This Week in Cybersecurity: 22nd Jan – 25th Jan: Mother of All Breaches Exposes 26 Billion Records

Written by Gabby Lee

January 26, 2024

This Week in Cybersecurity: 22nd Jan – 25th Jan: Mother of All Breaches Exposes 26 Billion Records

Mother of All Breaches (MOAB) Exposes 26 Billion Records

Researchers found a data breach containing 26 billion records from various sources, dubbed “Mother of All Breaches”. Cybersecurity experts uncovered 12 terabytes of records from sites like LinkedIn and Twitter, organized into 3,800 folders. Data was compiled from over 2,500 past breaches of 15 billion records. Some records were unpublished. The risk of reused credentials across sites endangers users to widespread identity theft and phishing via the MOAB data. Read more

Jason’s Deli Breach Exposes Data of Over 350K Users in Credential Stuffing Attack

Jason’s Deli recently notified over 350,000 customers of a data breach from credential stuffing attacks on their website in December. Hackers used credentials obtained from external breaches to access accounts containing personal details like names, addresses, phone numbers and reward points. The company is prompting password resets and restoring any points used improperly due to breached accounts. Read more

Veolia North America Water Service Provider Hit by Ransomware Attack

Veolia North America, a major water services provider, was hit by a ransomware attack affecting their online billing systems. The company took immediate action to contain the breach by shutting down backend systems. Normal payment operations have resumed and critical infrastructure was unaffected. Some individual data was compromised and Veolia is working with experts to fully assess the impact. Read more

SEC Says Sim Swapping Attack Caused X Account Hack

SE confirmed that the SEC’s X account hack was due to a SIM swapping attack, whereby the hacker gained control of the phone number linked to the account. They then used this access to reset passwords and tweet falsely claiming SEC approval of Bitcoin ETFs. The SEC is investigating with carriers how the SIM swap occurred given lack of MFA on the account. Read more

loanDepot Cyberattack Results in Data Breach of 16.6 Million

Mortgage lender loanDepot was hit by a ransomware attack on January 6th, resulting in the theft of sensitive personal data for over 16.6 million customers. Systems were shut down to contain the breach, though payments continued with delays. loanDepot confirmed the incident and will provide affected individuals with credit monitoring. They have yet to specify what exact data was taken in the massive data breach. Read more

Ukraine’s Monobank DDoS Attack Hits ‘Non Stop’ and Cripples Bank’s Operations

Ukraine’s largest mobile-only bank, Monobank, was hit by a massive DDoS attack over the weekend, with over 580 million service requests in just 3 days according to their CEO. This attack crippled Monobank’s operations and is part of a series targeting Ukrainian financial institutions. No issues were reported by app users. The bank did not disclose the attackers but such targets face frequent cyberattacks amid wider conflict with Russia. Read more

CISA Issues Emergency Directive on Ivanti Zero-Day, Demands Immediate Action from Federal Agencies

CISA issued an emergency directive demanding federal agencies take immediate action regarding two actively exploited zero-day vulnerabilities in Ivanti’s Connect Secure and Policy Secure products. Threat groups have compromised over 2,100 devices to deploy cryptominers and other malware payloads. The vulnerabilities allow network navigation, data extraction, and installing backdoors. Read more

Tietoevry Ransomware Attack Causes Widespread Disruptions for Swedish Customers, Akira Ransomware Behind the Incident

Finnish IT services provider Tietoevry experienced a ransomware attack affecting one of its data centers in Sweden. The incident disrupted services for customers in the region and was caused by the prolific Akira ransomware group. Major Swedish companies and government agencies relying on Tietoevry faced outages to payroll, HR, and health systems. Tietoevry is working to restore services while investigating the ransomware attack in coordination with police. Read more

Trezor Security Breach Affects 66k Users in a Phishing Scam

Hardware wallet manufacturer Trezor reported that contact details for around 66,000 users were exposed due to unauthorized access to a third-party support portal. 41 users received phishing emails directly, while 8 others had accounts on the compromised platform. No funds were stolen but Trezor warned of increased phishing risk and is investigating the breach along with the vendor to improve security. Read more

Ukraine Blackjack Hackers Steal 500 Russian MoD’s Objects

Ukrainian hacker group Blackjack, believed to be associated with Ukraine’s security service, breached a Russian state enterprise responsible for military construction, stealing over 1.2TB of data including details on 500 defense sites. The hackers reportedly encrypted 150 computers and took down 7 servers, dealing a significant blow. Read more

Kansas State University Cyberattack Disrupts Email, Phone, Payment Systems

Kansas State University suffered disruptions to email, phone, and payment systems due to a cyberattack. Investigations revealed the disruptions resulted from a cyberattack. Systems were taken offline and experts were engaged to assist the investigation. Daily news emails were temporarily restored with delays. The full scope remains under review, though no ransomware group has claimed responsibility yet. The university is working to restore normal operations. Read more

Bigpanzi Botnet Targets 170k Android TV Set Top Boxes with Bigpanzi’s Custom Malware

Researchers report that the Bigpanzi cybercrime gang has built a 170,000-device botnet infecting Android TV boxes and set-top boxes globally since 2015 using custom malware. The gang exploits devices and tricks users into installing malicious apps to spread “pandoraspear” and “pcdn”, which hijack DNS, communicate with C2 servers, and turn devices into nodes for illegal streaming, proxy networks, and DDoS attacks. Over 1.3 million unique IPs have been associated with Bigpanzi since August. Read more

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!