Adobe left 7.5 million Creative Cloud user records exposed online

 

  • The basic customer details of nearly 7.5 million Adobe Creative Cloud users were exposed on the internet inside an Elasticsearch database that was left connected online without a password.
  • The exposed details primarily included information about customer accounts, but not passwords or financial information.
  • This leak is nowhere as severe as the infamous 2013 Adobe breach, where hackers obtained full records, including encrypted payment details, for nearly 38 million Adobe users. At the time, the Adobe breach was one of the biggest hacks ever.

*Source: ZDnet, October 26, 2019

 

Italian Financial Service UniCredit Discloses Data Breach Affecting 3 Million Customers

 

  • Two The Italian bank and financial service provider firm UniCredit has recently confessed to a data breach. The incident happened around four years ago and exposed 3 million records.
  • According to their press release, the company noticed a data file impacted during the incident having around 3 million records. However, the extent of the incident remained limited to Italian customers only.
  • The company has also fallen a victim to a third-party data breach earlier this year. Specifically, the ransomware attack on the German IT firm CITYCOMP also affected UniCredit along with other CITYCOMP clients.

*Source: LatestHackingNews, October 29, 2019

Indian nuclear power plant’s network was hacked, officials confirm

 

  • The Nuclear Power Corporation of India Limited (NPCIL) has acknowledged today that malware attributed by others to North Korean state actors had been found on the administrative network of the Kudankulam Nuclear Power Plant (KKNPP). The admission comes a day after the company issued a denial that any attack would affect the plant’s control systems.
  • The malware in question, named Dtrack by Russian malware protection company Kaspersky, has been used in widespread attacks against financial and research centers, based on Kaspersky data collected from over 180 samples of the malware. Dtrack shares elements of code from other malware attributed to the Lazarus threat group, which, according to US Justice Department indictments, is a North Korean state-sponsored hacking operation. Another version of the malware, ATMDtrack, has been used to steal data from ATM networks in India.

*Source: ArsTechnia, September 30, 2019

Data Breach Hits 22 Million Web.com, Register.com, Network Solutions Accounts

  • The companies said they became aware of the breach on October 16, but the intrusion apparently took place in late August 2019. The hackers accessed a “limited number” of computer systems that gave them access to account information for current and former customers.
  • Network Solutions, Web.com and Register.com have started notifying impacted customers via email and their websites, and they have also reported the incident to federal authorities. A cybersecurity firm has been called in to help determine the scope of the hacker attack.

  • Web.com informed customers in August 2015 that hackers had managed to steal personal information and credit cards associated with approximately 93,000 accounts after breaching a server.

*Source: Securityweek, October 30, 2019

More than 28 million Canadians impacted by a data breach in past 12 months: privacy watchdog

 

  • One year after Canadian businesses became subject to mandatory data breach reporting, the country’s federal privacy watchdog says reports of breaches have dramatically increased, with their figures suggesting more than 28 million Canadians have been affected by a data breach in the past year.

  • The OPC also saw a “significant rise” in breaches that affect a small number of people — often only one person and “sometimes through a targeted, personalized attack.”

*Source: GlobalNews, November 2, 2019