Here’s your monthly roundup of the latest hacks and data breaches around the world. In this monthly series, I’ll share information and updates on the most recent hacks that I saw in the news, including causes, resolutions, and what you can do to protect your data.
Over the last several weeks, we saw what has now become the usual list of successful cyber attacks and data breaches across all industries, with government entities, cloud and microservices dominating the list.
The popular messaging service, Slack, had to reset thousands of users’ passwords after a data breach. Four years ago, hackers inserted code to log passwords as plain text as they were typed. After uncovering this data breach, Slack went ahead and changed the passwords of those impacted and will not reset another 100,000 users based on new info on the hack. If you are a slack user, I would reset your password as a precaution whether you know you were affected by these hackers or not. Read more.
Personal and financial data of almost 5 million Bulgarians has been stolen from the country’s tax agency and leaked online. With the country’s overall population at 7 million, almost every working citizen has been affected. Cyber attackers often target governments databases because of their valuable information and typically these breaches go unnoticed for months.In this case, there has been a cybersecurity worker arrested by the Bulgarian police in connection with the hack. Whether you are a privately held enterprise or the federal government, make sure your data is protected. Read more.
Magecart, a group of cyber criminal hackers, are using a shotgun approach to place digital card skimming code on sites. They found misconfigured Amazon S3 Buckets and were able to inject their skimming code at the bottom of every Javascript they found. The skimming code collects payment information on those website pages. Exposing customer’s data like this can hinge on your reputation and cost companies millions of dollars, especially with the GDPR regulations. Always be aware of the activity within your network. Read more.
Cloud hosting provider iNSYNQ underwent a ransomware attack that locked up customer files and data. A week after the incident the company is continuing to recover and restore their infrastructure. The malware was caught early, but it was still able to encrypt some files and the company is looking into if they are recoverable. Customers of iNSYNQ lost trust in their cloud provider and experienced a lot of negative feedback. Anytime your company goes through something like this, it is important to communicate with your clients about the recovery process and what the next steps are. Read more.
[Want to make sure your company’s data is secure? Download our whitepaper: Protecting the Data to learn how complete network visibility can be your greatest defense against hackers.]