top of page
Writer's picturesecnipagabviso

Phishing Campaign Leads To UPS Store Data Breach: Who Is Affected And What To Do Next



However, by October of 2017, Yahoo changed the estimate to 3 billion user accounts. An investigation revealed that users' passwords in clear text, payment card data and bank information were not stolen. Nonetheless, this remains one of the largest data breaches of this type in history.


This massive data breach was the result of a data leak on a system run by a state-owned utility company. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details.




Phishing Campaign Leads To UPS Store Data Breach




In April 2019, the UpGuard Cyber Risk team revealed two third-party Facebook app datasets had been exposed to the public Internet. One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 533 million records detailing comments, likes, reactions, account names, FB IDs and more. This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data. Read more about this Facebook data breach here.


Yahoo believed that a "state-sponsored actor" was behind this initial cyberattack in 2014. The stolen data included personal information such as names, email addresses, phone numbers, hashed passwords, birth dates, and security questions and answers, some of which were unencrypted. Yahoo had become aware of this breach back in 2014, taking a few initial remedial actions but failing to investigate further. It was only about two years later that Yahoo publicly disclosed the breach after a stolen database from the company allegedly went up for sale on the black market.


According to the New York Times, the breach was eventually attributed to a Chinese intelligence group, The Ministry of State Security, seeking to gather data on US citizens. If true, this would be the largest known breach of personal data conducted by a nation-state.


In June of 2018, Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million records on a publicly accessible server. The breach exposed highly personal information such as people's phone numbers, home, and email addresses, interests, and the number, age, and gender of their children. This data exposure was discovered by security expert Vinny Troia, who indicated that the breach included data on hundreds of millions of US adults and millions of businesses.


In May of 2018, social media giant Twitter notified users of a glitch that stored passwords unmasked in an internal log, making all user passwords accessible to the internal network. Twitter told its 330 million users to change their passwords but the company said it fixed the bug and that there was no indication of a breach or misuse, but encouraged the password update as a precaution. Twitter did not disclose how many users were impacted but indicated that the number of users was significant and that they were exposed for several months.


In October 2015, NetEase (located at 163.com) was reported to suffered from a data breach that impacted hundreds of millions of subscribers. While there is evidence to say that the data is legitimate (many users confirmed their passwords where in the data), it is difficult to verify emphatically.


In June 2012, LinkedIn disclosed a data breach had occurred, but password-reset notifications at the time indicated that only 6.5 million user accounts had been affected. LinkedIn never confirmed the actual number, and in 2016, we learned why: a whopping 165 million user accounts had been compromised, including 117 million passwords that had been hashed but not "salted" with random data to make them harder to reverse.


That revelation prompted other services to comb their LinkedIn data and force their own users to change any passwords that matched (kudos to Netflix for taking the lead on this one.) Left unanswered is why LinkedIn did not further investigate the original breach, or inform more than 100 million affected users, in the intervening four years.


In December 2018, Dubmash suffered a data breach that exposed 162 million unique email addresses, usernames and DBKDF2 password hashes. In 2019, this data appeared for sales on the dark web and was circulated more broadly.


In October 2013, 153 million Adobe accounts were breached. The data breach contained an internal ID, username, email, encrypted password and password hint in plain text. The encryption was weak and many were quickly resolved back to plain text, the password hints added to the damage making it easy to guess the passwords of many users.


In February 2018, the diet and exercise app MyFitnessPal (owned by Under Armour) suffered a data breach, exposing 144 million unique email addresses, IP addresses and login credentials such as usernames and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, this sensitive data appeared listed for sale on a dark web marketplace and began circulating more broadly, so it was identified and provided to data security website Have I Been Pwned.


Between February and March 2014, eBay was the victim of a breach of encrypted passwords, which resulted in asking all of its 145 million users to reset their password. Attackers used a small set of employee credentials to access this trove of user data. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth. The breach was disclosed in May 2014, after a month-long investigation by eBay.


In May 2019, Australian business, Canva - an online graphic design tool - suffered a data breach that impacted 137 million users. The exposed data included email addresses, names, usernames, cities and passwords stored as bcrypt hashes.


In June 2013, a data breach allegedly originating from social website Badoo was found to be circulated. The breach contained 112 million unique email addresses and PII such as names, birthdates and passwords stored as MD5 hashes.


In July 2013, Capital One identified a security breach of its customer records that exposed the personal information of its customers, including credit card data, social security numbers, and bank account numbers.


In April 2019, Evite, a social planning and invitation site identified a data breach from 2013. The exposed data included 101 million unique email addresses, as well as phone numbers, names, physical addresses, dates of birth, genders and passwords stored in plain text.


Quora, a popular site for Q&A suffered a data breach in 2018 exposed the personal data of up to 100 million users.The types of leaked data included personal information such as names, email addresses, encrypted passwords, user accounts linked to Quora and public questions and answers posted by users. There was no evidence discovered that anonymously posted questions and answers were affected by the breach.


MyHeritage, a genealogical service website was compromised, affecting more than 92 million user accounts. The breach occurred in October 2017, but wasn't disclosed until June 2018. A security researcher discovered a file on a private server containing email addresses and encrypted passwords. The security team at MyHeritage confirmed that the content of the file affected the 92 million users, but found no evidence that the data was ever used by the attackers. MyHeritage earned praise for promptly investigating and disclosing details of the breach to the public.


Though a slightly different type of data breach as the information was not stolen from Facebook, the incident that affected 87 million Facebook accounts represented the use of personal information for purposes that the affected users did not appreciate. Cambridge Analytica was a data analytics company that was commissioned by political stakeholders including officials in the Trump election and pro-Brexit campaigns. Cambridge Analytica acquired data from Aleksandr Kogan, a data scientist at Cambridge University, who harvested it using an app called "This Is Your Digital Life". One of the most controversial elements of this breach was that users did not appreciate or consent to the political usage of data from a seemingly-innocuous lifestyle app. UpGuard's researchers also discovered and disclosed a related breach by AggregateIQ, a Canadian company with close ties to Cambridge Analytica. Details about these discoveries can be found in our Aggregate IQ breach series (part 1, part 2, part 3 and part 4).


Most cybercriminals post stolen data for sale after a breach, but the unidentified cybercriminal - who was likely using a proxy server - was not interested in monetary gain. Instead, their objective was to call a mass disruption to punch Twitch for fostering a toxic community of users.


Exclusive UK Jeweller, Gaff, suffered a data breach that compromised many of its famous clients. The Russian cybercriminal group, Conti, was responsible for the attack which involved the deployment of ransomware (ransom software).


In one of the biggest data breaches of all time in the education industry, the Los Angeles Unified School District (LAUSD) was attacked by Vice Society, a Russian criminal hacking group. The attack affected over 1000 schools and 600,000 students in the second-largest school district in the United States. The ransomware attack occurred over Labor Day weekend, and prevented LAUSD officials from accessing important data, including:


Mailchimp fell victim to a data breach after cybercriminals gained access to a tool used by internal customer support and account administration teams following a successful social engineering attack. However, this initial breach was just the preliminary stage of the entire cyberattack plan.


The UPS phishing campaign came forward because of the manner the hacker made use of to implement it. Through that XSS bug, the threat actor managed to make the usual website page appear to be a genuine download page. What happened next was that this allowed the cybercriminal to utilize a Cloudflare worker to share a compromised document. The thing is that that malicious file appeared to come from the legitimate UPS.com page, so it seemed like it was downloaded from there. 2ff7e9595c


2 views0 comments

Recent Posts

See All

Comments


bottom of page