British Airways grounded, Chegg flunks out, and Newegg gets poached. It's all that and more in The Month in Hacks.
Approximately 380,000 transactions were affected by a “sophisticated, malicious criminal attack” of the British Airways website, according to Chief Executive and Chairman of British Airways, Alex Cruz. Hackers managed to obtain names, emails, and credit card information of customers who made or changed reservations on both the main British Airways site and the mobile app between August 21 and September 5, 2018.
A cyber-criminal operation called Magecart is suspected in the breach. Magecart is also believed to be behind up to 800 more e-commerce breaches worldwide. British Airways has publicly stated that they will compensate affected customers for “any financial hardship that they may have suffered.”
The textbook rental company, Chegg, recently confirmed a data breach that dates back to April of 2018. The breach affected 40 million customers in its database. Also affected are users of other products owned by Chegg, such as the citation service, EasyBib.
The hackers reportedly stole usernames, emails, addresses and hashed passwords. Stock prices immediately declined more than 12 percent, and Chegg vowed to notify victims of the attack and reset their passwords.
Women's online fashion store SHEIN has announced recently that its servers were breached with a sophisticated criminal cyberattack that leaked the confidential information of around 6.42 million customers.
The company confirmed the hackers managed to snag personal information including email addresses and the encrypted passwords of customers who visited its website between June 2018 and early August 2018.
Dozens of DoorDash users tweeted last month complaints that food orders they did not place are appearing on their accounts. Several Reddit threads reported similar issues. In many cases, hackers changed account login information, rendering it impossible for DoorDash users to reset passwords.
Hackers stole $60 million of digital coins from a Japanese exchange, the latest in a string of thefts that have kept many institutional investors wary of putting their money in cryptocurrencies.The theft of Bitcoin, Monacoin and Bitcoin Cash from Zaif, an exchange owned by Osaka-based Tech Bureau Corp., occurred last week and was disclosed by Tech Bureau in a statement on Thursday. About 2.2 billion yen ($19.6 million) of stolen coins belonged to the exchange and the rest was client money.
Hardware retailer Newegg suffered a month-long data breachthat exposed users' credit card information to the same hackers who targeted British Airways earlier this year.
The exact scope of the attack is still unknown as the company only recently discovered the breach and began taking action. Newegg sees about 50 million monthly visitors and has a business valued at $2.65 billion.
It seems that the U.N. can join the list of hacked companies and organizations. The United Nations data breach leaked passwords and other sensitive data to the entire internet. It turns out that the U.N. misconfigured apps it uses like Trello, Jira, and Google Docs, and it is unknown at this time who accessed the leaked information.