The Month in Hacks: December 2016

OurMine has a busy month of hacking, Russia, North Korea and China all get accused of potential attacks and even KFC loyalty program members learned that they need to upgrade their account security. It's all this and more in The Month in Hacks.

Russian Hacking of U.S. Election

As 2016 came to a close, the issue of whether or not Russia hacked the U.S. election, to influence it in favor of Donald Trump, was still being contested by the media, security experts and the U.S. government. USA TODAY published a story on December 30 that summarized the events so far, including President Obama's recent statement that "the hacks were initiated by the 'highest levels of the Russian government'" and his subsequent sanctions against Russian officials.

Bollywood Bogey: Top Star's Account Hacked By Fan

On January 3, broke the story that the income tax account of Bollywood starlet Kareena Kapoor Khan had been hacked by a fan who was trying to obtain her phone number. The hacker is an employee of India's Central Armed Police. He confessed to the crime once confronted by investigators.

Star Wars Trading Card Maker Hacked -- Customer Payment Data at Risk

On December 30, BBC reported that Topps, a manufacturer of collectible merchandise including Star Wars trading cards, had been breached. Customer payment card data, along with their associated security codes, may have been stolen. The company alerted customers, but declined to say how many had been affected.

Yahoo: 1 Billion More Accounts Hacked

On December 14, Fortune broke the news that 1 billion Yahoo accounts had been breached in an attack that occurred in 2013. This makes it the biggest breach in history, and larger than the widely reported 2014 hack that was disclosed in September. Personal information of customers may have been stolen, but Yahoo has stated that no credit card data is at risk.

FBI Investigating Chinese Military Attack on FDIC

On December 23, Reuters, via CNBC, reported that the FBI was investigating a hack of the Federal Deposit Insurance Corporation(FDIC) in which computers were infiltrated for several years and there were 20 confirmed incidents of data breaches. FDIC officials have stated that they believe the attack was sponsored by the Chinese military. FDIC staff discovered the hack in 2010 and began working to expunge the hackers but Reuters was unable to determine when the hackers were expunged from the FDIC network.

OurMine Hits Sony, Marvel and the Los Angeles Dodgers

Hacker group OurMine has struck again, this time breaching the Twitter account of Sony Music to declare that pop star Britney Spears had died. Minutes later, the group tweeted that she was alive and that Sony had been hacked again, reported TMZ on December 26.

OurMine also hacked the account of Marvel Entertainment, as well as accounts for The Avengers, Ant Man, Captain America and Tony Stark. An unverified account for The Incredible Hulk was also hacked, reported CNET on December 21.

On December 24, Deadspin broke the news that OurMine had targeted the Los Angeles Dodgers' Twitter account. They posted three tweets urging readers to "upgrade their security".

Quest Diagnostics Hacked -- 34k Patients' Data at Risk

The New York Times reported on December 14 that Quest Diagnostics had been hacked. An unauthorized third party accessed a database via the company's mobile app. They stole names, dates of birth, lab results and, in some cases, telephone numbers. No Social Security, credit card, insurance or financial information was accessed.

Russian Hackers Shut Down Ukraine Power Grid - U.S. Attacks Feared

On December 21, CBS News reported that Russian hackers sent malware via email to employees of an electric plant in Ukraine. The malware allowed them to steal login credentials. Once they accessed the system, they shut down the power. The report raises fear in the U.S., where the same malware has already been detected on computers belonging to American utilities.

North Korea Breaches South Korea's Military

On December 6, Business Insider reported that North Korea was suspected of attacking South Korea's cyber command and stealing confidential military documents. Malware has been discovered on the military's intranet. It's still not clear how much data was stolen.

KFC's Customer Loyalty Program Hacked

It is suspected that a hacker stole password data information in order to gain access the KFC Colonel's club loyalty system, reported TechCrunch on December 12. The company alerted customers that they should update their passwords. KFC has since added reCAPTCHA. No financial information was stolen, as it is not stored in the loyalty program.

Los Angeles County Email Hacked - Data for 750k People at Risk

Nigerian national Kelvin Onaghinor has been charged with hacking the municipal email accounts of Los Angeles County. Fox News reported on December 18 that officials do not know whether Onaghinor is within the United States. Authorities continue to seek additional suspects.

Millions of Dailymotion Accounts Hacked

On December 6, CNET reported that video-sharing site Dailymotion had been hacked. Over 85 million accounts are believed to be at risk. The breach is thought to have occurred in October. Dailymotion scrambles passwords, but that security measure did not prevent the hack.

Hackers Break Into One Direction Star's Facebook and Plaster It With Inappropriate Material

One Direction Star Liam Payne's Facebook profile was hacked and pornographic images were posted, reported Forbes on December 5. Hacks of celebrity accounts are not uncommon but Forbes pointed out how two-factor authentication and education about phishing scams could solve much of the problem.

Ashley Madison Settles Suit Over 2015 Data Breach

On December 14, Bloomberg Technology reported that Ashley Madison had reached a settlement to pay $1.65 million for the 2015 hack that exposed data on 37 million users. Reckless disregard for data security will not be tolerated, said New York Attorney General Eric Schneiderman. Hacked -- Users Alerted

An unauthorized third party reportedly accessed, a LinkedIn and Microsoft subsidiary, wrote ZDNet on December 18. User contact information, learning data and courses viewed are believed to have been exposed. Login credentials appear to be safe, but the company has still alerted 55,000 customers to update their passwords as a precaution."

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.