Here are the top stories of recent weeks:
- Ransomware Attack Results in Pharmaceutical Data Leak
- Chegg Suffers Breach for the Third Time Since 2018
- Fitness App Exposes Over 42 Million User Records
- Over Two Million Card Transaction Records Exposed in Leaky Server
- With Over 160k Compromised Accounts, Nintendo Shuts Down Portal
ExecuPharm, an American pharmaceutical giant, recently became the latest victim of a ransomware attack. This led to the exposure of sensitive information including Social Security numbers, financial information, driver licenses, passport numbers, and more. The data was released on a site on the dark web associated with the CLOP ransomware group. The threat actors commented on the attack, stating that pharmaceutical companies will not be the only ones who benefit from the current pandemic.
The educational tech leader asserts that it has recently been breached, resulting in over 700 employee records being exposed. The data includes current and previous employee Social Security numbers and names. This is Cheggs third breach in two years, one of which yielded 40 million customer records. As such, security analysts have attempted to contact the organization, however, A spokesperson for Chegg did not respond to a request for comment.
Kinomap, a fitness company that enables users to create and share interactive workout videos on its platform, accidentally exposed a server that contains user personally identifiable information (PII). The investigation concluded that data entries included access keys to the Kinomap API, which threat actors could then use to hijack accounts and lock out the owners. According to the firm, the shelter-in-place order could be responsible for the spike in breach attempts on fitness applications, which have seen an increase of new users in recent months.
Paay, a New York based card payments processor, exposed a massive database storing millions of credit card transactions. An investigation concluded that there was no password on the server, which granted anyone access to the database. The database contained daily records of card transactions dating back to September 1, 2019 from a number of merchants. Each transaction contained the full plaintext credit card number, expiry date and the amount spent.
During the month of April, over 160k Nintendo 3DS and Wii users were affected in a breach that exposed their personal information, including D.O.B, payment information, and email accounts. An investigation ensued after numerous complaints regarding unwarranted in-game purchases were reported. Nintendo is still trying to get to the bottom of how the parties gained access to the NNID info. It has been asking for users to submit feedback in an attempt to locate the source of the breach.
To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below.