Here are the top cybersecurity stories of recent weeks:
- 500px discovers 2018 data breach affecting 15 million users
- Sensitive credit card information worth $3.5 million put up for sale
- University of Washington Medicine exposes information of nearly 1 million patients
- US servers of VFEmail exposed by hackers
- Despite user complaints, OkCupid denies data breach
500px, a photography portfolio website, confirmed a data breach on February 8th that dates back to July 2018. The breach exposed personally identifiable information (PII) such as first and last names, email addresses, passwords, and addresses. 500px reported that the amount of individuals affected makes up their entire user base. The photography website is asking their users to reset their passwords and even their usernames to secure their accounts. 500px has reportedly contacted law enforcement and a security firm to help improve the safety of user information.
Three large collections of payment card ‘dumps’ were found for sale online. A card dump is a term used to describe caches of stolen payment card industry (PCI) data that are placed online for anyone to buy. These ‘dumps’ are used to clone payment cards whereby someone can later withdraw money from real bank accounts through ATM transactions. It was reported that all three dumps were placed on Joker’s Stash, the most widely known underground marketplace for selling stolen credit cards. Two of the three dumps were made up of Pakistani user details. It was reported by Group-IB, a Russian cybersecurity firm, that just under 70,000 Pakistani bank customers were affected - an unusually high amount.
UW Medicine recently announced that medical records for 974,000 patients were mistakenly released due to an error made internally in December of last year. The exposed files contained PII such as names and medical records, as well as lab tests of certain patients. UW Medical officer, Dr. Timothy Dellit, claimed that although the breach occurred, the lab results were kept confidential, but indirect inferences could be made. UW Medicine is currently working on sending letters to everyone affected to inform them about the data breach, which will set the department back $1 million in costs.
On February 11th, 2019, VFEmail had all of its US servers breached by hackers. In the process, all US customer data was wiped, leaving people with completely empty inboxes. Additionally, all secondary domains were brought down, leaving VFEmail in a very difficult position. The breach was first detected when the site went down without any prior notice. The company is working on restoring all emails, as well as the website, in hopes of retaining their users.
Recently, a user complained that their OkCupid account was hacked when they noticed a password change that they never requested. After being denied access to the account, this same user also noticed that the email address was changed, as well, leaving them helpless. OkCupid claims that no signs of a breach are visible. Natalie Sawyer, an OkCupid spokesperson, reported that there was no security breach, and that individuals who recycle their credentials across multiple websites may experience these kinds of issues when their credentials are exposed by those other websites. The user that noticed their account being locked also stated that they received harassing text messages (from their own number) that contained private messages only found on their OkCupid account. The dating site was one of many to not feature two-factor authentication, which could help with preventing unauthorized access in the event of credential compromise.
To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, misconfigurations, and more, download the Definitive Guide to CASBs below.