Week 27 Cyberattack Digest 2018 – Adidas, Facebook, Timehop and others
We are not breaking with the tradition of posting our cyber attack week digest. So, let’s move on to the latest incidents of the week 27.
Even coffee is not secure enough
Whitbread, the parental company of several businesses including Costa Coffee, Premier Inn, Brewers Fayre, Beefeater and other UK chains, announced about a security breach. The hospitality chain representatives informed that critical data of job applicants who used PageUp’s clients was presumably affected by the breach as well as the records of the ones who were listed as employment reference. The company declined to mention exact number of the people affected, still it stated that it had notified all affected parties.
Better not choose Adidas this time
No surprise that attackers keep eye on the trends, as the more a company is surrounded by hype, the more data can be exposed. So was the latest attack on the Adidas website. The popular sportswear retailer experienced an espionage attack on its website. The company warned about a breach all the costumers that had made purchases via adidas.com/US. The exposed data might have exposed contact information, usernames and encrypted passwords, still there is no evidence that any credit card or personal fitness information has been exposed. Fred Kneip, CEO at CyberGRX, commented that retail websites became a fertile hunting ground for hackers interested in customers’ personal data recently.
Facebook quizzes expose data
by The Public Service News Website – 2 July 2018
NameTests, developer of Facebook quizzes, is said to have exposed the personal data of about 120 million Facebook users. German app maker Social Sweethearts that stands behind NameTests, created several social quizzes, such as “Which Disney Princess Are You?”, and spread them on Facebook. The quizzes had up to 120 million monthly users on the platform. Applications were collecting Facebook data including names, dates of birth, photos, and friend lists and converting them in JavaScript files. The researcher Inti De Ceukelaire declared that nametests.com, the site behind the Facebook apps, just fixed a flaw that was guilty in exposing data. “In a normal situation, other websites would not be able to access this information. Web browsers have mechanisms in place to prevent that from happening. In this case however, the data was wrapped in something called javascript, which is an exception to this rule,” De Ceukelaire said.
Millions of Timehop’s accounts are compromised
by Bleeping Computer – 9 July 2018
Sadly, a Facebook quiz flaw was not the only one security incident involving applications recently. Timehop mobile application also announced a security breach that exposed over 21 million users’ data. The malefactor stole the access keys for all 21 million users, still not all the affected ones had an email address or phone number attached to the account. The application developer declared that it had de-authenticated all the affected accounts so that there would be no possibility for the attacker to use any of the stolen access keys to retrieve the information from its users’ third-party social media account like Facebook, Twitter, or Instagram.
The week was overloaded by data leakages and the recent incidents clearly demonstrate once again that attack tend to choose the victims that possess large amounts of personal data. As always, follow us on Twitter, Facebook, and LinkedIn.
The post Week 27 Cyberattack Digest 2018 – Adidas, Facebook, Timehop and others appeared first on ERPScan.
