[Security Weekly] Personal Data of 142 Million MGM Hotel Guests For Sale on the Dark Web
3rd Week of July 2020
1. Personal data of 142 million MGM hotel guests sold on the dark web
On July 12, records of over 142 million guests who have stayed at the MGM hotel chain were posted on a dark web forum for sale at a price of US$2,936.76, a scale as large as the entire population of Russia.
These records appeared to come from a data breach that happened back in the summer of 2019, where hackers obtained unauthorized access to one of the hotel chain’s cloud servers. MGM Resorts International did not disclose the breach until February 2020, when 10.6 million customer records were uploaded on the dark web for free download. However, at that time, MGM did not reveal the full scale of the breach.
Compromised data included personally identifiable information such as names, dates of birth, addresses, phone numbers, and email addresses. Fortunately, financial information and social security numbers were not leaked. Nevertheless, the leaked data could easily be used to launch mass-scale phishing attacks and lead to identity thefts.
Customer records are a very attractive target for cybercriminals. Whether these data are kept in cloud or on-premises servers, it is always necessary to protect them with an encryption solution. D’Amo is a data protection solution that offers an optimized encryption framework along with key management and monitoring tools, effectively preventing data breaches. Click here to learn more about D’Amo.
2. Twitter accounts of Biden, Obama, Musk, Gates, and more hacked for crypto scam
On July 15, more than a dozen Twitter accounts of high-profile politicians, entrepreneurs, celebrities, and companies were compromised by hackers and used to spread a cryptocurrency scam.
Hijacked accounts included that of Joe Biden, Barack Obama, Elon Musk, Bill Gates, Michael Bloomberg, Warren Buffet, Kanye West, Wiz Khalifa, as well as company accounts of Apple, Uber, and Bitcoin.
Posing as the account owner, the hackers tweeted that they would like to give back to the society, and asked followers to send money to a Bitcoin address, where they would receive a payback worth twice the amount immediately.
Twitter responded to the incident by removing the tweets and temporarily disabling these compromised accounts from tweeting. As of now, most accounts have been restored to normal. However, the Bitcoin address used for the scam has already gained over $110,000 from hundreds of transactions.
After investigation, Twitter later confirmed that the authentication system was fully secure and that no passwords were compromised in the attack. Instead, the attackers made the intrusion by launching a phishing attack against a high-profile employee. After getting into the employee’s corporate account, the hackers obtained access to the internal tools in the backend and used them to post tweets on behalf of the Twitter users.
3. Vulnerabilities in SETracker smartwatch app put elderly users at risk of drug overdose
Recently, security researchers have discovered several critical vulnerabilities in SETracker, a smartwatch application primarily designed for medical care purposes. The flaws could trigger elderly patients into drug overdose and lead to life-threatening consequences.
Developed by Chinese software firm 3G Electronics, SETracker is available in Android and iOS, and as of today, is downloaded over 10 million times. Installed in a wide range of third-party smartwatches, the app is commonly used by patients with dementia. It allows caregivers to track wearers’ locations through their smartphones, send reminders to the wearers to perform daily tasks, including taking medications.
Due to the vulnerabilities, hackers could easily gain access to the app and track the smartwatch wearer’s location, use the smartwatch to make calls and text messages, and send all kinds of reminders to the wearer. By doing so, hackers could easily convince patients with dementia to overdose their medications.
The SETracker development platform also provides apps for tracking vehicle conditions and those for parents to track their children.
IoT devices are attractive targets for cybercriminals. Different from traditional cyberattacks that are limited to cyberspace, attacks on IoT devices can cause real-life threats and disruptions.
4. Indian delivery startup Dunzo suffers data breach, customer data leaked
On July 11, Indian delivery company Dunzo disclosed a data breach incident that compromised one of its databases hosted by a third party server.
Funded by Google, Dunzo currently provides pickup and delivery services to nine major cities across India. A user can use its app to request a delivery person to go purchase items at any local store and have them delivered immediately. Approximately one million orders are placed through the app every month.
According to Dunzo, attackers gained unauthorized access to a database that stored customer information such as emails and phone numbers. Although yet unsure of how many users were affected, Dunzo reassured that no financial information was included in the database.
Experts advise all Dunzo users to be cautious of potential phishing attacks utilizing this compromised personal information.
5. Russian state-backed APT group targets COVID-19 vaccine research
On July 16, UK National Cyber Security Centre (NCSC), US Department of Homeland Security (DHS), and Canadian Communications Security Establishment (CSE), jointly issued a security advisory detailing their findings on a Russian advanced persistent threat (APT) group attempting to exfiltrate coronavirus-related research in all three countries.
According to the advisory, APT29, also known as Cozy Bear or Dukes, has been targeting a wide range of healthcare providers, pharmaceutical companies, and research institutions, all of which are working on developing a vaccine for COVID-19. A series of phishing and malware attacks began in April and is still going on at the moment. NCSC is confident that APT29 is directly backed by Russian intelligence.
APT29 is known for their outstanding ability at scanning for vulnerabilities in networks and making custom malware targeted at a combination of existing flaws and zero-days. It has successfully exploited vulnerabilities in commonly used business machines by Citrix, Pulse Secure, Fortigate, and Zimbra.
The advisory recommends all organizations to secure their devices and update them with the latest software patches. It also recommends adopting multi-factor authentication to property secure administrative accounts.
Penta Security’s ISign+ is an identity and access management solution that enables a single sign-on process with multi-factor authentication. ISign+ is a popular solution used by some of the largest healthcare organizations and research facilities.
Click here to learn more about ISign+.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Web Application Firewall for Cloud: WAPPLES SA
Database Encryption: D’Amo
Smart Car Security: AutoCrypt