Data Security

The latest on data breaches and cybersecurity and data security by Adam K Levin.

Mathway breach
Over 25 million user logins and passwords from a popular math app are being offered for sale on the dark web following a data breach. Mathway, a popular app for iOS and Android devices, recently uncovered evidence of the breach after a hacking group announced it was selling Mathway user data on the dark web for roughly $4,000 in Bitcoin.  ShinyGroup,...
celebrity law firm hack
The hackers who attacked a major entertainment and media law firm have now doubled the sum they’re demanding, and have included a threat to reveal compromising data on President Donald Trump. Grubman Shire Meiselas & Sacks represents high-profile clients including U2, Madonna, Lizzo, Drake, and Lady Gaga among many others. The firm was targeted with ransomware earlier this month, which...
Magellan Health Ransomware
In the wake of an April ransomware attack, Fortune 500 healthcare company Magellan Health announced that a hacker exfiltrated customer data. The ransomware attack was first detected by Magellan Health April 11, 2020, and was traced back to a phishing email that had been sent and opened five days earlier. Subsequent investigation revealed that customer data had been exfiltrated prior...
celebrity data breach
A major entertainment and media law firm experienced a massive data breach that may have compromised the data of many celebrities including Bruce Springsteen, Lady Gaga, Madonna, Nicki Minaj, Christina Aguilera, and others. Grubman Shire Meiselas & Sacks, a New York-based law firm, was hit by a ransomware attack that compromised at least 756 gigabytes of client data, including contracts,...
Password manager
It’s World Password Day, and much like every other day of the year, the state of password security is terrible.  Despite repeated warnings from security experts and IT departments, “123456” is still the most common password for the last seven years, narrowly edging out “password.” The problem isn’t limited to easily guessed passwords: a recent study of remote workers found that...
Adult site leaks 7 TB of data
Users on an adult streaming platform may have experienced the wrong kind of exposure when over seven terabytes of data was found on an unprotected database online. The damage done could include the dissemination of amateur pornographic user images.  CAM4, a video streaming service primarily for adult amateur webcam content, reportedly left more than 11 million user records online on...
Pharma exec credential breach
The online credentials for 68% of pharmaceutical executives analyzed for a study have been compromised recently. The study, conducted by cybersecurity firm Blackcloak, found that the email accounts of over two-thirds of pharmaceutical executives had been compromised within the last five to ten years. Of the compromised emails, 57% were found on the dark web and had been either cracked...
ghost
Hackers successfully breached the servers of a popular blogging platform and used them to mine cryptocurrency. Ghost, a Singapore-based blogging platform with 2,000,000 installations and 750,000 active users, announced that hackers had breached their systems.  "The mining attempt... quickly overloaded most of our systems which alerted us to the issue immediately," the company announced May 3, adding that “here is no...
Covid-19 scams
Cybercriminals are actively targeting Covid-19 hotspots with malware and phishing campaigns, according to a new report from Bitdefender. The report, “Coronavirus-themed Threat Reports Haven’t Flattened the Curve,” shows a direct correlation between confirmed Covid-19 cases and malware attacks exploiting the crisis. These findings confirm a similar report that showed a 30000% increase in Covid-19-themed attacks from January to March. “Countries that have...
e-skimming
For the last few years, cybersecurity experts have been sounding the alarm on something called e-skimming. In this kind of attack, hackers intercept payment card data and personal information from e-commerce sites by exploiting the architectural complexity of those e-commerce sites.  While there have been several major breaches that were the result of e-skimming, including Macy’s and British Airways, the...