The scope of the Equifax breach expands, IoT vulnerability threatens the internet, and another Ethereum ICO is targeted by hackers. It's all this and more in The Month in Hacks.
The scale of the massive Equifax data breach continues to grow. In October, Equifax announced that there were an additional 2.5 million U.S. consumers that were impacted by the breach, bringing the total number of victims to 145.5 million. The company also stated that the credit card information of 209,000 customers was stolen. Equifax hired security firm Mandiant to investigate the breach, and the firm's investigation revealed the additional impacted consumers.
The Yahoo data breach, which happened in 2013 and was disclosed last year, just tripled in size. The company announced in October that the number accounts affected is 3 billion, up from their initial estimate of 1 billion.
The newest information means that every Yahoo account that was active in 2013 was likely compromised by the breach. These numbers also make it the largest data breach in recent history. Yahoo has notified all customers that had an account in 2013, encouraging them to update their passwords. Yahoo users should also enable two-factor authentication on their accounts to further protect them from compromise.
A new ransomware attack, dubbed Bad Rabbit, affected over 200 major organizations in Russia, Ukraine, Turkey, and Germany in October. Initial targets included Ukraine's Ministry of Infrastructure, Russian news service Interfax, and Kiev's public transportation system. The ransomware required users to pay approximately $285 to unlock their system and regain access to their data.
The ransomware appeared to be distributed through fake Adobe Flash Player installers. To become affected, users must download and execute the fake Adobe Flash installer. Researchers have not discovered a way to decrypt computers without paying the ransom.
Another vulnerability has been discovered in IoT devices that has the potential cause massive issues throughout the internet. The malware, called Reaper or IoT Troop, has targeted over 2 million cameras and routers and is spreading at a rate of 10,000 devices per day.
Researchers have not yet discovered who created the virus, and why, but warn that the scale of affected devices could allow the hackers to essentially disable the internet. The malware is designed to target multiple vulnerabilities in different IoT devices, making it easy to spread and difficult to stop completely, unless all vulnerabilities are patched in all unsecured devices.
A Taiwanese bank, Far Eastern International Banker, recently had $60 million stolen by hackers. The hackers used vulnerabilities in the SWIFT messaging system and malware on the bank's servers to funnel the money into banks in the U.S., Cambodia, and Sri Lanka.
Authorities have arrested two people in Sri Lanka who they believe have connections to the crime, and all money has been recovered except for $500,000. One suspect in custody is Shalila Moonesinghe, the head of the Sri Lankan-run Litro Gas company. The police are still searching for a third person who helped execute the cyber-heist.
Researchers have discovered a flaw that allows hackers to replicate the iOS password request system dialogue, making it easy for them to gain access to Apple accounts. The phishing attack allows for the fraudulent popup to show up in relevant apps, prompting users to enter their password.
Since the fake popup is identical to the real one, it's difficult for users to recognize the attack on sight. Although there is no evidence of hackers exploiting the flaw yet, researchers recommend only entering your credentials in the Settings app of your phone, not into a popup.
Disqus, a popular commenting system and plugin, revealed in October that it was breached in July 2012, compromising the data of 17.5 million users. The stolen data included email addresses, usernames, sign-up dates, and last login dates. While passwords were encrypted, the email addresses were stored in plain-text format.The company was alerted by an independent researcher of the breach in early October and immediately contacted affected users to change their passwords (and they should also turn on two-factor authentication). Other upgrades to the site's security have been made since the 2012 breach.
In another Ethereum initial coin offering hack, Vancouver-based Etherparty announced that hackers replaced the address for sending funds to buy tokens with a fraudulent address, controlled by the hackers. The company discovered the hack after 15 minutes and immediately took down the site until the address was corrected.
The company did not release details on how many funds were stolen, but assured investors that they would distribute tokens to anyone who sent funds to the fraudulent address.
The breach occurred because Coinhive used the same password for their Cloudflare account that they used for Kickstarter - the majority of Kickstarter accounts were compromised in the 2014 Kickstarter breach. Coinhive has issued an apology for the error and plans to compensate users who were affected by the hack.
At least 12 mobile operators in Malaysia were targeted by hackers in October, compromising the phone numbers, phone serial numbers, and home addresses of over 46 million customers. The hack was discovered by Malaysian technology site Lowyat.net, who caught hackers trying to sell databases of personal information on their servers.
The population of Malaysia is 32 million, so it's likely that the breach compromised every Malaysian citizen with a cell phone, as well as foreigners who purchased pre-paid cell phones in the country. The Malaysian Communications and Multimedia Commission has met with the targeted operators to try to find the source of the breach and prevent a similar attack from occurring in the future.
The names, identity numbers, phone numbers, incomes, genders, employment histories, and home addresses of over 30 million South Africans have been leaked online. The researcher who discovered the data states that the data was likely stolen in April 2015, although it was found online in October.
Little is known about the source of the hack - officials have yet to find the source of the leaked data. Experts caution citizens to take appropriate steps to guard against identity theft, as the leaked data could easily be used to impersonate someone.
Customers who used the Pizza Hut website or mobile app on October 1st and 2nd likely had their names, billing postal codes, addresses, email addresses, and credit card information compromised. The security breach, which lasted for 28 hours, was detected by the company around midday on October 2nd and quickly fixed afterwards.
Pizza Hut sent an email to all affected customers on October 14 and received criticism from some customers who had already seen unauthorized transactions on their accounts. The company is offering free credit monitoring services for a year to any customers who may have been affected by the breach.
In another hack on pizza chains, Domino's Australia customers had their names, emails, and suburbs sent to spam lists. The hack was originally brought to light by numerous customers, who stated that they received spam emails containing personal information they disclosed to Domino's.
The company claimed that the data came from a compromised server of a former third-party supplier. Domino's Australia has yet to contact customers who were affected by the breach, and has not said when they first became aware of the issue.