recordings reveal customers and staff exchanging security questions.
02 October 2023A total of 17 breaches
were found and analysed resulting in 2,028,772 leaked accounts
containing a total of 20 different data types
. The breaches found publicly and freely available included Sphero, Cyber Photo, Comp and Save, Cover King and ICT Billet. Sign in to view the full
BreachAware
Breach Index which includes, where available, reference articles relating to
each breach.
SPOTLIGHT
A third-party company that works closely with T-Mobile experienced a data breach back in April resulting in their data being dumped. With an annual revenue of $115 million, the company was founded in 1999 and has been working closely with T-Mobile as a nation-wide retailer. The information disclosed by the company stated an unauthorised party gained access to their systems and managed to download 409GB of files, including recorded phone calls of real customers ringing up T-Mobile stores across the United States. These recordings are what you would expect from a recorded phone call, and while on the call, customers and staff exchanged security questions as well as comments about the weather.
A vast amount of information that can’t be gleamed from text in a file is exposed here. Such as voice tone and how a person speaks and acts in the real world. Employees were also impacted by the breach with a huge range of data types exposed. T-Mobile has a long history of security indicators; let's hope this is the last for the sake of their customers.
A social media company that was breached back in 2013 has seen a resurgence of scammers and threat actors reposting their data to dubious underground forums. The company in question was founded back in 1998 as a social planning website for sending invitations to weddings, parties, etc. In 2019, a threat actor dumped their data online, since then, it has been in and out of circulation. The type of clientele who use this site could still be using the same password from 2013. Unfortunately, the passwords were stored in plain text.
A threat actor on a Russian-speaking forum is selling access to Sony social media accounts via a third-party portal - allowing access from any IP address. The threat actor highlights direct access to their customer base via direct messages. $1500 is the price for access.
Sony isn’t having a good time at the moment due to a new ransomware gang that only appeared last month claiming to have “successfully compromised all of Sony systems”. While this is unlikely because Sony is not just one company but several, and I doubt they host all of their stuff on one server? They have posted some form of proof for example screen shots of power points and a file tree have been posted online. I guess we’ll have to watch this space to see what happens.
VULNERABILITY CHAT
Google has given an existing vulnerability, originally classified as a Chrome bug, a new CVE ID with the highest security level as it affects significantly more applications than first thought. The WebP (image file format) vulnerability can allow the execution of malicious code in the background that could then install malware.
4 Common Vulnerabilities and Exposures (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including JBoss RichFaces Framework (Red Hat) and Multiple Products (Apple).
See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
INFORMATION PRIVACY HEADLINES
Primary school children in Guernsey are being taught about data protection with the help of a new book published by The Office of the Data Protection Authority (ODPA). The book tells the story of Warro the data bear and her companion Bijou the blue tit with the aim of introducing children to the concept of personal data and how it is used in everyday lives
Published by local company Blue Ormer, “Warro goes on an adventure” will be launched with a reading for schoolchildren at the Guille Alles Library on 25th September. The book is part of the ODPA’s programme for children and young people, Project Bijou Seeds, an offshoot of the social initiative Project Bijou.
Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan
DATA CATEGORIES DISCOVERED
Contact Data, Technical Data, Locational Data, Socia-Demographic Data, Communications Data, Financial Data, National Identifiers, Social Relationships Data.