Security experts insist on employing phishing prevention best practices as countless phishing attacks are launched by cyber adversaries every day. Lack of preparedness among unsuspecting users is what makes hacker groups more confident in launching more and more cyber attacks. Hence, here are the top data breaches from the bygone week to help you make smarter choices when it comes to avoiding phishing campaigns and other such attacks.
Luxottica Discloses Data Breach To Customers
In September, World’s largest eyewear company Luxottica underwent a Nefilim ransomware attack that compromised data belonging to its finance departments and personnel office. Now Luxottica has disclosed another data breach that happened sometime in August. They discovered the security breach in their appointment scheduling application on 25th August, which compromised some patient information.
The exposed information includes patients’ personally identifiable information (PII) and protected health information (PHI). In some cases, it also included the credit card numbers and social security numbers of patients. As part of its phishing prevention scheme, Luxottica has extended a free two-year identity monitoring service to victims. They also advise patients to adopt anti-phishing measures and watch out for suspicious activities in their accounts.
Prestige Software Leaks Data Of Global Hotel Bookers
Prestige Software is a firm assisting hotels to handle their bookings on top booking sites. However, researchers at Website Planet recently discovered a misconfigured AWS S3 bucket belonging to Prestige Software, which was left unprotected online. The resultant data breach exposed the sensitive information of millions of global customers of websites, including Agoda, Amadeus, Booking.com, Hotels.com, Expedia, Hotelbeds, Omnibees, and Sabre.
Experts believe that the database has been publicly available online at least since mid-July; it was reported only in September. An estimated 24.4 GB of data, with over 10 million files were compromised in this breach. Customers who traveled even in 2013 stand a chance of having their data exposed. The affected customer details include full names, email addresses, phone numbers, NIC numbers, hotel reservation number, date and duration of stay, credit card credentials, etc. While Prestige Software should be ready to pay a huge penalty, customers are advised to protect themselves from phishing by taking necessary security measures.
Data Breach Hits Bigbasket
The Alibaba Group and Mirae Asset-Naver Asia Growth Fund sponsored Indian e-grocery store BigBasket recently underwent a data breach, which has exposed the details of over 20 million of its users (a 15 GB SQL file). The breach has been reported by researchers at Cyble, who list the database contents to be the names, email IDs, hashed passwords, phone numbers, addresses, DOBs, location, IP addresses, etc. The breach probably happened on 14th October, but the customers were notified only on 7th November.
Shoppers who made purchases from BigBasket in the past are advised to take measures for protection against phishing, change their passwords, and closely monitor their bank accounts for suspicious activities.
Ransomware Hits Laptop Manufacturer Compal
The world’s second-largest laptop manufacturer Compal recently underwent a ransomware attack. The DoppelPaymer ransomware gang is suspected to be the threat actor responsible. Although the attack has impacted only Compal’s internal computer network, work remained at a halt for the weekend. The employees were instructed by the IT department to back up unencrypted files on their system.
However, Compal’s Deputy Manager Director Qingxiong Lu, has denied a ransomware attack. He only mentioned that the enterprise underwent a security breach and is facing internal abnormalities. Measures are now being taken to prevent phishing attacks and restore encrypted systems.
Hacker Sells 5.8 Million Reddoorz User Records
The hotel management & booking platform RedDoorz underwent a data breach in September, where third parties accessed one of their databases. RedDoorz notified then that there was no evidence for them to believe any sensitive information was leaked or misused, but a database has been put up for sale on the dark web now, which is believed to be RedDoorz’s.
The adversaries are selling a RedDoorz database with 5.8 million user records and have even attached a sample database containing 587 user records. The compromised details include a user’s full name, email, gender, bcrypt hashed password, link to profile photo, phone number, date of birth, and occupation. Although no financial information was involved in this breach, users are advised to take anti-phishing protection seriously and change their passwords as early as possible. Users must further ensure the use of unique and strong passwords for all their accounts.
Beware Of Free Gift Hampers from Cadbury
A group of scammers is tricking people into divulging their personal and financial details using Cadbury’s free gift hampers as bait. These scammers have a fake Facebook Group with Cadbury’s official logos spoofed into their so-called Cadbury Rewards campaign. They tell people that Cadbury is sending out a hamper to anyone who replies to their post before midnight to mark their 126 years of existence.
The scammers have played smart and even included messages from fake ‘Managers’ at Cadbury. Victims are taken to a Cadbury phishing page upon clicking the link where they are asked to enter their details such as names, addresses, phone numbers, email addresses, bank credentials, etc. Cadbury owner Mondelēz has clearly stated that they have launched no such campaigns or giveaways. While Cadbury is doing its part to get rid of this scam, users must be rational and adopt necessary anti-phishing solutions before believing random giveaways to be true and giving out their PII.
Sandicliffe Customers To Stay Vigilant
Sandicliffe Motor Group underwent a data breach in February, which was immediately reported to the Information Commissioner’s Office (ICO). Sandicliffe Motor Group, too, took anti-phishing measures and notified customers and employees about the same. But a recent analysis by specialists at CEL Solicitors reveals that thousands of employees (current and past) and customers may have been affected in the Sandicliffe breach. Since the damage is much more extensive than anticipated, all customers are advised to monitor their bank accounts constantly and report any suspicious activity to the authorities.
Data Breach Hits Animal Jam
Online gaming world for kids, Animal Jam recently underwent a data breach that they had investigated and stopped. However, a recent database put up for sale on the dark web by threat actors reveals that a lot of user records from the Animal Jam breach were compromised without their knowledge. As many as 46 million user records were put up for sale, but Animal Jam claims that this is only a subset of all the user data stored with them since 2010.