The Month in Hacks: September 2018

British Airways grounded, Chegg flunks out, and Newegg gets poached. It's all that and more in The Month in Hacks.

British Airways Main and Mobile Sites Hacked

Approximately 380,000 transactions were affected by a “sophisticated, malicious criminal attack” of the British Airways website, according to Chief Executive and Chairman of British Airways, Alex Cruz. Hackers managed to obtain names, emails, and credit card information of customers who made or changed reservations on both the main British Airways site and the mobile app between August 21 and September 5, 2018.

A cyber-criminal operation called Magecart is suspected in the breach. Magecart is also believed to be behind up to 800 more e-commerce breaches worldwide. British Airways has publicly stated that they will compensate affected customers for “any financial hardship that they may have suffered.”

Chegg Resets 40 Million User Passwords

The textbook rental company, Chegg, recently confirmed a data breach that dates back to April of 2018. The breach affected 40 million customers in its database. Also affected are users of other products owned by Chegg, such as the citation service, EasyBib.

The hackers reportedly stole usernames, emails, addresses and hashed passwords. Stock prices immediately declined more than 12 percent, and Chegg vowed to notify victims of the attack and reset their passwords.

6.42 million Shoppers Hit by Online Fashion Shopping Giant's Massive Data Breach

Women's online fashion store SHEIN has announced recently that its servers were breached with a sophisticated criminal cyberattack that leaked the confidential information of around 6.42 million customers.

The company confirmed the hackers managed to snag personal information including email addresses and the encrypted passwords of customers who visited its website between June 2018 and early August 2018.

Users Tweet Complaints of Account Fraud at @DoorDash

Dozens of DoorDash users tweeted last month complaints that food orders they did not place are appearing on their accounts. Several Reddit threads reported similar issues. In many cases, hackers changed account login information, rendering it impossible for DoorDash users to reset passwords.

Hackers Steal $60 Million From Japanese Crypto Exchange Zaif

Hackers stole $60 million of digital coins from a Japanese exchange, the latest in a string of thefts that have kept many institutional investors wary of putting their money in cryptocurrencies.The theft of Bitcoin, Monacoin and Bitcoin Cash from Zaif, an exchange owned by Osaka-based Tech Bureau Corp., occurred last week and was disclosed by Tech Bureau in a statement on Thursday. About 2.2 billion yen ($19.6 million) of stolen coins belonged to the exchange and the rest was client money.

Newegg Users' Credit Card Info Was Exposed to Hackers for a Month

Hardware retailer Newegg suffered a month-long data breachthat exposed users' credit card information to the same hackers who targeted British Airways earlier this year.

The exact scope of the attack is still unknown as the company only recently discovered the breach and began taking action. Newegg sees about 50 million monthly visitors and has a business valued at $2.65 billion.

United Nations Data Breach Leaks Passwords and Other Data

It seems that the U.N. can join the list of hacked companies and organizations. The United Nations data breach leaked passwords and other sensitive data to the entire internet. It turns out that the U.N. misconfigured apps it uses like Trello, Jira, and Google Docs, and it is unknown at this time who accessed the leaked information.

Talk To An Expert

Interested in learning about how TeleSign's identity and engagement solutions can prevent fraud while fostering secure and global growth for your business? Let's chat.