Domain registrar Epik confirmed last week in a tweet that “unauthorized third parties” accessed and downloaded customer account information. “We have identified the cause of the incident and are working towards full resolution,” the company added. The statement came about a week after hactivist group Anonymous leaked 180 GB of stolen data from Epik’s servers, including over 15 million email addresses belonging both to customers and non-customers of Epik. According to emails seen by Ars Technica, Epik alerted customers that impacted personal data may include payment information such as credit card numbers, registered names, usernames, emails, and passwords.
Epik was also storing on its servers a collected amount of data it had scraped from WHOIS, and that data was also included in the breach, meaning many users exposed had no direct connection to Epik, a a web services provider known to serve right-wing clients including the Texas GOP, Parler, and 8chan. “Sadly this is yet another data leak,” commented Avast Security Evangelist Luis Corrons. “All users have to be aware that as long as you have registered yourself in any online service, it is likely that some of your data is already public. That’s why it is so critical to use different passwords and activate 2FA.”
14 accused of identity theft in rideshare and delivery app scheme
The U.S. Department of Justice charged 14 Brazilian nationals, most living in Massachusetts, with identity theft in a nationwide rideshare and delivery app fraud scheme. According to The Verge, court documents outline a complicated fraud scheme involving social security numbers bought on dark web sites, driver’s license scans tricked out of unsuspecting customers, bots posing as real people behind accounts, and drivers spoofing GPS so rides seem longer than they actually are. Prosecutors say the alleged scam ring created fake drivers’ accounts using the stolen personal information, then sold those accounts to otherwise unqualified drivers, while also collecting referral bonuses.
“Elon Musk Club” – the newest cryptocurrency scam
Phishing scams have been taking advantage of the cryptocurrency hype for months, and the latest in this trend is a phony cryptocurrency giveaway circulating in email spam and posing as the “Elon Musk Mutual Aid Fund” or the “Elon Musk Club.” Users are promised free bitcoin through a pyramid scheme hosted by the founder of Tesla and SpaceX. After setting up an account, users are taken through a series of pages that make it look as though other members are donating .001 bitcoin into their account. When the count reaches .055 bitcoin, the user is asked to donate .001 bitcoin to a “random user” in order to fully receive the .055 bitcoin. Once the user does that, of course, they become a victim, and the scammers make off with the money. The user never receives .055 in bitcoin. For more, see Bleeping Computer.
Home computing pioneer Sir Clive Sinclair dies at 81
Sir Clive Sinclair, pioneer of the home computer era, died this week at 81 years old in his home in London. Sinclair invented many pocket electronics, but he is best known for his line of ZX computers, which revolutionized the industry by selling at about a fifth the average cost of other home computers during that period. Its main competitor was the Commodore 64. Sinclair is also remembered for some of his less popular inventions, like the Sinclair C5, an electric trike that performed poorly with reviewers and consumers. “It was the ideas, the challenge, that he found exciting,” Sinclair’s daughter told The Guardian. Sinclair is survived by his three children, five grandchildren, and two great-grandchildren.
CDC study finds online risk factors can lead to suicide-related behavior
In an investigation published this week, the CDC said that it found that suicide-relateed behavior among the youths in the study was associated with one or more of eight online risk factors: cyberbullying, violence, drug-related content, hate speech, profanity, sexual content, profanity, and low-severity self-harm content. “It’s important that we pay attention to and really understand the new online risk factors that children are facing today in order to strengthen our prevention efforts,” lead author of the report, Dr. Steven Sumner, commented. For more on this story, see ZDNet.
This week’s ‘must-read’ on The Avast Blog
The Avast Foundation is fighting alongside global citizens for a more equitable and inclusive digital future. We’re proud to have supported the 2020 National Diversity Awards as a sponsor of the LGBT Role Model Award.
*** This is a Security Bloggers Network syndicated blog from blog.avast.com EN authored by Avast Blog. Read the original post at: https://blog.avast.com/epik-data-breach-impacts-15-million-users-avast