Bitglass Security Spotlight: Dow Jones, TurboTax, and Indane Data Breaches

This post was originally published here by  Will Houcheime.

Here are the top cybersecurity stories of recent weeks: 

  • Dow Jones’ watchlist of high-risk individuals breached

  • $7.7 million in EOS cryptocurrency stolen by hacker

  • TurboTax credential stuffing attacks exposes tax returns

  • US security agency targets Russia’s ‘troll factory’

  • Millions of Aadhaar numbers leaked by gas company, Indane

    Dow Jones’ watchlist of high-risk individuals breached

    Dow Jones’ watchlist was recently exposed via a server with unencrypted data. Independent security researcher, Bob Diachenko, came across the list containing more than 2.4 million records of business entities and individuals on the Elasticsearch database. Dianchenko stated that personally identifiable information (PII) including names, addresses, locations, and some photos were disclosed. The watchlist is used by companies as a part of their risk and compliance endeavors. The list also helps financial institutions and government agencies decide whether to approve or deny certain banking loans. Dow Jones spokesperson, Sophie Bent, stated that a particular “authorized third party” was at fault for the leak.

    $7.7 million in EOS cryptocurrency stolen by hacker

    On Saturday, February 23rd, a public post reported that a hacker had stolen $7.7 million in cryptocurrency. Although one of the 21 mainterners of an EOS blacklist followed security protocol, it was not done in time to avoid the exposure. In light of the data leak, EOS42, a web-based community of EOS cryptocurrency owners, is requesting a more secure system of data protection protocol where 15 of 21 EOS producers would update their blacklists. To follow, an account key would be created, blocking access to vulnerable accounts.

    TurboTax credential stuffing attacks exposes tax returns

    Intuit, a financial software company, recently learned that an unauthorized party breached an undisclosed number of TurboTax accounts in a credential stuffing attack. A credential stuffing attack occurs when attackers are able to use usernames and passwords leaked from prior security breaches to infiltrate access to accounts on other sites. This type of attack is made possible when users recycle passwords. Intuit informed those that had their accounts compromised that it is likely that the unauthorized party may have collected information such as prior or current tax return information, Social Security numbers, addresses, and other financial information. To limit further data leaks, Intuit had the affected accounts disabled temporarily, until a secure plan could be in place.

    US security agency targets Russia’s ‘troll factory’

    A US security agency was successfully able to target the Internet Research Agency (IRA), Russia’s ‘troll factory.’ The Washington Post first reported the cyberattack against the troll factory, which, in past encounters, had been able to propagate fake news and affect polls. US Cyber Command (USCC) was able to launch the attack in November 2018, a day before the US midterm elections. US officials report that the attack brought down the IRA’s IT network, disallowing the Russian agency to hinder the voting process. US hackers were able to infect one of the IRA servers by destroying data from two of the four hard drives attached, as confirmed by the Russian news site.

    Millions of Aadhaar numbers leaked by gas company, Indane

    India’s state-owned gas company, Indane, recently leaked part of its website that dealt with dealers and distributors. It was reported that the site was indexed in Google in such a way that allowed a bypass of the login page and admittance to very sensitive information. A security researcher, who asked to stay anonymous, was able to yield a simple Google search which contained consumer names, addresses, and personal identification numbers. Aadhaar’s regulator, the Unique Identification Authority of India (UIDAI), rapidly denied reports of the data breach, claiming certain news articles as “fake news.” French security researcher, Baptiste Robert, who has previously investigated Aadhaar data breaches, confirmed finding 5.8 million Indane consumer records through a custom-made script. Prior to his script being blocked, Robert claims that the number of affected consumers could surpass 6.7 million.

Photo:Nehemiah Security

Ad

No posts to display