Epic privacy fail: WeTransfer shared its users' files with the wrong people

Sharing files using the cloud is very convenient, but understandably, some people are hesitant to do so with sensitive or private information. These privacy-conscious folks may be looked at as "paranoid" by some, but you know what? As more and more breaches occur, it is becoming harder to trust the cloud with files. And so, the "tinfoil hat" wearers start to look quite sensible.

As an example, popular cloud-based file-sharing service WeTransfer has failed in epic fashion. You see, the company not only shared files with the intended recipients, but with random strangers too! Yes, that private information you didn't want seen by anyone other than your intended audience may have been viewed by the wrong person. Good lord.

The file sharing service sent the following email to impacted users:

"Dear WeTransfer user,

We are writing to let you know about a security incident in which a number of WeTransfer service emails were sent to the wrong people. This happened on June 16th and 17th. Our team has been working tirelessly to correct and contain this situation and find out how it happened.

We have learned that a transfer you sent or received was also delivered to some people it was not meant to go to. Our records show those files have been accessed, but almost certainly by the intended recipient. Nevertheless, as a precaution we blocked the link to prevent further downloads.

As your email address was also included in the transfer email, please keep an eye out for any suspicious or unusual emails you receive.

We understand how important your data is and never take your trust in our service for granted. If you have any questions or concerns, just reply to this email to contact our support team.

The WeTransfer Team"

Well, it doesn't get much worse than that, folks. I mean, look, WeTransfer had one job -- share files with the correct friggin' people! Moving forward, it will be very hard for users to trust the company. Hell, they even exposed the sender's email address, which can lead to spam and phishing attempts too. Sigh.

Are you a WeTransfer user? Will you stop using the service as a result of this blunder?

UPDATE: After BetaNews broke this news, WeTransfer shared more details on their website here. The company says it has forced some users to change passwords, meaning login credentials may have been stolen, but not definitely. They have also contacted authorities, signaling this may not be an accident, but a criminal breach.

https://wetransfer.pr.co/178267-security-notice

https://betanews.com/2019/06/21/wetransfer-fail/

#WeTransfer #sharing #cloud #privacy #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

An Infamous Neo-Nazi Forum Just Got Doxxed

A cache of data exposes the logins, emails, and IP addresses of users on IronMarch, a defunct neo-Nazi forum considered the birthplace of several militant organizations.

It’s no secret that neo-Nazis freely post anonymously all over the internet, every single day. But a recent leak shows that white nationalists online can’t always protect their identities.

The metadata of a now-defunct neo-Nazi message board that is considered the birthplace of several militant organizations—among them the U.S.-based terror group Atomwaffen Division—was dumped onto the internet by what appears to be anti-fascist activists.

The site, IronMarch, is widely associated with the rise of the new wave of white supremacist accelerationst groups advocating for armed insurgency against society. The site ran from 2011 to 2017 and garnered more than 150,000 posts while active. The dump of its inner workings includes the login names of its former members and their associated emails and IP addresses.

Although Motherboard could not verify all the contents of the dump, early record searches match names and details of white nationalist militants tracked by Motherboard over the course of a two-year investigation into neo-Nazi terrorism. The dump also matched internal IronMarch data that Motherboard already accessed.

The identity of whoever originally obtained the data isn’t known, but the dump was uploaded to the Internet Archive by a user named “antifa-data” on November 6.

👉🏼 Read more:
https://www.vice.com/en_us/article/a359q8/an-infamous-neo-nazi-forum-just-got-doxxed

💡 https://www.bellingcat.com/resources/how-tos/2019/11/06/massive-white-supremacist-message-board-leak-how-to-access-and-interpret-the-data/

💾 Leaked Data (Torrent):
https://www.bthub.me/hash/1d0554862068bfaba9bd2fc6f75cb69fa420c834

#doxxed #nazi #forum #IronMarch #AtomwaffenDivision #leak #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Serious cyber-attack on Austria's foreign ministry

Austria's foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country.

The ministry said the seriousness of the attack suggested it might have been carried out by a "state actor".

The hack started on Saturday night and experts warn it could continue for several days.

The breach occurred on the same day Austria's Green party backed forming a coalition with conservatives .

It was recognised very quickly and countermeasures taken immediately, the foreign ministry said in a statement.

"Despite all intensive security measures, there is never 100% protection against cyber-attacks," the ministry said.

https://www.bbc.com/news/world-europe-50997773

https://www.rte.ie/news/world/2020/0105/1104411-austria-cyber-attack/

#austria #cyberattack #stateactor #hacker #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Two Usenet providers blame data breaches on partner company

Remember Usenet?

Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on "a security vulnerability at a partner company."

Neither UseNeXT nor Usenet.nl have named the third-party company whose software enabled the intrusion. It is unclear if this is referring to a Usenet desktop client or a server-side service.

Both Usenet providers have now shut down their websites to investigate the breach.

According to a near-identical message posted on both sites [1, 2], the two companies say the intruder gained access to information such as names, billing addresses, payment details (IBAN and account number), and other information users provided during the process of creating an account on the two websites.

👉🏼 Read more:
https://www.zdnet.com/article/two-usenet-providers-blame-data-breaches-on-partner-company/

#usenet #breach #UseNeXT #Usenetnl
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.

The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.

"4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said.

👀 The full contents of the database, spanning across 4,282 apps, included:

‼️ Email addresses: 7,000,000+
‼️ Usernames: 4,400,000+
‼️ Passwords: 1,000,000+
‼️ Phone numbers: 5,300,000+
‼️ Full names: 18,300,000+
‼️ Chat messages: 6,800,000+
‼️ GPS data: 6,200,000+
‼️ IP addresses: 156,000+
‼️ Street addresses: 560,000+

👉🏼 Read more:
https://thehackernews.com/2020/05/android-firebase-database-security.html

#android #app #google #playstore #firebase #database #security #breach #leak
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Huge, mysterious list appears online of where people met, personal information and more of tens of millions

'There's nothing you nor I can do about it,' notes security expert

A huge data dump includes the personal information of tens of millions of people and where they have met – and its origin is a mystery.

The breach includes almost 90GB of people's personal data, including details of where they have been and met people.

But there is no clue where the information has actually come from in the first place.

Though the information has been hosted publicly, and available to anyone, there is no hint about where it was first collected from.

The dump includes listings of individual people, including information on their social media sites, phone numbers and addresses. Unusually, however, it also includes details about where people have met, and information about where the people listed within the dump may know each other from.

As such, it appears that the data was probably collected from CRM, or customer relationship management, software. Users presumably took down a contact's personal information as well as a note about where they had met them to remember in future, and recorded it in a piece of software, which has since been breached.

But Troy Hunt, who tracks such data breaches and runs the website HaveIBeenPwned.com to allow users to check if they have been caught up in them, said that he had been unable to find any clue about what that software might be or how it had become public.

"Nowhere – absolutely nowhere – was there any indication of where the data had originated from," he wrote in a blog post announcing the find.

👉🏼 Read more:
https://www.independent.co.uk/life-style/gadgets-and-tech/news/data-dump-personal-information-breach-crm-a9515931.html

https://www.troyhunt.com/the-unattributable-db8151dd-data-breach/

#leak #breach #CRM
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Average American had personal data stolen at least 4 times last year, report says

Over the past decade or so you’ve probably noticed the increasing frequency of major data breaches around the world. There have been at least 200 documented data breaches since 2005, and the number of records exposed is only on the rise as more folks move their lives online. With more people transitioning facets of their lives online in the context of the “stay home” orders of the 2020 pandemic, these numbers of are sure to climb even higher in years to come.

It’s impossible to know the impact and extent to which data breaches are occurring as many almost certainly go unreported. Here are some of the data breaches we analyzed in our research:

👉🏼 Read more:
https://www.interest.com/personal-finance/the-average-american-had-personal-information-stolen-at-least-4-times-in-2019/

https://en.wikipedia.org/wiki/List_of_data_breaches

https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/

https://theweek.com/articles/730439/have-almost-certainly-been-hacked

#USA #hacked #breach #leak
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

The entire database is being sold for $30,000 on a hacker forum.

Last month a hacker was selling 267 million Facebook user data on a dark web marketplace. Now, a hacker or call them a threat actor is claiming to have access to a database with 500 million Facebook user data from 82 countries.

What’s worse is that the data is currently being sold on an infamous hacking forum, Hackread.com has learned.

As seen on the forum, the hacker has been offering the treasure trove of data since May 15th, 2020 and includes personal information such as,

Names
Gender
location
City name
Surnames
Actual job
Marital status
Mobile number
Email addresses
Facebook profile links

Furthermore, the hacker has divided the price of the data into three parts, for instance, $1500 per million, $450 per 100,000, and $30,000 for 500 million for the entire database. The listing also states that the information in the database was stolen between November 2019 to May 2020.

👉🏼 Read more:
https://www.hackread.com/hacker-selling-500-million-facebook-user-data/

https://www.hackread.com/hacker-forum-sell-267-million-facebook-records/

#hacker #hacked #breach #facebook #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Millions of Telegram Users’ Data Exposed on Darknet

Telegram’s built-in contact import feature was exploited to leak the personal data of millions of users onto the darknet.

Telegram, a major privacy-focused messaging app, has suffered a data leak that exposed some personal data of its users on the darknet.

A database containing the personal data of millions of Telegram users has been posted on a darknet forum. The issue was first reported by Russian-language tech publication Kod.ru on Tuesday.

According to the report, the database contains phone numbers and unique Telegram user IDs. It remains unclear exactly how many users' data was leaked while the database file is about 900 megabytes.

About 40% of entries in the database should be relevant
Telegram has reportedly acknowledged the existence of the leaked database to Kod.ru. The database was collected through exploiting Telegram’s built-in contacts import feature at registration, Telegram reportedly said.

Telegram noted that the data in the leaked database is mostly outdated. According to the report, 84% of data entries in the database were collected before mid-2019. As such, at least 60% of the database is outdated, Telegram declared in the report.

Additionally, 70% of leaked accounts came from Iran, while the remaining 30% were based in Russia.

https://kod.ru/darknet-sliv-baza-telegram-jun2020/

👉🏼 Read more:
https://cointelegraph.com/news/millions-of-telegram-userss-data-exposed-on-darknet

#tg #telegram #leak #breach #database #exposed #darknet
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Hacker breaches security firm in act of revenge

Hacker claims to have stolen more than 8,200 databases from a security firm's data leak monitoring service.

A hacker claims to have breached the backend servers belonging to a US cyber-security firm and stolen information from the company's "data leak detection" service.

The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that leaked from other companies during past security breaches.

The databases have been collected inside DataViper, a data leak monitoring service managed by Vinny Troia, the security researcher behind Night Lion Security, a US-based cyber-security firm.

👀 👉🏼 https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/

👀 👉🏼 https://gist.github.com/campuscodi/226b0758e08592df2e5d898979d1da17

#DataViper #leak #breach #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See

A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. This lack of basic security measures in an essential part of a cybersecurity product is not just shocking. It also shows a total disregard for standard VPN practices that put their users at risk.

The vpnMentor research team, led by Noam Rotem, uncovered the server and found Personally Identifiable Information (PII) data for potentially over 20 million VPN users, according to claims of user numbers made by the VPNs.

Each of these VPNs claims that their services are “no-log” VPNs, which means that they don’t record any user activity on their respective apps. However, we found multiple instances of internet activity logs on their shared server. This was in addition to the PII data, which included email addresses, clear text passwords, IP addresses, home addresses, phone models, device ID, and other technical details.

The VPNs affected are UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN – all of which appear to be connected by a common app developer and white-labeled for other companies.

👀 👉🏼 https://www.vpnmentor.com/blog/report-free-vpns-leak/

#vpn #breach #leak #cybersecurity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Warner Music Group finds hackers compromised its online stores

NOTICE OF DATA BREACH

On August 5, 2020, we learned that an unauthorized third party had compromised a number of US-based e-commerce
websites WMG operates but that are hosted and supported by an external service provider. This allowed the unauthorized third party to potentially acquire a copy of the personal information you entered into one or more of the affected website(s) between April 25, 2020 and August 5, 2020.

While we cannot definitively confirm that your personal information was affected, it is possible that it might have been
as your transaction(s) occurred during the period of compromise. If it was, this might have exposed you to a risk of
fraudulent transactions being carried out using your details.

👀 👉🏼 https://assets.documentcloud.org/documents/7201631/Warner-Music-Group-Breach-Letter-BC.txt

👀 👉🏼 (PDF)
https://assets.documentcloud.org/documents/7201631/Warner-Music-Group-Breach-Letter-BC.pdf

👀 👉🏼 https://www.bleepingcomputer.com/news/security/warner-music-group-finds-hackers-compromised-its-online-stores/

#warner #music #breach #hackers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

A data fail left banks and councils exposed by a quick Google search

Details of more than 50,000 letters sent by banks and local authorities were left online for anyone to see

Private details relating to more than 50,000 letters sent out by banks and local authorities were indexed by Google after a London-based outsourcing firm left its system hopelessly exposed. Details about everything from insolvency to final reminders of unpaid council tax and mortgage holidays were left available for anyone to view since June.

Thousands of names and addresses – and the types of letters they were sent – were left exposed, affecting people in the UK, US and Canada. Virtual Mail Room, the firm responsible for the data breach, worked for clients including Metro Bank, 14 local councils, the publisher Pearson and insolvency specialist Begbies Traynor. The specific content of the letters sent to individuals were not visible.

The privacy breach raises doubts about the due diligence carried out by companies and local authorities using outsourced mailing services to handle sensitive customer data. It also comes at a particularly painful time, with many of the names and addresses contained in the breach belonging to people who have been hit hard financially by the pandemic. Such missteps could fall foul of GDPR, with data controllers and processors potentially facing fines totalling tens of millions of pounds. A spokesperson for the Information Commissioner’s Office, the UK’s data regulator, confirmed it was aware of the incident and was making enquiries.

The details exposed by the breach are hugely personal. Amongst the tranche of exposed personal data were the names and addresses of 6,500 customers of Aldermore Bank. The back-end system left exposed reveals which customers received pre-delinquency and remediation letters. A spokesperson for the bank says it is investigating the issue. Elsewhere, more than 250 Metro Bank customers were identified with their company name and address. A Metro Bank spokesperson says the company has “temporarily suspended sharing data” with Virtual Mail Room as a precautionary measure while its investigation continues.

👀 👉🏼 https://www.wired.co.uk/article/virtual-mail-room-data-breach

#virtual #mail #room #privacy #breach #uk #canada #usa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Get this - there is a Bitcoin wallet with 69,000 Bitcoins ($693,207,618) that is being passed around between hackers/crackers for the past 2 years for the purpose of cracking the password, no success so far.

👀 👉🏼 https://twitter.com/UnderTheBreach/status/1303316723186139136

#wallet #bitcoin #breach #hack #whynot
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Shopify discloses security incident caused by two rogue employees

Shopify said two rogue support staffers accessed customer transaction details for less than 200 stores.

Online e-commerce giant Shopify is working with the FBI and other law enforcement agencies to investigate a security breach caused by two rogue employees.

The company said two members of its support team accessed and tried to obtain customer transaction details from Shopify shop owners (merchants).

Shopify estimated the number of stores that might be affected by the employees' actions at less than 200. The company boasted more than one million registered merchants in its latest quarterly filings.

The e-commerce giant said the incident is not the result of a vulnerability in its platform but the actions of rogue employees.

"We immediately terminated these individuals' access to our Shopify network and referred the incident to law enforcement," the company said in a prepared statement. "We are currently working with the FBI and other international agencies in their investigation of these criminal acts."

An investigation into the security breach is still in its early phases. Shopify promised to notify impacted merchants and customers as relevant.

👀 👉🏼 https://community.shopify.com/c/Shopify-Discussion/Incident-Update/m-p/888971

👀 👉🏼 https://www.zdnet.com/article/shopify-discloses-security-incident-caused-by-two-rogue-employees

#fbi #breach #shopify #security #incident
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Federal Agency Compromised by Malicious Cyber Actor

The Cybersecurity and Infrastructure Security Agency (CISA) responded to a recent threat actor’s cyberattack on a federal agency’s enterprise network. By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.

💡 For a downloadable copy of IOCs, see:
https://us-cert.cisa.gov/sites/default/files/publications/AR20-268A.stix.xml

👀 👉🏼 https://us-cert.cisa.gov/ncas/analysis-reports/ar20-268a

👀 👉🏼 https://www.zdnet.com/article/cisa-says-a-hacker-breached-a-federal-agency

#cisa #hacker #breach #breached #federal #agency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

U.S.A. cybersecurity firm FireEye discloses breach, theft of internal hacking tools

FireEye, one of the largest cybersecurity companies in the United States, said on Tuesday that is has been hacked, possibly by a government, leading to the theft of an arsenal of internal hacking tools typically reserved to privately test the cyber defenses of their own clients

https://www.reuters.com/article/fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-internal-hacking-tools-idUSL1N2IO2EI

#FireEye #hacked #breach

Another huge data breach, another stony silence from Facebook

The social media giant is still a law unto itself. Can anybody hold it to account?

Half a billion Facebook users’ accounts stolen. Personal information compromised. Telephone numbers and birth dates drifting across the internet being used for God knows what. And for four days, from Facebook’s corporate headquarters, nothing but silence.

If this sounds familiar, it’s because it is. This week saw reports of a massive new Facebook breach and everything about it, from Facebook’s denials of the words “data” and “breach” to its repeated refusal to answer journalists’ questions, has been uncannily reminiscent of the Cambridge Analytica scandal.

Three years on, “Cambridge Analytica” is a byword for mass-data abuse, Facebook has been fined billions of dollars for failing to protect users’ data and... not a thing has changed. If ever there were a moment to understand how profoundly all systems of accountability have failed, and continued to fail, it is this.

Last week Nick Clegg, vice president of global affairs at Facebook, admitted on The Verge website that the Cambridge Analytica scandal had “rocked Facebook right down to its foundations”. And yet it has learned nothing. It has paid no real price (the record $5 billion fine it paid to the Federal Trade Commission (FTC) is literally no price at all to Facebook), suffered no real consequences, and failed to answer any questions over the involvement of its executives.

https://www.theguardian.com/technology/2021/apr/11/another-huge-data-breach-another-stony-silence-from-facebook

#facebook #DeleteFacebook #data #breach #comment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

#Amazon hit with $886m #fine for alleged #data law #breach

https://www.bbc.com/news/business-58024116

India is the sixth most data-breached country in world, says study by cybersecurity firm

India is the sixth most breached country in the world, since the first recorded digital attacks in 2004, according to a study released by Netherlands-based cybersecurity company Surfshark Monday. This means that 18 out of every 100 Indians had their personal contact details breached since 2004, the study noted.
https://theprint.in/india/india-is-the-sixth-most-data-breached-country-in-world-says-study-by-cybersecurity-firm/995215/

#India #data #breach