The Month in Hacks: August 2016


The Dropbox breach gets a massive, and startling, update. Leslie Jones gets all that online bullying has to offer, Bitcoin value declines after hack and an arrest is made in connection to the Sage data breach that highlights “misuse by authenticated users.” It's all that and more in The Month in Hacks. Updates to Dropbox Breach Reveal Over 68 Million Aaccount Details StolenNew details have emerged surrounding a previous Dropbox breach, with Motherboard first reporting over 68 million user account details had been stolen. The breach, which occurred back in 2012, affected over 60% of the platform's users at the time. The company has advised all those affected to reset their passwords. It is also encouraged to turn on two-factor authentication.NY Times Targeted by Russian HackersOn August 23, the New York Times reported that the paper's Moscow bureau had been targeted in a recent cyberattack. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised,” says a spokesperson for the times. CNN cited US officials claims that several news organizations had been targeted, and that the hackers are believed to be working for the Russian government.Backseat Driving: White Hat Hackers Hijack Jeep CherokeeOn August 2, The Verge reported that cybersecurity researchers Charlie Miller and Chris Valasek had for the second time commandeered a Jeep Cherokee by seizing control of the vehicle's computer system. While the pair's previous showcase involved taking limited control of the steering wheel remotely, the latest hack required that they have physical access but gave them full control of the vehicle's steering wheel… and more. According to The Verge, “They could turn the steering wheel at any speed, activate the parking brake, or adjust the cruise control settings. Theoretically, that sort of manipulation could cause someone to veer off the road or rear-end someone.”Bitcoin Exchange, Bitfinex, Suffers Major Hack – Over $70M Worth of Bitcoin StolenTechcrunch reported on August 2 that the popular cryptocurrency exchange Bitfinex had been fleeced of nearly 120,000 bitcoins, valued at roughly $70M. The value of Bitcoins dove by 20% following the hack. While it remains unclear how the hack occurred, it is known that Bitfinex uses Palo Alto based security firm BitGo. The firm has announced that there is no evidence to suggest that a BitGo sever has been hacked.Leslie Jones Bully HackedThe online bullying tactics used recently against comedienne Leslie Jones are not new, reported the Washington Post on August 26, but the fact that “doxxing,” “revenge porn” and hacking were used all at once has taken some experts by surprise. The article quotes Shireen Mitchell, the founder of Digital Sisters and Stop Online Violence Against Women and an expert in online diversity and safety: “It was everything they could do to her. It was every tactic in the playbook.”Hackers took over the actresses' website and posted a message for viewers to abuse her online. They posted private documents with identifying information, as well as stolen nude photos. Homeland Security and the FBI are investigating. While there are no suspects, it appears the hackers were motivated by a Tweet in which Jones told an online heckler that she would “retweet your hate” for all of her fans to see.Oracle's MICROS Point-of-Sale Division Hit With Data BreachOn August 16, KrebsOnSecurity reported that a Russian organized crime syndicate known as the “Carbanak Gang” had targeted Oracle Corp. More specifically, they reportedly targeted a customer support portal for companies using Oracle's MICROS point-of-sale credit card payment systems. The breach is still under investigation, with uncertainty as to the size and scope.200 Million Yahoo Credentials Being Sold Publically on the Dark Web – Details Being InvestigatedThe hacker using the name Peace has moved on from Myspace and LinkedIn, with Yahoo being his new target. The cybercriminal has posted 200M Yahoo user credentials for sale on the dark web, reported Motherboard on August 1. At this time, Yahoo has acknowledged the hacker's claims, but has not verified whether the data is authentic. The stolen information allegedly includes usernames, hashed passwords, dates of birth and backup email addresses. Peace is selling the data for 3 bitcoins, or roughly $1,860.Cops Nab Woman in Sage Software HackA 32-year-old woman employed by Sage has been arrested in connection to a recent data breach at the accounting software giant, reported ComputerWeekly on August 19. A data breach by an employee highlights the vulnerability of online systems to misuse by authenticated users. “Too much faith has been placed in password-management systems, which a privileged user just logs into and is given unconstrained access to sensitive data,” said Matthew Ravden, Chief Marketing Officer at security firm Balabit. “Organizations must put greater emphasis on monitoring and analyzing these users in real time to detect unusual activities and stop malicious acts from happening.” BBC originally reported the hack on August 14, saying that personal information at 280 UK businesses had been compromised.HEI Hotels Reports Data BreachOn August 16, Business Insider reported that a malware breach in its payment system may have impacted Hyatt, Marriott, Sheraton, and Westin hotel locations in 10 states and the District of Columbia. The breach is believed to have begun as early as March 2015 and lasted until June 2016, underlining the danger posed to POS systems. Payment card data including names, account numbers, expiration dates and verification codes are at risk. Customers are encouraged to closely monitor purchases for fraud.Epic Games Hit by Two Data BreachesOn August 23, Naked Security reported that Epic Games, widely known for the Unreal games programming system and the Xbox game Gears of War, had been the victim of two hacks. “We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext… Also, we believe a compromise of our legacy forums covering Infinity Blade, UDK, previous Unreal Tournament games, and archived Gears of War forums revealed email addresses, salted hashed passwords and other data entered into the forums,” said the company in a statement.Health Records Stolen From Ohio ClinicOn August 2, ZDNet reported that over 100,000 internal documents, some containing personal health history, had been stolen from the Central Ohio Urology Group outside of Columbus, OH. The records were uploaded to Google Drive. The theft has been partly blamed on non-password protected Excel files. The Ohio hack comes on the heels of a breach at Newkirk Products Inc. As reported by the Wall Street Journal on August 5, the maker of health insurance identification cards disclosed that a server containing member information had been accessed.Opera Software Sync Servers HackedOn August 27, Beta News reported that Opera Software had advised users of its sync feature to update their passwords following a data breach. While a low percentage of Opera's customers use the feature - 0.5% - the 350M user base means that up to 1.7M accounts could be affected."

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.