Govements across the world have declared cybersecurity to be a necessity and not an option. Phishing prevention is no longer a choice; it’s a need, and the following news headlines show exactly why protection against phishing is vital for an organization:
Hackers Leak 2.9 Crore Indian Records
Security firm Cyble recently reported that hackers have put up the details of 2.9 crore Indian job-seekers on the dark market for free. These records include the email addresses, phone numbers, home addresses, qualification and work experience of victims apart from several other details.
It is suspected that the data was leaked from a resume aggregator, but nothing is certain as yet. All the victims are advised to take phishing attack prevention measures. Often crimes like identity thefts, scams, and corporate espionage originate from such data breaches.
Details of 3.5 Million Zoomcar Users Compromised
Cybersecurity consultant Rajshekhar Rajaharia found last Saturday that a hacker has put up the details of 3.5 million Zoomcar users for sale on the dark web. These personal details include the names, email ids, passwords, mobile numbers and IP addresses of victims. Rajaharia revealed that the details were compromised in an attack which took place in July 2018.
The hacker is now selling the stolen records of 9 million Zoomcar users for $300. The hacker’s move after over a year of the breach shows his tactics at evading being tracked by law enforcement officials. While Zoomcar is yet to respond to the issue, users are advised to stay vigil and use necessary anti-phishing solutions.
Inteet Records of Thai Users Leaked
AIS – Thailand’s largest cell network had recently left a database unprotected online containing the inteet records of millions of Thai users. The database contained DNS queries and Netflow data and was discovered online by security researcher Justin Paine.
Though AIS has acknowledged its flaw, it has reassured that no sensitive personal information was compromised because of this database left public. They have now brought it down, but this negligence might have given hackers access to the real-time activities of a Thai household. After all, protection from phishing attacks cannot be ensured if the hacker is familiar with one’s actions online.
Indian Truecaller Details for Sale
An attacker has put up the Truecaller records of over 47 million Indians for sale on the dark web for a price as low as USD 1,000. Although a Truecaller spokesperson has vehemently denied considering even the possibility of such a breach, it is only wise for Truecaller users to remain vigil and take anti-phishing measures. Truecaller believes that the attacker has just compiled a random database and used the company logo to make his scam seem authentic.
The compromised data includes details such as phone numbers, gender, city, mobile network, and Facebook IDs of users.
Hacker Steals Shopify Data
In a recent attack, the attacker is selling the cryptocurrency wallet details of Keepkey, Trezor, Ledger and Bnktothefuture (among other virtual currency exchanges and forums) associated with people’s Shopify accounts. Three databases with email addresses, names, phone numbers, residential addresses and other details of over 80,000 customers are up for sale.
While Ledger is investigating the matter and taking measures to prevent phishing attacks, Shopify hasn’t found evidence of a possible hack.
Maze Publishes Card Details of BCR Customers
The operators of Maze ransomware operators have recently released the credit card details of 4 million Bank of Costa Rica (BCR) customers. The adversaries confessed to having hacked the network of Bank of Costa Rica Banco BCR back in August 2019. They also said that BCR’s system remained without anti-phishing protection measures at least until February 2020.
The Maze Ransomware operators stole over 11 million credit card credentials of BancoBCR before encrypting the files in August 2019. Now, they have released a 2GB spreadsheet with credit card details of BCR customers and claim to publish more information in the coming days.
Livejoual Breach Resurfaces After Six Years
The blogging platform LiveJoual underwent a security breach in 2014, and adversaries have been circulating the compromised database for years. But now, they are selling the database with passwords of LiveJoual users on the dark web.
After the 2014 breach, hackers have attempted to launch sextortion campaigns by using people’s old LiveJoual passwords. While LiveJoual never accepted that it had undergone a significant security breach, the attackers continued exploiting users via credential stuffing attacks even when they had switched to DreamWidth.
To protect themselves from phishing, users must immediately stop reusing the same password they used for their LiveJoual account. Frequently changing passwords and having unique passwords for all websites is also a smart phishing protection measure.
Data Breach at Arbonne Inteational
Califoia-based company Arbonne Inteational underwent a data breach in April 2020 which had made 3,527 Califoia residents vulnerable to cyber attacks. Arbonne has adopted the phishing prevention best practices by compelling affected users to change their passwords and providing them with free credit monitoring for a year.
The personal information of thousands of people is compromised nonetheless. The exposed details include names, email and mailing addresses, order purchase histories, phone numbers, and Arbonne account passwords of users.
Ransomware Hits NAFO
Halifax based inteational fisheries organization – Northwest Atlantic Fisheries Organization (NAFO) underwent a ransomware attack on May 24. Ever since its website has been down and it hasn’t put up a web-based data-sharing program, it was supposed to share for an annual science meeting.
The NAFO Secretariat is taking measures to ensure protection from phishing in future along with attempting to restore its systems.
HackerOne and Ethical Hackers
While the world is struggling to safeguard its online security, HackerOne is giving ethical hackers the incentive they need to come and work as cyber angels who save the world from cyber-attacks. HackerOne has paid over $100,000,000 to white-hat hackers as of May 26, 2020. These hackers create anti-phishing tools and have helped stop thousands of cyber attacks to date.
Surveys suggest that being a bug bounty hunter pays 2.7 times better than being a software engineer. Some of the hackers working for HackerOne have become millionaires doing what they do! As many as there are cyber villains, there are creative, ethical hackers as well, who will have eaed $1 billion in bug bounties over the next five years.