Discord suffers data breach
The popular VoIP and instant messaging social platform has suffered a data breach that has resulted in unauthorized access to a third-party customer service agent’s support ticket queue, potentially exposing users’ email addresses, the contents of customer service messages, and any attachments sent to Discord support. In response to the incident, the company immediately deactivated the compromised account and analyzed the impacted machine to determine if it was infected with malware.
Car location data of 2 million Toyota customers exposed for ten years
A data breach that occurred on Toyota’s cloud environment exposed the car-location information of more than two million customers between November 6, 2013 and April 17, 2023. The data breach resulted from a database misconfiguration that allowed anyone to access its contents without a password. This incident exposed the information of customers who used the company’s T-Connect G-Link, G-Link Lite, or G-BOOK services. “T-Connect is Toyota’s in-car smart service for voice assistance, customer service support, car status and management, and on-road emergency help. The information exposed in the misconfigured database includes the in-vehicle GPS navigation terminal ID number, chassis number, and vehicle location information with time data.”
Swiss tech giant ABB confirms ‘IT security incident’
The company confirmed on Friday that it is dealing with “an IT security incident” affecting some of its offices and systems globally, but would not say if this involved ransomware. However, BleepingComputer reported on Thursday that the Black Basta ransomware group attacked the company on May 7. Multiple anonymous sources told the news outlet that the ransomware attack targeted the company’s Windows Active Directory and affected hundreds of devices. ABB is the developer of numerous SCADA and industrial control systems (ICS) for energy suppliers and manufacturing, raising concerns about whether data was stolen and what it contained.
(The Record and Bleeping Computer)
Personal info of 90k hikers leaked from French tourism company
The Cybernews research team has discovered data on a publicly accessible datastore with more than 4GB of information belonging to clients of La Malle Postale. “The leaked information included names, phone numbers, emails, private communication via SMS messages, passwords, and employees’ credentials.” As Security Affairs reports, “founded in 2009, La Malle Postale provides luggage and passenger transportation services on many popular hiking routes, including the famous Santiago de Compostela pilgrimage trail.”
Thanks to this week’s episode sponsor, Hunters
Musk appoints new Twitter CEO, NBCU’s Linda Yaccarino
Musk confirmed Yaccarino’s new role via a tweet Friday morning, adding he is “looking forward to working with Linda to transform this platform into X, the everything app.” Yaccarino announced on Friday morning her departure from her role as chairman of Global Advertising & Partnerships at NBCU. Yaccarino worked at NBCU since 2011. Before that, she spent nearly 20 years at Turner as an executive vice president in advertising. In 2018, she was appointed by former president Donald Trump to the President’s Council on Sports, Fitness and Nutrition.
Companies to pay over faked net neutrality comments
Three companies that were accused of falsifying millions of public comments to in their pursuit of the 2017 federal repeal of net neutrality rules have agreed to pay $615,000 in penalties to New York and other states. This is according to New York’s attorney general, speaking on Wednesday. The penalties are a result of an investigation by the New York state Office of the Attorney General which determined that the bogus comments used the identities of millions of consumers without their knowledge. The three companies provide digital lead-generation services, collecting personal information from consumers and then selling it to third parties as leads.
(AP News)
Last week in ransomware
Last week saw the emergence of two new ransomware families, Cactus and Akira. The Cactus operation launched in March and exploits VPN vulnerabilities to access corporate networks. Akira uses a 90’s-looking data leak site that requires the entering of commands like using a Linux shell. In addition last week, the Money Message ransomware operation published source code belonging to MSI, which contained private keys for Intel Boot Guard. The City of Dallas continues to do battle with the aftereffects of a Royal Ransomware attack, and the town of Lowell, Massachusetts suffered from a Play ransomware attack – the same group that attacked Oakland CA. This signifies a growing trend of ransomware groups attacking US cities. Research and reports last week covered a new White Phoenix decryptor can be used to partially recover data encrypted by ransomware using intermittent encryption; SentinelOne found that nine different ransomware operations used the leaked Babuk source code to create VMware ESXi encryptors; and a joint advisory between the FBI and CISA disclosed that the Bl00dy Ransomware gang is exploiting PaperCut servers in the education sector.