[Security Weekly] Personal Data of 500 Million LinkedIn Users Posted for Sale Online

cover image

3rd Week of April 2021


1. Personal data of 500 million LinkedIn users posted for sale online

Less than a week after a massive data breach affecting 533 million Facebook users, the personal data of over 500 million Linkedin users were found to have been uploaded on a popular dark web forum for sale.

The leaked data contained personal information listed on the victims’ profile page, including LinkedIn IDs, full names, email addresses, phone numbers, workplace information, job titles, and other profession-related information. To prove their words, the threat actors uploaded a sample subset of 2 million user data available for only $2.

LinkedIn confirmed the incident on April 8. It stated that the data leak was not caused by any sort of cyberattacks on its IT system, but was instead the result of web scraping. As such, the leaked data only contained personal information that was publicly displayed on the victim’s profile page.

Nevertheless, large numbers of personal data like this can still be used by malicious actors to conduct social engineering attacks and phishing, as well as for unauthorized targeted marketing activities.

Sources: Threatpost, SC Media


2. Ransomware attack leads to food shortage at Dutch supermarkets

Bakker Logistiek, a food logistics giant in the Netherlands, suffered a ransomware attack over the weekend of April 3, resulting in a series of food shortages at supermarkets across the country.

A director at Bakker Logistiek confirmed the incident, stating that the attack had greatly impacted the company’s internal IT systems and halted logistics services. The delivery for cheese was particularly affected, having been put on hold for three days. Albert Heijin, the largest grocery chain in the Netherlands with over 1,000 locations, announced on its website a major shortage of cheese at its stores.

Bakker Logistiek later commented that the attackers likely gained intrusion by exploiting the Microsoft Exchange Server vulnerabilities, making it one of the dozens of victims affected by the supply chain attack.

The company’s operations resumed nearly two weeks following the incident. Yet it is unclear whether the company ended up paying the ransom.

Sources: Threatpost, Infosecurity


3. South African logistics firms targeted by Lazarus Group’s new malware

On April 8, cybersecurity firm ESET discovered two machines infected with a new backdoor malware. Both machines belonged to an unnamed logistics company in South Africa.

After investigations, evidence suggested that the malware was deployed by Lazarus Group, the infamous North Korean state-sponsored APT. This new backdoor, dubbed Vyveva, was likely deployed and used for a variety of espionage campaigns.

Vyveva can gain access to files from its infected machines and exfiltrate them. It also allows the attacker to connect the device to a command-and-control (C2) server remotely and run arbitrary code.

Sources: ZDNet, Bleeping Computer


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security