This month’s cyber hacks of the month feature cyber hacks from cyberattackers and security data breach of vulnerabilities discovered by security researchers or IT teams and reported by online IT news pages. October is filled with hacks and vulnerabilities for the month, where we publish the highlights of what you might have missed.
Mashable Security Data Breach
The technology news website released a statement and confirmed the data breach that involves about 100 million users. They have disabled all accounts impacted by the breach. The information that was exposed includes:
- First and Last Names
- Email Addresses
- Date of Registration
- IP Addresses
- Links to social media profiles
- Expired Authorized Tokens
- DOB -Days and Months only
Computer manufacturer Ompal, confirms a security incident that affects its automated systems which halted short term projects. The company produces notebooks and laptops for Apple, Lenovo, Dell and others. The company’s IT staff are working to backup any important files that weren’t affected and restored the system within a week’s time.
A third vendor, Prestige software that is a reservation platform for major hotel chains had suffered a security data breach.
Mobile app game for kids, Animal Jam discloses a security data breach on 46 million accounts.The company WildWorks who created the game fully responded with total transparency and stated that the hackers took control of their slack server gaining access to their AWS key. After the breach occurred they were unaware any data was stolen. Here is the data exposed includes:
- Hashed passwords
- Email addresses
- IP addresses
- Parents names and billing addresses
- Gender and birthdate (year only)
- The outdoors clothing retail company North Face suffered a security data breach which is a ransomware attack on its online user’s accounts. The cyber attackers made an attempt to credential stuff attack on its website. Credential stuffing is successful when hackers take advantage of people who reuse the same usernames and passwords across multiple online accounts. The company sent out emails the those affected and attempted to reset its customer’s passwords. Furthermore, North Face stated that all bullet points below may have accessed by the cybercriminals. If so be alert for any social engineering tricks that involve phishing attacks to your email.
- Billing Addresses
- Shipping Addresses
- Loyalty Points
- Email Preferences
- First and Last Names
US largest food cold storage is the latest to be a victim of a ransomware attack. The attack has affected the company’s phone system, email, and inventory management. Truck drivers tweeting saying when arrived at an Americold facility they were unable to assign him a dock door. As the food supply giant is a critical role in supporting the food supply chain as soon to be distributing COVID-19 vaccines during this difficult time. This security data breach is a wake-up call for companies who are considered critical and must be operational 24/7 need to double-check their network security. The company will continue to take security measures to its infrastructure and customer information.
A data breach of about 10 million users on Pray.com mobile app. The information exposed was related to personally identifiable information (PII). The discovery was made by vpnMentor and they attempted to contact Prayer.com with no success turned to Amazon to remove the contact files from the unsecured database. The files on the database date back to 2016 and other pray.com data such as direct access to a mobile phone’s full list of contacts, donations made, church’s attendees along with information exposed included:
- Phone Numbers
- Home & Business Addresses
- Company Names