Bitglass Security Spotlight: G Suite User Passwords Stored in Plaintext

Here are the top cybersecurity stories of recent weeks:  

• G Suite User Passwords Stored in Plaintext Since 2005
• Contact Data of Millions of Instagram Influencers Exposed
• Rogue Iframe Phishing Used to Steal Payment Card Information
• London Commuters to be Tracked Through the Use of Wi-Fi Hotspots
• Thousands of Tp-Link Routers at Risk of Hijack

G Suite User Passwords Stored in Plaintext Since 2005

Google has recently disclosed that a number of their enterprise G Suite customers had their passwords stored in plaintext. The discovery was announced this past Tuesday, but Google did not specify the exact amount of accounts that were affected. Passwords encrypted by the use of hashing algorithms, which hinder humans from reading them. Google was able to highlight the issue of plaintext copies of passwords for accounts by discarding the original passwords and recovery settings prior to G Suite in 2005. The affected accounts had their passwords reset, and Google claims that no additional data has been compromised.

Sponsorships Available

Sponsorships Available

Sponsorships Available

Contact Data of Millions of Instagram Influencers Exposed

A database containing 49 million records belonging to Instagram influencers was recently breached. The Amazon Web Services hosted database was unprotected, leaving it accessible to anyone who knew how to find it. The personally identifiable information (PII) found on the database included names, locations, email addresses, and phone numbers. Anurag Sen, a security researcher, discovered the database and was able to trace it back to Chtrbox – a marketing team operating out of Mumbai. Chtrbox reported that the database was open for 72 hours, but that only 350,000 users were affected. The information has since been removed from Shodan – a search engine for exposed databases.

Rogue Iframe Phishing Used to Steal Payment Card Information

Iframe-based phishing systems have been increasingly implemented in the efforts to steal payment card industry (PCI) data. A security researcher has discovered that hackers are using a phishing system to swipe credit card numbers. Magecarts would previously insert JavaScript-based payment data skimmers into the codes of websites to steal information. Segura remarks that hackers are plaguing Magento checkout websites with the phishing script. Since then, shoppers have been warned to pay close attention to checkout phases as phishing scripts have left behind small red flags, such as redirecting them to different websites after placing an order.

London Commuters to be Tracked Through the Use of Wi-Fi Hotspots

Transport for London (TfL), a UK travel agency, is planning to enforce a system that would track commuters using Wi-Fi hotspots throughout London’s underground transportation. The agency has said this effort is being made in hopes of better understanding where and how commuters are traveling. According to TfL, only connection requests to hotspots are to be recorded, but not search history or any other activity on the passengers devices. TfL will be using the data to grasp where to invest in transportation budgeting and to provide improved customer services such as delay and congestion guidance. In a four-week trial test back in 2016, TfL recorded over 509 million pieces of data, giving the agency a massive amount of feedback on how journeys are completed across the network.

Thousands of Tp-Link Routers at Risk of Hijack

A bug which allows control through remote access has made thousands of Tp-Link routers susceptible to cyberattacks. The exposure has allowed any intruder to gain access to affected routers by simply using default passwords. Security researcher, Andrew Mabbitt, first disclosed the bug to Tp-Link in October 2017, but the router manufacturer took longer than a year to roll out patches to solve the issues. Modifications of certain router settings can have adverse effects on a network and could lead users to malicious websites.