These are the hacks and data attacks that happened last month. A short recap and rundown of what you might have missed in regards to consumer personal data exposed. Hacks of the Month —February!
Week 1 (Feb 1 -9):
Home improvement site Houzz has suffered a data breach, with an unknown amount of user information. The company sent out an email to affected users that a third-party gained access to a file that contained public and private user data. The hack involved the theft of profile information, including usernames, salted and hashed passwords, IP Addresses, and Facebook Information. The company also added this FAQ on the breach. Now is a good time to check and change both Houzz and Facebook passwords asap!
A list of 29 android beauty camera apps sends pornographic content, redirect victims phones to phishing sites and collect their pictures. The apps have been since removed from the Google Play store. Furthermore, these apps have been downloaded more than 500,000 times. Android malware continues to evolve and Android users need to be cautious with free non-paid apps to download and permissions to use in the app.
Week 2 (Feb 10 – 16)
As mentioned in a previous article here, Donkin’ Donuts suffered a similar data attack. Twice a victim of credential stuffing attack, hackers gained access to DD Perks accounts. The data includes username and passwords used on various online accounts.
Users have reported account lockouts and changes. Hackers gained access to their accounts and changed the passwords. One user who was locked out of their account after the password was changed along with the email on file which ment the account password could not be reset by the user, the company denies any data breaches.
Dating site Coffee Meets Bagels company sent out an email to users on Valentines Day about a data breach. The email didn’t confirm how many users were affected but announced personal information such as usernames and email addresses registered prior to May 2018 were potentially hacked. The company also advises users to take caution against any unsolicited communications. This includes any emails with links or clicking on downloaded attachments from suspicious emails.
Week 3 (Feb 17-23)
Coinmama, a crypto broker that specializes in letting users buy cryptocurrencies with credit cards, suffered a data breach of 450,000 emails and hashed passwords. Coinmama is the latest to be hacked similarly to 16 other sites stolen accounts. The company does not store credit card information but advised users to change their password.