Discord suffers data breach
The popular VoIP and instant messaging social platform has disclosed a data breach that has resulted in unauthorized access to a third-party customer service agent’s support ticket queue, potentially exposing users’ email addresses, the contents of customer service messages, and any attachments sent to Discord support. In response to the incident, the company immediately deactivated the compromised account and analyzed the impacted machine to determine if it was infected with malware.
Car location data of 2 million Toyota customers exposed for ten years
Toyota Motor Corporation has disclosed a data breach on its cloud environment that exposed the car-location information of more than two million customers between November 6, 2013, and April 17, 2023. The data breach resulted from a database misconfiguration that allowed anyone to access its contents without a password. This incident exposed the information of customers who used the company’s T-Connect G-Link, G-Link Lite, or G-BOOK services. T-Connect is Toyota’s in-car smart service for voice assistance, customer service support, car status and management, and on-road emergency help. The information exposed in the misconfigured database includes the in-vehicle GPS navigation terminal ID number, chassis number, and vehicle location information with time data.
Swiss tech giant ABB confirms ‘IT security incident’
The company confirmed on Friday that it is dealing with “an IT security incident” that is affecting some of its offices and systems around the world, but would not say if this involved ransomware. However, BleepingComputer reported on Thursday that the Black Basta ransomware group attacked the company on May 7. Multiple anonymous sources told the news outlet that the ransomware attack targeted the company’s Windows Active Directory and affected hundreds of devices. ABB is the developer of numerous SCADA and industrial control systems (ICS) for energy suppliers and manufacturing, raising concerns about whether data was stolen and what it contained.
(The Record and Bleeping Computer)
Personal info of 90k hikers leaked from French tourism company
The Cybernews research team has discovered data on a publicly accessible datastore with more than 4GB of information belonging to clients of La Malle Postale. The leaked information included names, phone numbers, emails, private communication via SMS messages, passwords, and employees’ credentials. Founded in 2009, La Malle Postale provides luggage and passenger transportation services on many popular hiking routes, including the famous Santiago de Compostela pilgrimage trail.
Thanks to this week’s episode sponsor, Hunters
Musk appoints new Twitter CEO, NBCU’s Linda Yaccarino
Musk confirmed Yaccarino’s new role in a tweet Friday morning, adding he is “Looking forward to working with Linda to transform this platform into X, the everything app,” wrote Musk. Yaccarino announced on Friday morning that she was leaving her role as chairman of Global Advertising & Partnerships at NBCU. Yaccarino worked at NBCU since 2011. Before that, she spent nearly 20 years at Turner as an executive vice president in advertising. In 2018, she was appointed by former president Donald Trump to the President’s Council on Sports, Fitness and Nutrition.
Companies to pay over faked net neutrality comments
Three companies accused of falsifying millions of public comments to support the contentious 2017 federal repeal of net neutrality rules have agreed to pay $615,000 in penalties to New York and other states, New York’s attorney general said Wednesday. The penalties come after an investigation by the New York state Office of the Attorney General found that the fake comments used the identities of millions of consumers, including thousands of New Yorkers, without their knowledge. All three companies provide digital lead-generation services, meaning they collect personal information from consumers and then sell it to third parties for leads to generate business.
Last week in ransomware
Last week saw the emergence of two new ransomware families, Cactus and Akira. The Cactus operation launched in March has been found to exploit VPN vulnerabilities to gain access to corporate networks. The Akira operation uses a retro-looking data leak site that requires you to enter commands as if you’re using a Linux shell. In addition last week, the Money Message ransomware operation published source code belonging to MSI, which contained private keys for Intel Boot Guard. The City of Dallas continues to do battle with the aftereffects of a Royal Ransomware attack, and the town of Lowell, Massachusetts suffered from a Play ransomware attack – the same group that attacked Oakland CA. This signifies a growing trend of ransomware groups attacking US cities. Research and reports last week covered a new White Phoenix decryptor can be used to partially recover data encrypted by ransomware using intermittent encryption; SentinelOne found that nine different ransomware operations used the leaked Babuk source code to create VMware ESXi encryptors; and a joint advisory between the FBI and CISA disclosed that the Bl00dy Ransomware gang is exploiting PaperCut servers in the education sector.