This month’s cyber hacks of the month feature data breaches from cyberattackers and security vulnerabilities discovered by security researchers or IT teams and reported by online IT news pages. October is filled with hacks and vulnerabilities for the month, where we publish the highlights of what you might have missed.
Kylie Cosmetics Data Breach
- The makeup beauty line by Kylie Jenner, Kylie Cosmetics has had their data breached. The company notified the affected customers via email that it’s e-commerce platform Shopify experienced a data breach. Earlier this month, Shopify reported theft by its own employees accessing 200 company’s merchants. The incident is now being investigated by the FBI. The possible data exposed to the customers are:
- Last Four Digits of Credit Cards
Sam’s Club has sent out automated password resets and security notifications to customers who were hacked. These accounts were made hacked by credential stuffing attacks. The company is alerting its affected user that an unauthorized user has possibly gained access to their accounts stemming from credential stuffing or phishing emails to its users. Which means the hacker likely took a user’s credentials taken from another source, that uses similar login information.
VoIP provider, Boardvoice leaked customer’s data due to an Elasticsearch database accessible for anyone with no authentication required. About 350 million customer’s records of mid to small business records were leaked. The VoIP provider offers business communication systems that include voice, contact-center technology, remote-workforce help, Salesforce.com integration, and unified communications. Most of these offers from Boardband hosts are for doctor’s offices, law firms, retial stores, and many more. The data leaked have included:
- Full Name
- Business Name
- Phone Numbers
- Transcripts of voicemails
The national bookstore chain sends out an email to those affected by stating cyber criminals gained unauthorized access to the corporate systems. The outage hit its retail stores where a few registers were unable to function. The company was unable to confirm how many customers data was exposed, but did point out how email addresses, billing and shipping addresses, telephone numbers and transaction histories may have been exposed. However, the bookstore company did clearly state that no financial data was taken by the cybercriminals. They also do warn its customers that the leaked email addresses may be used in phishing campaigns in the near future. We strongly urge you if you ever have given Barnes and Noble your email address to be on the lookout for phishing email scams.
Cyber attackers breached 3 million customer’s payment cards from Dickey’s Barbeque. The data breach on the cards reports between July 2019 to August 2020. The company has confirmed the data breach and is working with the FBI and payment care networks in resolving this hack. Although this isn’t; the first data breach from the company, back in 2015 Dickey’s Barbeque was also hit by a ransomware attack demanding $6,000 extortion. Security researchers also believe that a few factors may have caused this hack of the month, either from old POS systems, payment terminals were misconfigured, and how Dickey’s operate as a franchise model. Franchise model meaning each location owned individually/separately dictating the type of POS device and processors they utilize.