Alert
TT Show Episode 55 - Arrow Lake, GeForce RTX 5070, and Google's Pixel smartphone tracking

Hacking, Security & Privacy

All the latest Hacking, Security & Privacy news with plenty of coverage on new data breaches and leaks, new hacks, ways to protect yourself online & plenty more.

Follow TweakTown on Google News

Internet Archive hit by 'catastrophic' hack private user data of millions now exposed

Jak Connor | Oct 11, 2024 12:31 AM CDT

The Internet Archive was hit with a Distributed Denial-of-Service (DDoS) Attack on Wednesday afternoon, resulting in the service being knocked offline on Thursday.

Internet Archive hit by 'catastrophic' hack private user data of millions now exposed

Brewster Kahle, the founder and digital librarian of the Internet Archive, confirmed the platform experienced a major outage due to DDoS attacks, which resulted in the "defacement of our website" and a major breach that exposed 31 million user accounts. The breach exposed the usernames, emails, and bcrypt password hashes of 31,081,179 archive users, with Kahle confirming the news in a new X post that stated the Internet Archive suffered from "defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords."

As for the defacement Kahle referenced, the hacker/s injected this message into the platform, "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!" HIBP is a reference to the website "Have I Been Pwned," which informs users if their account details have been leaked online due to a data breach. Moreover, HIBP did confirm the Internet Archive data breach, writing that 31 million records from Internet Archive users were stolen.

Continue reading: Internet Archive hit by 'catastrophic' hack private user data of millions now exposed (full post)

Casio confirms its suffering from a cyberattack forcing internal shutdowns

Jak Connor | Oct 10, 2024 12:04 AM CDT

It was only a year ago that Casio was forced to repel cyberattackers that were probing its digital infrastructure, but now according to the company it has detected a breach.

Casio confirms its suffering from a cyberattack forcing internal shutdowns

The company took to its Japanese website to officially announce that it had detected a security breach after conducting an internal investigation. The breach was detected on October 5, 2024, and the investigation found that the unauthorized access had caused a system failure, "resulting in the inability to provide some services." Casio has already reported the breach to authorities and brought in a third-party security firm to investigate the breach and determine if customer data was stolen.

Judging by the hiring of a third-party security firm to look for any stolen files, it appears the breach may have been a ransomware attack. However, Casio hasn't confirmed that any data was stolen. Additionally, no ransomware groups have claimed responsibility for the hack.

Continue reading: Casio confirms its suffering from a cyberattack forcing internal shutdowns (full post)

Google Pixel smartphone busted sending private user data back to Google every 15 minutes

Jak Connor | Oct 5, 2024 1:02 AM CDT

UPDATE - "User security and privacy are top priorities for Pixel. You can manage data sharing, app permissions and more during device setup and in your settings. This report lacks crucial context, misinterprets technical details and doesn't fully explain that data transmissions are needed for legitimate services on all mobile devices regardless of the manufacturer, model or OS, such as software updates, on-demand features and personalized experiences," emailed a Google spokesperson

Google Pixel smartphone busted sending private user data back to Google every 15 minutes

A new report from Cybernews has focussed on the web traffic between Google and its latest flagship smartphone, the Google Pixel 9 Pro XL.

The report states that cybersecurity researchers at Cybernews analyzed the Pixel 9 Pro XL's web traffic and determined that even before any app is installed, the smartphone sends private user data back to Google servers. More specifically, the analysis found "Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google" and within this packet of data is private information such as a users email address, phone number, location, network status, and other telemetry data.

Continue reading: Google Pixel smartphone busted sending private user data back to Google every 15 minutes (full post)

Warnings issued after world-first Google Play Store app drains $70,000 from victims

Jak Connor | Sep 26, 2024 10:31 AM CDT

Keeping an ear to the ground in the world of scams can really benefit people whose lives are plugged into the digital world, particularly if they are involved in storing/trading digital assets such as cryptocurrency.

Warnings issued after world-first Google Play Store app drains $70,000 from victims

The cryptocurrency community is no stranger to scams of various kinds, but now researchers are sounding the alarm on a new type of scam that's been described as a world first. According to a report from investigators at Check Point Researchers (CPR), an app called WalletConnect appeared on the Google Play Store. WalletConnect assumed the identity of the legitimate app with the same name, but did come with some adjustments.

The fraudulent WalletConnect app was marketed to consumers as able to solve many of the problems voiced about the legitimate WalletConnect app. Additionally, the legitimate app wasn't on the Google Play Store, which meant when users when to search for WalletConnect they were presented with the malicious app. More than 10,000 people downloaded the app, and according to CPR approximately 150 wallet addresses were drained of their contents.

Continue reading: Warnings issued after world-first Google Play Store app drains $70,000 from victims (full post)

FBI scares Chinese government-linked botnet operators into burning down their own network

Jak Connor | Sep 25, 2024 2:36 AM CDT

The Federal Beureua of Investigations (FBI) has said that it's pursuit of a China-based botnet resulted in Chinese operators of the botnet "burning down" their network once they figured out the FBI was on to them.

FBI scares Chinese government-linked botnet operators into burning down their own network

The botnet consisted of 260,000 various internet-connected devices that were used to gather intelligence on critical US infrastructure, government operations, academics, and more. Notably, the botnet was operated by the "Integrity Technology Group," who FBI director Christopher Wray said is linked to the People's Republic of China.

More than half of the total devices within the botnet were located in the United States, and following its discovery, the National Security Agency (NSA) and the FBI were called in to intervene. Wray said it was "all hands on deck" and after gaining court authorization, US officials took control of the botnet servers, which prompted a response by the People's Republic of China-linked group.

Continue reading: FBI scares Chinese government-linked botnet operators into burning down their own network (full post)

Planned Parenthood hack may expose millions of people's sensitive health data

Jak Connor | Sep 8, 2024 3:06 AM CDT

A branch of Planned Parenthood has confirmed a ransomware group has gained access to it systems and stolen millions of people's sensitive data.

Planned Parenthood hack may expose millions of people's sensitive health data

The CEO and president of Planned Parenthood of Montana, Martha Fuller, said in a recent statement to Recorded Future News the attack was internally discovered on August 28. Following the discovery the IT team at Planned Parenthood Montana responded by taking portions of their network offline, presumably as part of the investigation into the attack and to prevent any further known/unknown exploits in its system.

Fuller added that the organization is aware of the ransomware group known as RansomHub, which, upon a quick Google search, you will discover, is quite prolific in the space despite it only first appearing earlier this year. Reports indicate the hackers made off with 93GB of data, but when a spokesperson from Planned Parenthood was asked what the contents of that data were, they declined to comment.

Continue reading: Planned Parenthood hack may expose millions of people's sensitive health data (full post)

Hackers might have stolen social security data of ALL Americans, around 2.9 BILLION records

Anthony Garreffa | Aug 14, 2024 8:23 PM CDT

A member of a hacking group is selling the personal Social Security numbers and other sensitive data to ALL Americans, with 2.9 billion records available online... for free.

Hackers might have stolen social security data of ALL Americans, around 2.9 BILLION records

In a report from BleepingComputer, a hacking forum became active after a user posted on the forum saying they had a massive collection of documents from the data brokerage National Public Data (NPD). NPD, which doesn't disclose how it collects data on its website, reportedly gathers information from publicly available records to create individual profiles that are usually used by private investigators for things like background and criminal record checks.

It's not just US residents that have to worry, but the hack of 2.9 billion files includes private information on citizens living in the United Kingdom and Canada, including personal information from all three of those countries. 2.9 billion files is a LOT of data, we don't need to underline that, but we will.

Continue reading: Hackers might have stolen social security data of ALL Americans, around 2.9 BILLION records (full post)

200,000 students, staff and parents personal data exposed in recent hack

Jak Connor | Aug 13, 2024 2:27 AM CDT

An Arizona tech school has informed Maine's attorney general in a recently filed report that nearly 209,000 individuals' data was potentially compromised in a hacking incident earlier in the year.

200,000 students, staff and parents personal data exposed in recent hack

The tech school is East Valley Institute of Technology (EVIT), and according to the filing, the data of the 209,000 individuals is of current and former students, parents, guardians, and faculty. As for what data was leaked, reports indicate the compromised data included personal, health, and financial information.

The Register reports that nearly 50 types of personal information were stolen, such as student ID numbers, date of birth, race/ethnicity, grades, home phone numbers, email addresses, driver's license, health insurance information, medical information, allergy information, medical record number, passport numbers, prescription information and more.

Continue reading: 200,000 students, staff and parents personal data exposed in recent hack (full post)

Historic Donald Trump and Elon Musk interview on X hit by 'massive' DDOS attack

Jak Connor | Aug 12, 2024 8:36 PM CDT

Elon Musk teased an upcoming interview with former US President Donald Trump in X Spaces, and according to Musk the social media platform has been hit with a DDOS attack ahead of the interview going live.

Historic Donald Trump and Elon Musk interview on X hit by 'massive' DDOS attack

Ahead of the historic interview, Musk said he was performing system scaling tests to ensure that X servers could host all of the expected listeners. The interview is currently live at the time of writing, but it didn't go live until 40 minutes after the scheduled time of 8 pm ET, as the site was showing "not available" even though Musk said X tested its servers for 8 million concurrent listeners earlier in the day.

It was presumed that X went down from the massive traffic spike for the interview, but Musk, less than 10 minutes later, posted that X was experiencing a DDOS (distributed denial-of-service) attack. Musk said the interview would continue but with a "smaller number of concurrent listeners." It appears X was a victim of a targeted DDOS attack to prevent Musk and Trump from having their conversation. At the moment, there are 1.2 million people listening in on the conversation.

Continue reading: Historic Donald Trump and Elon Musk interview on X hit by 'massive' DDOS attack (full post)

4.3 million Americans are at risk of fraud after savings account data breach

Jak Connor | Aug 12, 2024 4:33 AM CDT

The Office of the Maine Attorney General has been informed of a data breach that has exposed sensitive data of 4.3 million customers.

4.3 million Americans are at risk of fraud after savings account data breach

According to HealthEquity, the data breach exposed the below sensitive data that of millions of Americans, with the fintech firm saying that not all of the categories listed contained data for every person. Reports indicate the breach occurred on March 9, 2024, and that it was detected on March 25. After the breach was discovered HealthEquity conducted an internal investigation on the origin of the hack, tracing it back to an online data storage location that became compromised.

The compromised location led to the unauthorized party gaining access to a "limited amount of data stored in a storage location outside our core systems." HealthEquity doesn't believe the stolen customer information has been used nefariously, and as compensation to affected customers, HealthEquity is offering a two-year complimentary credit identity, monitoring, insurance, and restoration services.

Continue reading: 4.3 million Americans are at risk of fraud after savings account data breach (full post)

Newsletter Subscription

Join the daily TweakTown Newsletter for a special insider look into new content and what is happening behind the scenes.

Newsletter Subscription