Hacks of the Month —July 2019

Another month of hacks, data attacks, security breaches, and exposed flaws to report on. On this hacks of the month we list a short recap and rundown of what you might have missed. Read on for the latest security vulnerabilities and accounts compromised for hacks of the month —July 2019.

security vulnerability and accounts compromisedSmart Home Vendor Compromised 

A misconfigured ElasticSearch server with no password protection has been found by a researcher. The server belongs to a Chinese company, Orvibo. The platform is used by customers with the tool, SmartMate which is used to manage the Internet of Things devices, home entertainment, security devices, and energy management and HVAC systems. 

Orvibo claims that a million customers both individual users and businesses may have been affected. As far as security vulnerabilities go this is a mistake that no company should be making as setting a password is the simplest and oldest method of protecting devices. 

The data that might have been exposed were:

  • User IDs
  • Family Names and IDs
  • Email addresses
  • Hashed (but not salted) passwords
  • Smart device details
  • Precise location 
  • IP addresses

security vulnerability and accounts compromised Apple Security App Flaw 

Apple disabled the Walkie_talkie App from its Apple Watch products after a security vulnerability. It was discovered enabling eavesdropping on iPhone conversations. It could allow potential attackers to eavesdrop on calls. The security flaw could allow someone to listen through another customers iPhone without consent. Apple did confirm that it has disabled the app and are fixing the issue.

accounts compromisedSprint Customer Accounts Compromised 

Sprint stated hackers broke into an unknown number of customer accounts via the Samsung.com “add a line” website. Three days later they have re-secured all accounts compromised by resetting PIN codes. This is the second security incident Sprint has had this year alone. The company will be sending impacted customers a letter. The personal information that may have been impacted includes:

  • Phone Number
  • Device Type
  • Device ID
  • Monthly recurring charges
  • Subscriber ID
  • Account number
  • Account creation date
  • Upgrade Eligibility
  • First and Last Name
  • Billing Address
  • Add-on Services

security vulnerability and accounts compromisedCloud Software hit with Ransomware 

Cloud-based software iNSYNQ hit with a ransomware attack. The company specializes in providing Quickbooks account software and services. The ransomware attack took place on July 16th and took the network and its servers offline. The only company response was from the CEO sharing a statement which can be found here

security vulnerability LibreOffice Security Vulnerability 

LibreOffice software, an alternative to Microsoft Office contains a security vulnerability.  A security researcher found a code execution vulnerability that can bypass malware into your system as soon as you open a malicious document file. LibreOffice team has been notified, but until then users can follow steps to update or reinstall the software by clicking on the title above.  

security vulnerabilityBrowser Extensions Security Flaw

A researcher has found security flaws on a few browser extensions that leaked personal and business data. The extensions are:

  • HoverZoom
  • SpeakIt!
  • SuperZoom
  • SaveFront.net Helper
  • FairShare Unlock
  • PanelMeasurement
  • Branded Surveys
  • Panel Community Surveys

These extensions on Chrome or Mozilla were leaking in near real-time personal and sensitive data. Data such as GPS locations, usernames, passwords, credit card information, API keys, and firewall access codes. 

accounts compromisedCapital One Consumer Accounts Compromised

About 100 million US citizen’s data stolen by a hacker. The hacker gained access to Capital One customers who applied to for credit cards between 2005 and early 2019. The FBI has arrested and charged one suspect, who is now in custody. The company states they will notify affected customers, but for more information on what to do read more here. From the information gathered it appears the data stolen was not related to a security flaw by Capital One. Capital One stated the data exposed was:

  • Social Security Numbers
  • Bank Account Numbers
  • Names
  • Addresses
  • ZIP codes
  • Phone Numbers
  • Email Addresses
  • Birth Dates

 

 

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
support@smartfix.theme

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
support@smartfix.theme

Store Hours
Mon - Sun 09:00 - 18:00