Russia believed responsible for the DNC hack. Hacking team OurMine ups the ante. Malware continues to plague restaurant chains, and another high-profile target has their Twitter account hacked due to poor password habits. It's all that and more in The Month in Hacks.
American Intelligence Confident That Russia Hacked DNC
US intelligence agencies are confident that Russia was behind the theft of emails and documents from the Democratic National Committee, reported the New York Times on July 26. Wikileaks founder Julian Assange has said that his organization dumped the documents with hopes of harming the Clinton Campaign campaign; however, several other news outlets and an unknown agent using the alias “Guccifer 2.0” had previously published several of the stolen documents. Intelligence officers believe that Guccifer works for Russian intelligence.
Motherboard uncovered on July 25 that well known spy networks “APT 28” and “APT 29” (APT is an acronym for Advanced Persistent Threat) had been in the DNC network since last summer. Both groups are linked to the Russian government.
OurMine Claims Credit for Pokemon Go Hack
On July 17, TechCrunch reported that hacking team OurMine has claimed credit for a denial of service attack on Pokemon Go, leaving many players unable to log in. A message posted on the group's website read: “No one will be able to play this game till Pokemon Go contact us on our website to teach them how to protect it!” On July 26, the three-person group turned its eye on TechCrunch, hacking the site and posting an article on the front page.
CEO of Pokemon Go Creator Hacked on Twitter
The CEO of Pokemon Go developer Niantic, John Hanke, became the latest high-profile target to have his Twitter account hacked by the hacking team OurMine. The team posted several messages on his Twitter page, pushing for the popular game to be released in Brazil. They also revealed how they hacked into his account, stating that his password (“nopass”) was too easy to guess.
Credit Card Hack Affects More Than 135 Cici's Pizza Locations
On July 16, Krebs on Security reported that fast-casual restaurant chain Cici's Pizza had been the victim of a payment data breach. . Cici's uncovered the point-of-payment hack in March, but the investigation has shown that some readers were compromised as early as 2015. Cici's has provided customers a list of the locations in question.
Malware to Blame for the Omni Hotels Payment Breach
MarketWatch broke on July 8 that from December 2015 through June 2016, malware installed on Omni Hotels' payment system may have led to the theft of card data. The company learned of the hack on May 30. While Omni doesn't know how many customers were affected, they believe that personal data such as contact information and Social Security numbers were not stolen.
Lack of Encryption Enabled Muslim Match Hack
In its ongoing coverage of the attack on dating site Muslim Match, Infosecurity Magazine reported on July 1 that the site did not use encryption, allowing hackers to view a trove of 790,000 messages between 150,000 users. “Where possible, people should consider information on websites to be publicly available,” says AlienVault security advocate, Javvad Malik. “They should consider what photos and information they post and share and the potential impact if the content is shared broadly.”
Wendy's Hack Update: 18% of Locations Affected
In an emailed statement, a spokesperson from Wendy's acknowledged that malware installed on the point-of-payment systems had led to the theft of names, card numbers and expiration dates at 18% of the fast food chain's 5,700 locations. Bloomberg reported on July 7 that Wendy's had disabled the software.
O2 Customer Data Sold on Dark Net, O2 denies breach
On July 26, BBC reported that the phone numbers, emails, passwords and dates of birth of O2 users were for sale on the dark web. Hackers used login credentials stolen from gaming site XSplit in 2013 to access O2 accounts; it's called credential stuffing. "We have not suffered a data breach,” said O2 in a statement. “Credential stuffing is a challenge for businesses and can result in many company's customer data being sold on the dark net.”
Ubuntu Forums Breached in SQL Injection Hack
Canonical Ltd., which operates Ubuntu Forums, explained that an SQL injection leveraged an unpatched vulnerability in the site's security system. The hacker accessed the usernames, email addresses and IP addresses of the forum's 2 million users, reported SiliconANGLE on July 8. The hack only affected Ubuntu Forums. Canonical's server was not breached.
Datadog Hacked, Invalidates All Stored Passwords
On July 11, Naked Security reported that Software-as-a-Service platform Datadog invalidated all stored passwords after a breach. The company's client list includes Spotify, PBS, Slashdot, Samsung, Imgur, Coursera, The New York Times, and Ziff Davis. Datadog's strong encryption system (a unique salt with bcrypt) is difficult to access; the company is taking a safe route by having all users update their login credentials."