LeakBase Announces Swachhata Platform Breached, 16 Million User PII Records Exposed

Yesterday, data breach notification website Leakbase said someone allegedly hacked the Swachhata Platform in India and stole 16 million user records.

Security researchers at CloudSEK , reported the news as they discovered a post by Leakbase sharing data samples containing personally identifiable information (PII), including email addresses, hashed passwords and user IDs.

Earlier this week, an advisory published by CloudSEK reported that 6GB of compromised data from the  Swachhata Platform – an initiative in association with the Ministry of Housing and Urban Affairs of India – is being shared via a popular file–hosting platform.

“[Leakbase is] previously known from providing reliable information and data breaches from companies around the world,” wrote CloudSEK. “[Threat actors on the platform] often operate for financial gain and conduct sales on their marketplace forum Leakbase.”

The platform in 2017 was at the center of a massive data breach at Taringa, a Reddit–like social network website for Latin American users.

Further to this, CloudSEK said Leakbase users often offer access to admin panels and servers of several content management systems (CMSs), allegedly gained via unauthorized means and sold for monetary profit.

“This information can be aggregated to further be sold as leads on cybercrime forums,” the company wrote.

In addition, the security experts said the data could be harvested by threat actors to conduct phishing, smishing and social engineering attacks.

In order to mitigate the impact of attacks like this, CloudSEK recommended system administrators to implement a strong password policy and enable multi–factor authentication (MFA) across logins.

It’s recommended that vulnerable and exploitable endpoints should be patched, and user account anomalies that could indicate possible account takeovers monitored regularly.

To conclude, CloudSEK said companies should monitor cybercrime forums to keep up with the latest tactics employed by threat actors.

It appears that the alleged data leak comes days after Optus was hit by a cyber–attack that exposed the data of at least 10,000 Australians.

The post LeakBase Announces Swachhata Platform Breached, 16 Million User PII Records Exposed appeared first on IT Security Guru.

Over 8000 VNC instances left exposed, researchers find

Researchers have discovered 8000 exposed Virtual Network Computing instances, which could put numerous global organisations at risk of remote compromise. As a matter of fact, the instances were managed by critical infrastructure (CNI) organisations, who are responsible for water treatment plants, manufacturing plants and research facilities.

With disabled authentication, malicious actors have the ability to hijack certain endpoints and with it, the industrial control systems these may be connected to. This is because VNC is a cross-platform screen-sharing system, which allows users to remotely control another computer.

Etay Maor, Senior Director of Security Strategy at Cato Networks, comments; “VNCs are fundamentally appliances and each appliance needs to be carefully maintained, upgraded, and patched. It’s the same problem IT has long faced. Moving to a cloud-native SASE service allows critical infrastructure organisations to protect the infrastructure without compromising service delivery. They can apply virtual patches protecting internal infrastructure without having to actually update that infrastructure.”

The researchers warned that exposed VNC deployments could be exploited by malicious actors to sabotage, as well as to steal data, extort their victims and deploy ransomware. As such, all firms running VNC should work to immediately improve their security awareness training, review their access policies and ensure that appropriate firewalls are in place. Most importantly, all devices must be patched and continuously monitored in order to avoid falling victim to this particular attack.

The post Over 8000 VNC instances left exposed, researchers find appeared first on IT Security Guru.

Personal data of 69 million Neopets users exposed

The online pet website, Neopets, has confirmed it fell victim to a data breach, exposing the personal information of approximately 69 million users. The website’s source code was also stolen in the attack. Recently, Neopets launched NFTs, which are part of a plan to create an online Metaverse game, in which users can own, raise and play games with their virtual pets.

According to reports, the breach occurred on Tuesday and has since been attributed to a hacker known as ‘TarTaxX’, who began selling the source code and database on the dark web, charing approximately $94,000 in Bitcoin. The hacker has not revealed how they obtained access, however, they have confirmed that the data was not ransomed.

Tim Marley, VP Audit, Risk & Compliance at Cerberus Sentinel told the IT Security Guru that: “The failure to keep our stakeholder’s sensitive data confidential is coming with greater consequences for organizations in the United States.  Five states currently have privacy laws and another six have legislation at some stage of review.  At the end of the day, we shouldn’t need legislation to force us to examine the sensitive data in our possession and verify that we protect it at every stage of the data lifecycle.  We are the custodians of this data and owe it to our customers, clients, partners, and residents to verify that we always manage this information securely.  If we fail to do so, we stand to lose their trust and may incur significant financial and operational penalties as a result.”

Neopets members are strongly urged to change their passwords on any site with a similar or the same password as the one they used on the virtual game. Unfortunately, however, changing passwords on the Neopets site is not guaranteed to secure the account if hackers still have access to the servers, which in this instance holds true.

Marley continues: “I’m particularly concerned over the potential exposure of sensitive data for children under the age of 13.  While this site may not specifically cater to that age group, I believe it’s likely we’ll see a much greater consumption of these services by children.  If so, then we may see the FTC investigating under the Children’s Online Privacy Protection Rule (COPPA).”

Also commenting on the incident is Mike Varley, threat consultant at Adarma: “Responding to incidents such as these needs a finely tuned balance of speed along with remedial actions. Incident responders should be seeking to validate claims from the threat actor that they have “live” access to the database, that was reportedly confirmed by another user of the initial forum where the leak was posted. From there, responders will work backwards to identify both the point of initial access and any persistence mechanisms the actor may have installed.  Once identified, a remediation plan can be created that’ll involve multiple actions occurring simultaneously (or in rapid succession) designed to remove the adversary from the network, deny their access back into the environment, and monitor for any further resurgence in adversary activity.

He concluded that “lessons learned after the threat has been eradicated should be viewed by organisations as a way to improve, to build back better and a stark reminder to take the security of their environment, and their customers, very seriously by stopping history from repeating itself.”

According to a reddit user this is not the first data breach affecting the virtual pet world. As such, there is a Twitter account set up, which members can refer to for official updates from staff, and how to proceed if their data has been affected.

The post Personal data of 69 million Neopets users exposed appeared first on IT Security Guru.

Transplant Donor and Recipient Data Exposed by Healthcare Provider

The Virginia Commonwealth University Health System (VCU) has warned almost 4500 transplant participants about a privacy breach affecting the healthcare information.

The company warned that some transplant recipients’ medical records included information about their donor too. Some recipient information also appeared on donors’ records too. In some cases, this information has been exposed since 2006.

The information visible included Social Security numbers, names, and medical record numbers, amongst other things. In total, 4441 people were affected.

VCU warned that “this information may have been viewable to transplant recipients, donors, and/or their representatives when they logged into the recipient’s and/or donor’s patient portal.”

The discovery was made by VCU on 7th February this year. More information was discovered in April. The statement added that the information had been accessible to donors and recipients as far back as 2006.

The organisation has contacted affected individuals where possible and has offered free credit reports to anyone whose social security numbers were stolen.

Chad McDonald, CISO at Radiant Logic explained: “Proper data classification and controls should have identified that this information was sensitive, and that users should not have access to other peoples’ medical records.”

The post Transplant Donor and Recipient Data Exposed by Healthcare Provider appeared first on IT Security Guru.