Bitglass Security Spotlight: Domains Used to Target Microsoft Users

by Molly Hickman-Smith on December 4, 2019

Newspaper Icon with News Title - Red Arrow on a Grey Background. Mass Media Concept.

Here are the top stories of recent weeks:

Phishing Campaign Targets Office 365 Admins
T-Mobile wireless customers’ private data compromised in recent security breach
Total of 1.2 Billion Records in a Single Online Server Exposed
PayMyTab Mobile Diners’ Personal Information Leaked
Macy’s suffers online data breach stemming from card-skimming attack

Phishing Campaign Targets Office 365 Admins

A new phishing campaign, designed to bypass reputation filters, is targeting Office 365 security experts by using legitimate sender domains to bypass reputation filters. Malicious emails were being sent out as part of the campaign across a wide variety of industries and enterprises. It is likely that the administrators were targeted because they have visibility and control over all email accounts on a domain. Gaining unauthorized access to administrator account would result in a “complete takeover” of all email accounts on that domain.

Sponsorships Available

T-Mobile wireless customers’ private data compromised in recent security breach

T-Mobile prepaid wireless customers’ accounts were compromised in what is being called a “criminal hack,” which allowed access to sensitive data. Around 20.8 million of the total 84.2 million T-Mobile customers have these prepaid wireless accounts. Law enforcement was informed of the breach, which led to the exposure of personal information such as names, billing addresses, phone numbers, account numbers, and wireless plan information. While they are a serious threat to organizations’ security, hacks of this nature shed light on the importance of cloud security.

Total of 1.2 Billion Records in a Single Online Server Exposed

In October, a dark web researcher by the name of Vinny Troia discovered a mass of 1.2 billion records completely exposed on an unsecured server. Troia found the server on the black market, and it included stolen information such as social media profiles (Facebook, Twitter, LinkedIn, and Github), work histories scraped together from LinkedIn, almost 50 million unique phone numbers, and 622 million unique email addresses. This information is used by identity thieves, phishers, and other cybercriminals for identity theft, unauthorized access to finances, and other cybercrimes.

PayMyTab Mobile Diners’ Personal Information Leaked

Researchers reveal that an open AWS bucket led to PayMyTab customers’ sensitive and personal data being exposed. According to researchers from vpnMentor, PayMyTab pulls in data from customers for CRM and customer service improvement. However, this collected information was left unlocked and exposed. No official figures have been disclosed, but according to vpnMentor, ten of thousands of people have their personally identifiable information (PII) and financial data publically available.

Macy’s suffers online data breach stemming from card-skimming attack

The massive department store announced on October 15th that they detected a malicious code in their online payment portal. The cyberattack exposed information entered through the payment portal – including first and last names, addresses, ZIP codes, email addresses, payment card numbers, card security codes, and expiration dates. Known as a Magecart attack, hackers insert card skimming malware into legitimate e-commerce domains to steal personal information from customers. Macy’s responded to the attacks quickly, claiming that only a small number of customers fell victim to the attack.

To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below.