Here are the top stories of recent weeks:
- Over 40 Million Users Affected in Wishbone App Breach
- 25 Million College Students Are the Victims of Mathway Breach
- Airline Data Breach Results in Millions of Travel Records Exposed
- Home Chef, the Meal Kit and Food Delivery Service Was Hacked
- Hackers Deface More Than 2000 Sites, Attempting to Access User Webcams
Popular voting app, Wishbone, was the latest victim of a data breach that exposed the data of more than 40 million users. The hacker who claims responsibility is said to be giving the data away for free. This is Wishbone’s second strike in the past three years, with a 2017 breach that resulted in 2.2 million email addresses and over 300k cell phone numbers exposed. The leaked data revealed that upwards of 70% of the affected users were underage and female. The leaked data from the recent breach includes usernames, emails, phone numbers, location information and hashed passwords.
The popular math solving application that college students have been using for years was recently hacked, exposing more than 25 million user emails and passwords. This is one of many data breaches conducted by the hacker(s) , ShinyHunters. In this past year, the hacker(s) has been breaching organizations and selling their data on the dark web and internet hacking forums. Thus far, it is believed that the malicious actor(s) has sold access to more than 200 million user details. The Mathway data has been for sale since the beginning of May for the equivalent of $4,000 in cryptocurrency.
The U.K.’s largest airline, EasyJet, asserts that threat actors exposed the travel details of more than nine million customers, from which over 2000 customers also had their credit card information exposed. The ICO stated that it intended to fine British Airways $230 million after a data leak that exposed over 500k customers. The airline, which carried more than 28 million passengers prior to the pandemic, was also one of the first companies to ask the U.K. government for a bailout to avoid financial collapse in recent months.
Over 8 million user records have been leaked in a recent breach, after a hacker sold the data on a dark web marketplace. ShinyHunters claims responsibility for this data leak and is currently selling the user records for ten other companies as well. The threat actor is selling these databases for $500 to $2,500. The breached information includes users’ emails, encrypted passwords, payment card information, gender, age, subscription information, and more. Since then, Home Chef has issued a statement informing users of the incident and urging them to change their login information.
Thousands of Israeli websites have been defaced, showcasing anti-Israeli messages, including malicious code seeking permission to access visitors’ webcams. The threat actors are believed to have exploited a WordPress plugin to plant the defacement message on sites hosted on its platform. The attack was carried out by a group of nine hackers called the “Hackers of Savior” and it was timed specifically on a holiday. The organization claims it is working with Israeli authorities to investigate the hack.
To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below.