in(Secure) digest: stellar social engineering, exposed servers and giants under attacks
01.11.2022
Back to blog listAs usual at the end of the month we have gathered the most resonant information security incidents in our monthly digest. In this digest you will find data on:
• Toyota’s contractor, which accidentally exposed part of the code
• An undercover astronaut
• Australian companies, experiencing cyberattacks
• A massive Microsoft clients’ data leak.
Data leak with mileage
Situation: The Toyota car manufacturer notified about a probable data leak of 296.000 customers’ data.
Case study: according to the official statement by the Toyota representatives, the data leak probably happened because of the human mistake at the side of the contractor, which developed T-connect service. Supposedly, the developer’s employees had accidentally uploaded part of source code, containing the access key to the company’s server to the GitHub. The data leak concerned users, who have registered in the system since 2017.
T-Connect service enables users to activate remote engine start, get access to car maintenance indicators and use My Toyota application. Servers, which manage these parameters contain unique identification numbers and clients’ email addresses.
Toyota representatives claimed, that the sensitive data, such as names, phone numbers, addresses and bank card numbers wasn’t exposed. The Japanese manufacturer officials noticed, that the company staff members didn’t find any proof that the perpetrators took advantage of the alleged leak. However, they advised clients to be attentive in terms of spam and not to click on the suspicious links.
Source code leak has yet become a wide-spread problem. Such companies, as Samsung, Nvidia, Twitch and many others have already been affected by this problem.
Alco leak
Situation: Vinomofo has experienced the data leak which led to exposure of information on 500.000 wine lovers.
Case study: the Vinomofo CEO reported that an unauthorized third party gained access to the database on the test platform. As a result of the hack, clients’ data, such as names, dates of birth, addresses, email, phone number and sex was at stake. According to the company’s representative official statement, the incident did not affect Vinomofo web-site work process. Vinomofo employees also claimed, that client’s passport and financial data wasn’t kept by the company employees, however, they asked clients to be careful and attentive.
Stellar scammers
Situation: “Russian astronaut” has tricked a Japanese woman.
Case study: an intruder, who impersonated a Russian astronaut from an International Space Station, got in touch with an old lady from Japan via a social network. In their correspondence, the intruder confessed his love to the woman, promised to marry her and said that he wanted to settle in Japan. The so-called astronaut told that he needed money to return to Earth. That’s why he asked the gullible lady to cover his expenses for returning home, including the rocket flight. The woman transferred him several payments. The overall transferred sum was about 30 thousand dollars. However, even after these payments were conducted, the intruder asked the lady to transfer him more money. Thus, she got in touch with the police officers and admitted that the intruder managed to treat her by mentioning a number of organizations, which do exist, such as NASA and Japanese space agency JAXA.
Australian passions
Situation: the Australian retail giant Woolworth reported that data on 2.2 million MyDeal clients leaked.
Case study: the company representatives stated, that a cybercriminal used compromised accounts to access MyDeal’s CRM-system. As the result of the hack the intruder obtained MyDeal clients’ names, email addresses, phone numbers, delivery addresses and dates of birth. Data on clients’ payments, drivers’ licenses, passports and accounts was not obtained. The company representatives also claimed that the cyber incident did not affect Mydeal web-site and application work processes.
Woolworths acquired 80% of MyDeal online market in September. However, MyDeal systems remained detached from the Woolworths’ thus, they were not affected. The company reported authorities about the incident and notified affected clients.
Recently another Australian telecommunication company Optus has also experienced a data leak. Company representatives stated, that nearly 10 million clients’ data was compromised.
We are open, do not pass by
Situation: Microsoft corporation confirmed 2,4 Tb clients’ data leak.
Case study: the Microsoft corporation officials confirmed the incident after SOCRadar researchers reported the leak on September 24th. The corporation officials claimed the leak happened because of the Azure cloud system servers misconfiguration. The Microsoft representatives did not specify the amount of the information leaked, but SOCRadar experts noted that 2.4 terabytes of confidential data were stored on the corporation's servers.
Researchers from SOCRadar claim that as a result of the leak, data on 335.000 emails and 133.000 projects was exposed. The leak probably affected the confidential data on more than 65,000 organizations from 111 countries. Microsoft believes that the SOCRadar organization has "greatly exaggerated the extent of this problem" and "the numbers".
Your vote has been accepted
Situation: Hamilton local authorities have accidentally exposed data on a hundred of city residents.
Case study: Hamilton local authorities notified hundreds of voters who requested mail-in ballot that some of their information had been disclosed. The data leak occurred because of a mistake – email addresses were entered into the “send” line of the message, instead of under “bcc”, which exposed the email addresses to everyone who received it.
City officials reported they took immediate actions to retract the email, but it remains in some voters' mailboxes. Hamilton authorities ask everyone to delete the email.
The city clerk has sent an email with the apologies to the affected parties.
Giants attacked
Situation: Hackers attacked the IT infrastructure of Indian power company Tata Power.
Case study: According to the National Stock Exchange of India, the hacker attack affected the work processes of some IT systems of Tata Power Company Limited. Power company officials said they had taken steps to restore the affected systems and protect the portals used by customers. However, Tata Power representatives did not provide details on how exactly did the attack occur.