Approximately 1.2 billion records on an unsecured Google Cloud Services database were found on the web. Vinny Troia, a cybersecurity researcher with a focus on the Dark Web, found 1.2 billion records on an unsecured server. A total of 4 terabytes of personal information was found, all accessible on the Dark Web. The database did not contain any sensitive information, e.g. Social Security numbers or credit card numbers.
What information was found?
In total, the database left the profiles of hundreds of millions of people exposed. In addition to 50 million unique phone numbers and 622 million unique email addresses, the database contained private information such as:
- Social media profiles
- Employment histories (possible scrape from LinkedIn)
Troia remarked that this was the first time that he had seen such a large-scale collection of social media-related user profiles in one place. He also warned that, from a hacker’s perspective, there is enough information to target and compromise a victim with further acts of cybercrime.
Additional Details on the Google Cloud Services Leak
Vinny Troia and Bob Diachenko, security researcher, discovered the server using web scanning services looking for vulnerabilities. The IP address revealed little, that the databases was from Google Cloud Services. He did not know who was responsible for placing the database on the Dark Web or if the server was accessed by anyone before him, however he found and accessed the server easily. After Troia alerted the Federal Bureau of Investigation of the exposed database. An individual took the server offline within a few hours.
There was a total number of four servers. While three out of the four servers were labeled as coming from People Data Labs, the company said they don’t own any server that hosted the data. The company has high volumes of customer data for sale, including millions of LinkedIn profiles and millions of cellphone numbers. However, it is possible that whoever leaked the data may have obtained it from People Data Labs and posted it online.
The other data set, titled and (each record) tagged “OXY,” may have come from Oxydata, a Wyoming-based data broker, according to Vinnie Troia. He has since reported the information to HaveIBeenPwned, a website that allows you to check if your information has been compromised on the web. Once private information is leaked, hackers may target victims with identity theft, credential stuffing, and phishing scams.
Macy’s a Victim of a Data Breach Involving “Sophisticated” Code Injection
On November 14, Macy’s released information about a cybercrime involving customer personal and payment data, which occurred during a one-week period in October. Macy’s notified federal law enforcement after finding suspicious activity on the retailer’s website on October 7. According to Macy’s a suspicious third party inserted malicious code into the website. Macy’s labeled the cyberattack as “sophisticated.” By October 15, Macy’s removed the code.
Details of the Macy’s October 2019 Data Breach
The malicious actors infiltrated Macy’s databases containing the private information of Macy’s online customers, including customer:
- Names
- Address
- Phone numbers
- Payment information
Macy’s conducted an investigation and found that the malicious code could capture data on Macy’s online checkout and wallet page containing payment details. While no official victim tally has been released, Macy’s said that only a small portion of its online customers were affected. Due to the data breach, the leading retailer will provide data breach consumer protection to affected customers at no cost.
T-Mobile a Victim of a Data Breach that Exposed Consumer Prepaid Account Information
T-Mobile announced that it was targeted by hackers who gained unauthorized access to data pertaining to T-Mobile prepaid wireless account holders. Prepaid service account data that T-Mobile found compromised includes:
- Name
- Billing address (where applicable)
- Phone number
- Account number
- Rate plan and included features
No financial information, e.g. credit card numbers, Social Security numbers or passwords were involved in the hack. Notified customers were advised to verify or update account information for added security. T-Mobile issued the following statement:
“ … we are always working to improve security so we can stay ahead of malicious activity and protect our customers. We have a number of safeguards in place to protect your personal information from unauthorized access, use, or disclosure. For more information on how we protect your information, please check out our privacy policy. We also provide security tips for you at: https://www.t-mobile.com/responsibility/privacy.”
ThreatModeler Helps Organizations Small-to-Large to Prevent Data Breaches
With data breaches and personal information left exposed at an all-time high, organizations must take the proper precautions to harden their IT infrastructure. In order to properly manage risk, enterprises must reduce the number of the threats that can compromise systems, applications and the data processed by them. Threat modeling is a way to visualize an IT ecosystem, including the components, connectors, actors and flow of information – inside and outside of the application.
Through process flow diagrams threat modeling will help organizations to map out their attack surface, to understand the security threats that exist, plus the security requirements needed to mitigate them. ThreatModeler is an industry-leading tool that enables organizations to identify, prioritize and proactively mitigate threats. ThreatModeler automatically threat models an organization’s attack surface, with threat content pulled from respected threat frameworks including OWASP, CAPEC and the NVD (vulnerabilities).
ThreatModeler features an AppSec edition, and cloud editions that integrate with AWS and Azure. To learn more about the advantages ThreatModeler has to offer, we schedule a live demo. You can also contact us to speak with a threat modeling expert.