Database Security Digest – January 2018
Here is a quick look at the database security news in January 2018
The Tokyo-based cryptocurrency exchange Coincheck loses more than $ 400 million in a hacking attack. The hackers have pulled off the biggest crypto heist of all time so far sending clients into a panic about the future of their virtual assets. The Coincheck exchange is trading in NEM virtual currency and reported a significant drop in the balance of the virtual currency. The investigation showed that about $ 400 million worth of NEM had been illegally transferred to some unidentified accounts. NEM deposits of all customers were frozen and Coincheck had to freeze all withdrawals. At the moment the management of the company is investigating the accident. The theft was possible due to the fact that the executive team failed to implement basic security features.
The Stellar Lumen cryptocurrency was targeted by a hacking attack. The attackers were able to redirect the DNS server to a server controlled by the criminals. The result of this theft was 670,000 Lumens (approximately $400,000) missing. According to the experts the exploit used was a code injection. If the Blackwallet users had more than 20 Lumens in their wallets their funds were automatically pushed to a different wallet apparently belonging to the attacker.
The charges are raised at $650,000 for a Hong Kong-based electronic toymaker. The US Federal Trade Commission (FTC) raised the charges at VTech following the data breach back in 2015. A settlement has been reached with the FTC after two years of investigation. Now the toymaker has to pay $650,000 to settle charges due to the fact it failed to protect the privacy of its users. The Vtech electronic toymaker amassed a lot of information about children and parents using its Kid Connect application. However, doing that the company didn’t seek consent from parents or told children what data was being collected.
The investigation showed that the security practices in the company were poor and one could easily get access to parents’ and children’s names, home addresses and even pictures and chat logs. The hacker used a simple but still very effective method of SQL injection which let him view photos and audio files uploaded by children and parents. In the future the company promised to uphold to stricter security and pay more attention to personal data protection.
There has been a massive data breach from this family-owned chain of restaurants in the USA. Investigators say that the hackers used RAM-scraping malware installed on the point-of-sale terminals all over the USA starting June 8, 2017. The management of the company notified the public that the hackers were able to obtain information on up to 2 million card numbers, including cardholder names, expiration dates, cardholder verification values, and service codes.
OnePlus company is responsible for leaking of up to 40,000 credit card details in the result of a hacker attack. Anyone making their purchase online put their credit card information at risk and probably might want to contact their banks. Credit card information was stolen from customers while they were making their purchases on the manufacture’s website. It seems that the weakest link on the website might be the payment integration of the company with the Magento eCommerce platform.
UK Top law firms
Cybersecurity researchers have found file dumps on the Dark Internet. These databases contain about 1.2 million entries leaked from several top UK law companies. These entries contain e-mail addresses and 80 percent of them were connected to passwords. To make the situation worse, some passwords were plaintext. Using this information hackers or virtually anyone can skip past any company corporate defense system using legitimate credentials without being detected.