As per tradition, in the beginning of new month we are sharing with you the most notable Information Security incidents. In August, we had the following cases: a nightmare for League of Legends fans, the largest leak in US history, and another Microsoft outage.
What happened: future Netflix series episodes leaked online due to an attack on the contractor.
How it happened: on August 9, episodes of Netflix anime and animated series that had not yet been released began to appear on social networks and on thematic forums. Among them: Arcane, Terminator Zero, Dandadan, Ranma ½ and others.
Netflix was quick to respond to the leak, saying that ‘hackers attacked one of the post-production partners.’ The low quality of the ‘leaked’ videos with ‘for work use’ watermarks prooves that.
The media giant tried to remove the leaked data from the network, and also posted a new story trailer of the most high-profile new product - the second season of the anime based on the League of Legends game - Arcane, to calm the hype. But this didn't help, and millions of fans waiting for the second season have already seen major plot spoilers.
What happened: Toyota's US division fell victim to a cyberattack.
How it happened: 240 GB of data from Toyota's California division appeared on a hacker forum on August 16. Among the leaked information were employee and customer data, internal documents and databases, logins and passwords from admin accounts in plain text.
Notably, the attackers are not selling the data, but giving it away for free. This may suggest that the attack was an act of ‘hacktivism’.
Toyota confirmed the leak and assured that the incident was limited and the company has already launched an investigation. However, a few days after this statement, the leaked admin accounts were valid and still working.
What happened: hackers caused a major disruption in Indian banking apps.
How it happened: attackers hacked C-Edge Technologies, a major service provider. As a result, the mobile banking apps did not work almost all over India on August 1.
The incident was investigated by Juniper Networks specialists. According to them, C-Edge Technologies was hacked because of a misconfigured Jenkins server that is an automated system for testing and delivering mobile application modules.
The attackers started by sending a POST request to the server in an attempt to execute a malicious command. This succeeded, and the criminals gained a foothold on the server, accessed other company systems, and then injected the ransomware.
In addition to Jenkins was incorrectly configured, the server had not been updated to the current version, and one of its parts mishandled POST requests. This made it possible to exploit the critical vulnerability CVE-2024-23897 (CVSS score: 9.8/10) and conduct the attack.
What happened: a former contractor attacked the crypto platform Holograph.
How it happened: Holograph is an omnichain tokenization protocol, enabling asset issuers to mint natively composable omnichain tokens. Hackers exploited a vulnerability in its system and used a proxy wallet to generate 1bn Holograph tokens - HLG.
The total value of the generated tokens was approximately $15 million. Due to such ‘cryptoinflation’ the value of HLG tokens fell from $0.014 to $0.0029 in a few hours.
After the incident, an international investigation was launched and the suspects were arrested on the territory of Italy. Their names were not disclosed, but it turned out that the organiser of the attack was a ‘disgruntled former contractor’, who understood the workings of the Holograph protocol.
What happened: 2.7 billion data records of Americans were exposed.
How it happened: On August 6, a post with the personal information of Americans appeared on a hacker forum. It contained names, social security numbers, emails, and possible aliases of those affected.
Researchers believe that the alleged source of the leak was the National Public Data company. It collects citizens' personal data, and then for a fee provides access to them for criminal record checks and private investigators.
According to media reports, a dump with similar data was already sold on the same hacker forum this year in spring. Back then, another hacker claimed to have hacked National Public Data and obtained the personal data of US, UK and Canadian citizens.
After the initial leak, different hackers published partial copies of the data dump, with each copy containing a different number of records, and in some cases differing in the data itself. The latest and most complete version of the data dump appeared on August 6.
So far, the exact authenticity of the leaked “clones” has not been identified. But it turned out that National Public Data collected Americans' data without their consent from non-public sources. As a result, the company was indicted.
What happened: Kootenai Health, a major US healthcare provider, fell victim to hackers.
How it happened: Attackers infiltrated the company's infrastructure using ransomware. They then encrypted files and leaked customer and employee PII including age, passport information, social security number, driver's licence and medical records.
According to the researchers, the attackers infiltrated the company back in February 2024, but the problem was not discovered until August 2024. As a result, about 500,000 people were affected by the leak.
What happened: there was a global outage of Microsoft services.
How it happened: on July 30, many Microsoft services and applications were unavailable: Azure, Outlook, Minecraft, Entura and Microsoft Intune, etc. This disrupted many organisations: courts, utilities, banks and medical facilities around the world!
Microsoft has openly stated that the disruption was due to a DDoS attack, and that their security measures only amplified the scale of the attack rather than mitigating it. A previously unknown group of hacktivists claimed responsibility for the outage.
The company also said it had configured Azure Web Application Firewall that is an intrument of protection against such attacks. However, it remains unclear why the global IT giant didn't install a web application firewall earlier.
What happened: Hackers remotely wiped data from the devices of students around the world.
How it happened: Attackers compromised Mobile Guardian, a developer of MDM systems for the education sector. It develops cross-platform software to filter traffic, monitor student activity, and remotely manage devices.
According to the company, there was a cyberattack on August 4, which resulted in hackers gaining access to Mobile Guardian's platform. The capabilities gained were not used to steal data, but to delete it. For example, in Singapore, data was deleted from 13,000 devices, and it ended with the cancellation of a contract with the country's Ministry of Education.
The company, alas, gave up: after the attack, it completely shut down its management servers, so users cannot log in to Mobile Guardian, and students are restricted from accessing their devices.
What happened: Nexera's blockchain infrastructure was attacked by hackers.
How it happened: on August 7, unknown attackers hacked into the system for managing Fundrs smart contracts using the BeaverTail malware. This is how attackers managed to steal 47 million Nexera infrastructure tokens - NXRA worth $1.76 million.
The criminals cashed out 15 million tokens worth $450,000, while the Nexera team was trying to remove the other 32 million from circulation. After that, the company suspended trading of its tokens on decentralised exchanges and recommended other platforms to do the same. However, this led to an 86% drop in the token price.
What happened: hackers stole nearly $700,000 from McDonald's subscribers.
How it happened: a hacker group hacked into McDonald's Instagram account and advertised a fraudulent cryptocurrency token there. It was called the same name as one of the company's mascots, Grimace.
The advertisement has been shown to be "effective", and the capitalisation of the token instantly grew from a few thousand to $25 million. After that, the fraudsters sold their tokens, thus earning about $700,000 in the cryptocurrency Solana (SOL). The value of the token itself fell to $65,000.
In the end, the company was able to return his account, but in the description of his profile for some time ‘hung’ gratitude from hackers for cryptocurrency. McDonald's apologised to subscribers for the incident.
IS tip of the month: After a relaxed summer and vacation season, your data storage could be in disarray: what new critical data is there and where is it now? But what's more important is who has access to it and can edit an important file without permission? The DCAP system will help you clean up your storage and prevent data misuse.