Japanese cryptocurrency exchange suffers the largest theft yet, Norwegian citizens lose health records in hack, and Intel exposes devices' data with a massive design flaw. It's all this and more in The Month in Hacks.
Coincheck, a cryptocurrency exchange based in Toyko, lost $420 million in NEM tokens and $112 million in ripple to hackers. The amount of currency stolen makes this the largest hack of cryptocurrency exchanges in history. Coincheck immediately froze its services and issued a report acknowledging the hack.
Neither the company nor researchers know how the hackers were able to gain access to the digital assets, but the Japanese Financial Services Agency is investigating the case. Coincheck confirmed that it would use internal funds to return 90% of stolen tokens, but has not released when or how investors will receive the reimbursement. The hack serves as a further reminder of the importance of advanced security measures for cryptocurrency accounts. Turning on two-factor authentication as a user, where available, and adding it as a function (for the service providers) is a great first step.
Norway's Health South-East Regional Health Authority reported on January 19th that a group of hackers stole the personal information of up to 2.9 million Norwegians - over half of the country's population. While the exact details of the compromised information have not been released, it's likely that the hackers accessed some of the patients' health records.
The RHA assured patients that “measures have been implemented to remove the threat,” but more details on organization's response have not been made public. Those affected by the breach are encouraged to monitor their online accounts for signs of identity theft. They should also turn on two-factor authentication where available for all personal accounts.
OnePlus, a Chinese smartphone manufacturer, recently discovered that the credit card information of 40,000 customers was stolen between November 2017 and January 2018. The hacker added malicious script to the company's payment page, which allowed them to view customer's credit card information as it was entered on the page.
OnePlus has found and removed the code, but credit card payment systems on the site will be shut down until the company conducts an investigation into the hack. OnePlus customers who made an online purchase in the past few months should review their credit card statements for any suspicious activity.
In January, researchers found a flaw in Intel, AMD, and ARM processor chips that allow hackers to access data stored in the memory of running programs and gain privileged access to parts of a computer's memory used by the operating system. The flaw exists in most processors released in the past decade, and affects desktops, laptops, and smartphones running Linux, Microsoft, and Apple.
While Google's Project Zero reports that they have not seen hackers exploiting these flaws in the wild, Microsoft, Linux, and Apple have all released patches to fix the vulnerability in the chips. Users may find that the Windows and Linux patches may reduce system performance by five to 30 percent.