[Security Weekly] Fashion Retailer Guess Hit By Ransomware, Personal and Financial Data Compromised
3rd Week of July 2021
1. Fashion retailer Guess hit by ransomware, personal and financial data compromised
US-based fashion retailer Guess announced a data breach where the personal and financial data of more than 1,300 employees and contractors were compromised in a ransomware attack back in February.
In a data breach notification letter sent to the Maine Attorney General, Guess disclosed that the leaked data included sensitive personal information such as social security numbers (SSN), driver’s licence numbers, and passport numbers. Additionally, financial information such as bank account numbers and payment card numbers accompanied by security codes were also compromised. Guess reassured that this only affected 1,300 employees and that data of customers were safe.
The letter also suggested that the threat actors gained access to Guess’ IT network between February 2 and 23. After months of investigations, all victims were identified on June 3. Guess announced that all victims will receive one year of free credit monitoring service.
Although not confirmed by the company, it appeared that the attack was initiated by the DarkSide ransomware gang, who claimed to have stolen 200 GB of data from Guess on its leak site in April.
Sources: ZDNet, Threatpost
2. Mint Mobile discloses customer data breach and unauthorized number porting
Mint Mobile, a US telecommunications service provider, revealed a data breach incident in a notification letter sent out to its customers on July 10.
Mint Mobile stated in the letter that an unauthorized person ported some phone numbers of Mint Mobile customers to a different service provider. It also noted that the attacker may have accessed its customers’ personal information, including names, home addresses, phone numbers, email addresses, account numbers and passwords, billing details, and subscription plans.
Even though Mint Mobile did not mention how the attacker gained access to such information, it was likely that the user accounts were compromised. Mint Mobile warned all its customers to change their passwords immediately and to be aware of phishing attacks.
Porting phone numbers to a different provider also means that the attacker could use that phone number to receive text messages for multi-factor authentication. Therefore, affected customers were also advised to change the login credentials to all accounts associated with the ported phone number.
Sources: Bleeping Computer, AppleInsider
3. WooCommerce SQL injection zero-day vulnerability risks user data
WooCommerce, a popular eCommerce platform designed for and owned by WordPress, revealed a zero-day vulnerability that could be exploited to gain access to user databases. The vulnerability affected WooCommerce releases 3.3 to 5.5, as well as WooCommerce Blocks releases 2.5 to 5.5.
Installed on over 5 million websites worldwide, WooCommerce allows website owners to create online stores within WordPress. WooCommerce Blocks is a plugin that enables users to display their product information in blocks, currently installed on over 200,000 sites. The vulnerability, estimated to have a CVE score of above 8, allowed attackers to inject malicious code into the SQL queries and retrieve data from the servers. This could compromise sensitive data such as customer data and payment card information.
WooCommerce is still investigating the scale of the attacks. Even though no evidence of data compromise has been found, some users reported having seen a spike in website traffic and failed login attempts. WooCommerce started to roll out a series of emergency patches beginning on July 14. Since the vulnerability affected up to 90 versions, customers are advised to upgrade to the latest version in order to receive the patch sooner.
An advanced web application firewall (WAF) like WAPPLES can effectively safeguard websites from all kinds of web attacks such as SQL injection and cross-site scripting, protecting users from such zero-day vulnerabilities.
Sources: Threatpost, Bleeping Computer
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security