This week shows no shortage of targeted attacks designed to extract large datasets from a broad range of consumer sites.  Travel, finance and entertainment sites were targeted, impacting more than 100,000,000 unsuspecting victims.

If anything, this week clearly demonstrates why individuals & businesses need to proactively monitor for their compromised data with tools like ID Agent’s SpotLight ID or ID Shield (Personal Identity & Credit Monitoring Solutions). I’m not a fan of Lifelock because of their marketing practices so I won’t promote them here.

The events of this week also clearly demonstrate why businesses must monitor for compromised credentials that can be used to exploit internal systems and to compromise or takeover customer accounts.

Highlights:

  • Leaked credentials from a 3rdparty data breach used to exploit 45,000 Transamerica customers 
  • No Tickets for You! - TicketFly shuts down to identify and fix the source of leak impacting 26M customers
  • com shows that phishing attacks never take a vacation
  • Google Groups - taking a page right out of Amazon’s leaky bucket playbook?

In other news…

The City of Atlanta’s losing streak continues thanks to ransomware hacks! This time, the city’s evidence chain of custody breached, allowing police evidence to be destroyed - impacting investigations and prosecutions.

https://cyware.com/news/atlanta-ransomware-attack-destroyed-years-of-police-dashcam-footage-potentially-critical-evidence-9e8134ac

Europol has a new team dedicated to cybercrime on the Dark Web, hoping to monitor and mitigate criminal activity. Multiple law enforcement agencies throughout Europe are participating in this team, in addition to some non-European organizations. Keep fighting the good fight!

https://www.welivesecurity.com/2018/06/01/europol-eu-team-fight-dark-web/

Google Groups can’t get its act together when it comes to privacy settings, resulting in accidental disclosure of users’ private documents. If your business uses Google Groups, make sure to set your group to private!

https://www.securityweek.com/thousands-organizations-expose-sensitive-data-google-groups

It looks like there’s more than just gators to watch out for in the sunshine state… Florida named the worse state in consumer cybersecurity.

https://www.darkreading.com/vulnerabilities---threats/survey-shows-florida-at-the-bottom-for-consumer-cybersecurity/d/d-id/1331983


What we’re STILL listening to this week!

TicketFly

Exploit: Database misconfiguration, hacker doxing/ransoming

Risk to Small Business: High: Demonstrates the impact of database misconfiguration and security controls.

Risk to Exploited Individuals: High: Social engineering and identity theft as a large amount of personal information including names, addresses and phone numbers of customers were leaked.

TicketFly: Owned by Eventbrite, TicketFly is a popular site where customers can purchase tickets online for upcoming events and shows.