<img src="//pixel.quantserve.com/pixel/p-_JKXxuL8SR7wu.gif?labels=_fp.event.Default" style="display: none;" border="0" height="1" width="1" alt="Quantcast">
blog-banner.jpg

Next-Gen CASB Blog

Bitglass Security Spotlight: 419 Million Facebook Users Exposed

By Juan Lugo | September 23, 2019 at 4:56 AM
Newspaper Icon with News Title - Red Arrow on a Grey Background. Mass Media Concept.

Here are the top stories of recent weeks:  

  • 419 Million Facebook User Phone Numbers Leaked
  • A New Ransomware, Lilu, Has Infected 6,700 Web Servers 
  • A Large Scale Phishing Campaign is Luring in Victims From The Banking Sector 
  • Ring, Amazon’s Video Doorbell Company Shares Your Footage Indefinitely With Law Enforcement Agencies
  • An Exposed Web Server Containing Thousands of Job Seekers Resumes & CVs Was Found Online

419 Million Facebook User Phone Numbers Leaked

According to Zack Whittaker, a TechCrunch security editor, there’s an exposed server that contained Facebook account ID numbers, among other personal information such as gender and phone numbers – for more than 419 million users. The affected accounts are said to belong to individuals in the United States, the United Kingdom, and Vietnam. The exposed data set is said to have been accounted for more than a year ago. However, it remained visible online until TechCrunch representatives contacted the web host in order to have the database pulled offline. It may seem like overkill but the information contained within the data set is enough to expose the victims to SIM-swapping attacks and at a minimum, spam calls. 

A New Ransomware, Lilu, Has Infected 6,700 Web Servers 

Since mid-July, Lilocked (or Lilu), has been demanding infected Linux-based systems to pay a ransom of .03 BTC (Bitcoin) in order to gain access to their encrypted files. If users refuse to pay the ransom estimated at around $325 USD, they permanently lose their files within seven days. Currently, it is unknown how the Lilu threat actor(s) gained access to and breached the servers. However, the speculation is that Lilu targets Linux-based systems running outdated email software. It’ll be interesting to see how this unfolds over the weeks, to gain a better understanding of how these malicious actors gained access to the servers.   

A Large Scale Phishing Campaign is Luring in Victims From The Banking Sector 

Cofense, the leading provider of human-driven phishing defense solutions worldwide, identified a campaign aimed at banking industry professionals that bypassed Symantec’s secure web gateway. SharePoint is used as the initial delivery portal that masks any additional corrupted links. Utilizing a compromised SharePoint account, malicious actors are then able to bypass all security measures in order to share secondary infected URLs. Recipients are then redirected to a OneNote document that invites them to download an internal report via a link. At this time it is unclear how many individuals have been affected. 

Ring, Amazon’s Video Doorbell Company Shares Your Footage Indefinitely With Law Enforcement Agencies

Ring stated that it shares compiled footage surrendered by users with local law enforcement agencies. The doorbell company does so in order to assist in court proceedings that can lead to the prosecution of criminals caught in the act. The controversy lies in the fact that law enforcement can share said data with other partnering agencies that assist in the prosecution of individuals caught in the act of a crime. Once Ring users turn in the data, it is stored and shared indefinitely – this may violate the privacy rights of the service users. However, oftentimes law enforcement agencies work in conjunction with other organizations in order to better their chances of prosecuting lawbreakers. The compiled data used against criminals is saved for record keeping purposes in case additional evidence is surrendered. Ring users need to be aware of the terms and conditions regarding the data that they are providing as well as the implications on their privacy if they turn in incriminating footage. 

An Exposed Web Server Containing Thousands of Job Seekers Resumes & CVs Was Found Online

A leaked web server containing resumes and CVs from 2014 to 2017 has been found online. Some of the data is said to originate from Monster.com, the recruitment site. Most of the files include job seekers’ personal information such as phone numbers, home addresses, emails, immigration documents, and prior work experience. The exposed server stored information pertaining primarily to U.S. based job seekers. At this moment it is unsure how many individuals were affected, however, there are files within the data silo containing thousands of files. Monster failed to report the breach and did not make a statement until after security researcher alerted TechCrunch about the matter. Monster had sold customer data (i.e. resumes and CVs) to third-party recruitment firms. Monster asserted that the leaked web server belonged to a previous partner that purchased the data.

To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below. 

Top CASB Use Cases