New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
600+ MILLION STOLEN ACCOUNTS POSTED ONLINE FROM HACKED WEBSITES
An enormous trove of user accounts was found for sale online on the Dark Web. The collection is on sale for just under $20,000 in Bitcoin.
The websites and their hacked account totals are:
- Dubsmash (162 million)
- MyFitnessPal (151 million)
- MyHeritage (92 million)
- Houzz (57 million)
- YouNow (40 million)
- ixgo (18 million)
- Stronghold Kingdoms (5 million)
- Roll20.net (4 million)
- ge.tt (1.8 million)
- Petflow (1.5 million)
- CoinMama (400,000)
- Pizap (60 million)
- Gfycat (8 million)
- Storybird, Jobandtalent, Legendas. tv, and OneBip (20 million)
- ClassPass (1.5 million)
- StreetEasy (1 million)
- ShareThis (41 million)
- HauteLook (28 million)
- Animoto (25 million)
- EyeEm (22 million)
- 8fit (20 million)
- Whitepages (18 million)
- Fotolog (16 million)
- 500px (15 million)
- Armor Games (11 million)
- BookMate (8 million)
- CoffeeMeetsBagel (6 million)
- Artsy (1 million)
- DataCamp (700,000)
What to do: Most of these sites have already sent messages to affected users and reset account passwords. However, if you have an account with any of these sites and haven’t already, change your password ASAP. If the password you use on these sites is also one you use on any other account, change those passwords as well. Since many people reuse passwords across accounts, hackers will try to log in to other services like your email or Facebook with stolen account credentials.
FAKE BOARD MEETING REQUEST EMAILS
Executives are being targeted with fraudulent emails that purport to be from the CEO of their company and will spoof his/her name and email address.
The emails contain a message about a board meeting being rescheduled and asks users to answer a poll to choose a new date. If recipients click the link, they will be taken to what looks like a login page for Microsoft Office. Entering your credentials sends your information to the scammers.
The email subject line follows this pattern and should be watched out for: New message: [Company Name] February in-person Board Mtg scheduling (2/24/19 update)
What to do: Always be wary of messages that ask you to click on a link, and if you’re ever redirected to a login page after clicking a link do not enter your credentials. Double-check with your boss if you receive messages similar to this, and take the time to review the email address it’s come from.
FAKE FACEBOOK LOGIN POPUP
Security researchers are warning of a convincing Facebook popup that’s designed to steal your credentials. Victims will be directed to an affected website and be shown a popup prompting them to log in to their Facebook account to view the page content. The popup looks exactly like a legitimate login page and is easy to be fooled by.
Users first noticed this scam as their password managers were not auto-filling their account information as they would with a legitimate login page. This is because password managers look for the URL to figure out which credentials to fill in, and recognize that the popup is not from Facebook.
The only way to determine that the popup is a fake is by trying to drag it off your monitor. If part of the popup disappears beyond the screen, then it’s phony.
What to do: A good practice is to always drag login popups like this around to check for unusual behavior. If you can’t drag it, it disappears off-screen, or otherwise acts strange we recommend not entering your account credentials. If you think you may have been affected by this scam, change your account password ASAP along with the password on any other accounts that use that password.
TRULUCK’S RESTAURANT DATA BREACH
Eight Truluck’s restaurants discovered a data breach that occurred in November and December 2018. Two Dallas-Fort Worth locations, two in Austin, two in Houston, and other locations near Chicago and Naples, Florida were affected.
“Truluck’s said it hired forensic experts after being contacted by the FBI about potential unauthorized access to a server used by the 12-restaurant chain. Its internal investigation determined that “an unauthorized actor inserted malware into the point of sale systems at eight restaurants to capture customer payment card information used for purchases,” according to the company.
The breach took place between Nov. 4 and Dec. 8 at Truluck’s downtown Austin location, and between Nov. 21 and Dec. 8 at the other seven restaurants. Truluck’s said the malicious software had the ability to capture credit or debit card numbers and expiration date.
Customer names and addresses weren’t exposed because Truluck’s doesn’t store that information, the company said.” (Dallas News)
What to do: If you ate at a Truluck’s restaurant between the affected dates, you can call Truluck’s assistance line at 1-877-449-1866 for support. They also suggest reviewing your account statements and monitoring your credit report for suspicious activity.
TACO BUENO DATA BREACH
Taco Bueno has discovered malware in some of its point-of-sale devices. It may have allowed attackers to access card details at about 150 restaurants between May 4-November 22, 2018.
You can check which restaurants were affected at https://www.tacobueno.com/paymentcardcheck
More details about the incident and the company’s response are available here: https://www.tacobueno.com/paymentcardincident
What to do: The company advised possible victims to immediately report any unauthorized charges to your card issuer and keep an eye out for unusual activity. If you were a patron of Taco Bueno between the affected dates, it may be smart to request a new card to be safe.
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!