The Month in Hacks: June 2018

MyHeritage is targeted by hackers, 230k Flightradar24 users have their credentials leaked, and Ethereum users lose $20.5 million in security vulnerability. It's all this and more in The Month in Hacks.

Usernames and Passwords of 230,000 Flightradar24 Users Revealed

Flightradar24, a flight tracking service, leaked the email addresses and hashed passwords of over 230,000 customers. The leak stemmed from one server which was compromised by hackers - the company has since shut down the server.

The company sent an email to all affected customers asking them to reset their passwords, but didn't announce the breach on their social media channels or blog. It is recommended that everyone who used the service reset their passwords, especially if the same password is used across multiple accounts.

MyHeritage Suffers Massive Breach of 92.3 Million User's Data

MyHeritage, a DNA testing service based in Israel, announced in June that their website was attacked by hackers last year. As a result of the attack, the email addresses and hashed passwords of 92.3 million users were accessed. The company says that no other personal data, including DNA information or credit card details, were compromised in the hack.

While the company uses a hashing algorithm along with a unique salt to protect user's passwords, it still recommends that users update their passwords to prevent further data to be accessed. As a result of the hack, MyHeritage began offering two-factor authentication options to users.

Security Vulnerability in WordPress Leaves Files Unprotected

Researchers have discovered an unpatched vulnerability in all versions of WordPress that allows any user, not just site admins, to delete files from the web hosting. Attackers could potentially delete security protocols, leaving sites open to hacking, or reconfigure the entire website.

While a patch to this vulnerability hasn't been released yet, it is expected to be included in the next update released by the company. In the meantime, site admins and authors should be wary of phishing attacks that would allow a hacker to access an author-level account and edit the website.

Hackers Steal $20.5 Million in Ethereum Due to Security Flaw

In June, hackers stole 38,642 Ether (worth $20.5 million at the time) from unsecured Ethereum wallets. The attackers were able to access the funds by scanning geth clients for users that left the JSON-RPC interface open without a firewall policy. Once finding the unsecured accounts, the hackers could then access the funds simply by knowing the wallet and IP address.To prevent the attack, Ethereum users are recommended to only allow connections to their geth client from a local computer.

PythonBot Malware Allows Hackers to Install Malicious Extensions

Researchers at Kaspersky Labs have found new variants of Python-based adware that can install malicious extensions and hidden cryptocurrency miners into user's computers. The malware is distributed through pop-ups on websites, which encourage users to download PBot disguised as legitimate software.

While the majority of attacks are centered in Russia, Ukraine, and Kazakhstan, experts advise that you only download software from trusted sources and use strong antivirus software that can prevent attacks like PBot.

Malware Attack at Recruitment Firm PageUp Exposes Client Data

Australia-based recruitment firm PageUp, which handles millions of job applications globally, fell victim to a malware attack in June. According to the company -- which counts supermarket Aldi, Clydesdale Bank and chocolate-maker Lindt as its client -- an unauthorized person gained access to its systems, compromising personal contact details, biographical details and employment information of current or former employees who had access to PageUp systems.

Even though the company uses best practices to protect password data, including hashing and salting, it still recommends users to change their password to prevent any further misuse of data. The company also recommends that users enable two-factor authentication on other accounts that use the same credentials, to prevent unauthorized access of those accounts.

Breach at Dixons Carphone Exposes 5.9M Payment Cards & 1.2M Personal Records

In June, a major data breach at Dixons Carphone -- a European electronics and telecommunications retailer – compromised 5.9 million customers' bank card details along with 1.2 million personal records. Hackers attempted to compromise one of the card processing systems of Currys PC World and Dixons Travel outlets, thereby exposing customer card details and personal details such as name, physical address or email address. While majority (5.8 million) of the cards were secured by chip and pin, 105,000 were issued outside the European Union and lacked these protection measures; putting them at a greater risk.

Massive Cyber Attack at Ticketfly Exposes 27 Million Users

San Francisco-based event-ticketing company Ticketfly fell victim to a massive cyber-attack in June, compromising data of around 27 million user accounts. Hackers gained access to customer details such as name, address, email address and phone numbers connected to their account. Financial information such as credit and debit card details were not compromised.

Even though the passwords were not accessed, the company's customers as well as clients were prompted to securely reset all passwords as a security measure.

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.