Tag Archive for: 300K

Detroit man sentenced to prison for hacking into bank accounts, stealing $300K

/in


A Detroit man was sentenced to prison for stealing more than $300,000 from the bank accounts in a criminal enterprise, Michigan Attorney General Dana Nessel said Wednesday.

Johnny Richardson, 28, was sentenced to three to 20 years behind bars for conducting a criminal enterprise that included gaining cellphone data of victims and hacking into their bank accounts for money or to take out loans, according to Nessel’s office. Richardson will be required to pay for court costs, crime victim fees and $309,210 in restitution.

Richardson already is serving eight years in prison for operating an unemployment fraud scheme during the COVID-19 pandemic. He pleaded guilty in July 2021 to stealing $138,000 in COVID aid.

Source…

Detroit man sentence to prison for hacking into bank accounts, stealing $300K

/in


A Detroit man was sentenced to prison for stealing more than $300,000 from the bank accounts in a criminal enterprise, Michigan Attorney General Dana Nessel said Wednesday.

Johnny Richardson, 28, was sentenced to three to 20 years behind bars for conducting a criminal enterprise that included gaining cellphone data of victims and hacking into their bank accounts for money or to take out loans, according to Nessel’s office. Richardson will be required to pay for court costs, crime victim fees and $309,210 in restitution.

Richardson already is serving eight years in prison for operating an unemployment fraud scheme during the COVID-19 pandemic. He pleaded guilty in July 2021 to stealing $138,000 in COVID aid.

Source…

Ransomware attack costs school board more than $300K

/in


Huron-Superior Catholic District School Board is projecting a deficit due to cyberattack; board also doling out cash for credit monitoring, cybersecurity measures

SAULT STE. MARIE — The Huron-Superior Catholic District School Board will operate with a $325,000 deficit for its 2022-2023 budget due to a ransomware attack that crippled the board’s information systems in mid-December and compromised personal information belonging to a number of its employees. 

“This deficit is a result of the cyber incident,” said business superintendent Justin Pino in an email to SooToday Monday. “Before the incident the board was projecting a balanced budget.”  

Additional expenses related to the Dec. 15 cyberattack covered by the board’s cyber insurance are not being disclosed. 

The English Catholic school board is also spending USD $69,212 annually for three years on software from SentinelOne, a California-based cybersecurity company, in order to protect it from potential cyberattacks. 

A two-year credit monitoring service for affected school board employees through TransUnion will run the board $30,000 following the Royal ransomware attack, which resulted in the theft of personal information — including social insurance numbers and banking information — for staff members employed by the board between 2019 and 2022. 

Board officials are not disclosing whether or not the school board paid a ransom to the attackers. 

 

 

 

 

 

 

Source…

Over 300K Spotify accounts hacked in credential stuffing attack

/in


Spotify

Hackers have been attempting to gain access to Spotify accounts using a database of 380 million records with login credentials and personal information collected from various sources.

For years, users have complained that their Spotify accounts were hacked after passwords were changed, new playlists would appear in their profiles, or their family accounts had strangers added from other countries.

Spotify users saying their accounts were hacked
Spotify users stating their accounts were hacked

A new report detailing how a database containing over 380 million records, including login credentials, is actively used to hack into Spotify accounts may shed some light on these account breaches.

300 million records with user info for hacking Spotify accounts

A common attack used to hack into accounts is called a credential stuffing attack, which is when threat actors make use of large collections of username/password combinations that were leaked in previous security breaches to gain access to user accounts on other online platforms.

Today, VPNMentor released a report about a database exposed on the Internet that contained 300 million username and password combinations used in credential stuffing attacks against Spotify.

Each record in this database contains a login name (email address), a password, and whether the credentials could successfully login to a Spotify account, as shown below.

Record in exposed database
Record in exposed database

It is not known how the 300 million records were collected, but it is likely through data breaches or large “collections” of credentials that are commonly released by threat actors for free.

The researchers believe that the 300 million records listed in the database allowed the attackers to breach 300,000 to 350,000 Spotify accounts.

VPNMentor contacted Spotify on July 9th, 2020, about the exposed database and its threat to accounts and received a response on the same day.

“In response to our inquiry, Spotify initiated a ‘rolling reset’ of passwords for all users affected. As a result, the information on the database would be voided and become useless,” the researchers stated.

It is not clear what is meant by a “rolling reset,” as Spotify account holders that BleepingComputer has spoken to did not recently…

Source…