Unfortunately, these are the hacks, data attacks, security breaches and exposed flaws that happened last month. A short recap and rundown of what you might have missed in regards to consumer personal data exposed. Security breaches and hacks of the Month —April 2019.
Week 1 (April 1-6):
New phishing campaign alert targeting Verizon mobile users.
Verizon customers are constantly targeted by phishing campaigns and the company is aware of this. A page is available with variations of the fraud attempts to warn users to be on guard. The phishing campaign uses malicious links as Verizon Wireless Customer Support.
They have made the mobile browser webpage look convincingly like the official Verizon page. The malicious actors have even registered dozens of URLs to mimic Verizon’s domains.
Over 540 million Facebook users data was exposed on 3 unsecured Amazon servers. The information was collected by the Mexican social media firm, Cultura Colectiva. The information exposed to the public included account names, ID numbers, comments and reactions. Facebook and Amazon worked on removing the data. The breach didn’t come from Facebook itself but highlights how third-party apps can mishandle Facebook users data. Consider removing any app or service you no longer need on your Facebook account.
Week 2 (April 7 – 13)
Mircosoft acknowledged a security incident that an attacker broke in by compromising the login credentials of one of its support agents. The hackers had access for almost three months to webmail services, Outlook, Hotmail and MSN. The unauthorized access took place between January 1st – March 28th 2019. The compromised account belonged to a high privileged user, meaning they likely have more access to material than other employees. The company emailed affected users and recommending all affected users should change their passwords.
Week 3 (April 14-20)
An unprotected database belonging to Just Dial, India’s largest local search service, leaked personally identifiable information of its customers. The leaked data includes JustDials users’ name, email, mobile number, address, gender, date of birth, photo, occupation, and company name where they work. Pretty much profile related information the customer provided to the company.
Week 4 (April 21 -27)
A popular Android app called WiFi Finder exposes users’ home wifi uploading their network passwords to an unsecured database.
The exposed database didn’t contain contact information for any of the Wi-Fi network owners. Unfortunately, geolocation data was included. The app didn’t ask for permission from the network owners to link another user, allowing unauthorized access to the network. The app has been removed from the Google Play Store.
Bodybuilding.com the world’s most popular online fitness store, was hit by a security breach. The retailer decided to notify all current and former users and customers. The Information that may have been exposed is customers’ names, email addresses, billing and shipping addresses, order history, phone numbers, any communication on the site, dates of birth, and other data included in BodySpace profiles. The company advises users to change their passwords and on any other account to review suspicious activity.