Tag Archive for: Million

73 Million AT&T Users’ Data Leaked As Hacker Said, ‘I Don’t Care If They Don’t Admit. I’m Just Selling’ Auctioned At Starting Price Of $200K – AT&T (NYSE:T)

/in


Telecommunications giant AT&T Inc. T recently disclosed a significant data breach dating back to 2021 that resulted in the exposure of sensitive information belonging to 73 million users and is now circulating on the dark web.

The leaked data includes a wealth of personal details such as Social Security numbers, email addresses, phone numbers and dates of birth, affecting both current and former account holders. AT&T revealed that among the impacted people, 7.6 million are current account holders.

“Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set. The company is communicating proactively with those impacted and will be offering credit monitoring at our expense where applicable,” AT&T said in its press release about the situation. 

Don’t Miss: 

The hacker behind this brazen cyberattack is ShiningHacker, a notorious figure known for previous data breaches targeting platforms such as Wattpad, Tokopedia, and Microsoft Corp.’s GitHub, according to Bleeping Computer.

Initially, AT&T denied any internal data breach when a small portion of the stolen data surfaced in 2021, claiming no knowledge of leaked information from their servers or vendors. 

However, subsequent investigations revealed a different story. While AT&T refuted the claims initially, ShiningHacker admitted to the breach, dismissing AT&T’s stance with the assertion, “I don’t care if they don’t admit. I’m just selling,” according to Bleeping Computer.

The hacker attempted to monetize the stolen data by offering it for sale on the RaidForums data theft forum, setting the starting price at $200,000 and accepting incremental offers of $30,000. ShiningHacker indicated a willingness to immediately sell the data for $1 million, underscoring the severity and audacity of the cybercrime.

Trending: Long overdue disruption in the moving industry is underway. Here’s how to invest in it with just $100.

Telecommunications providers have become recent targets of cyberattacks, with T-Mobile facing a breach in 2023 affecting 37 million customers, and Verizon Communications Inc. experiencing a leak impacting 63,000 customers and employees.

In December, the Federal…

Source…

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

/in


When thousands of security researchers descend on Las Vegas every August for what’s come to be known as “hacker summer camp,” the back-to-back Black Hat and Defcon hacker conferences, it’s a given that some of them will experiment with hacking the infrastructure of Vegas itself, the city’s elaborate array of casino and hospitality technology. But at one private event in 2022, a select group of researchers were actually invited to hack a Vegas hotel room, competing in a suite crowded with their laptops and cans of Red Bull to find digital vulnerabilities in every one of the room’s gadgets, from its TV to its bedside VoIP phone.

One team of hackers spent those days focused on the lock on the room’s door, perhaps its most sensitive piece of technology of all. Now, more than a year and a half later, they’re finally bringing to light the results of that work: a technique they discovered that would allow an intruder to open any of millions of hotel rooms worldwide in seconds, with just two taps.

Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker Dormakaba. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. Their technique starts with obtaining any keycard from a target hotel—say, by booking a room there or grabbing a keycard out of a box of used ones—then reading a certain code from that card with a $300 RFID read-write device, and finally writing two keycards of their own. When they merely tap those two cards on a lock, the first rewrites a certain piece of the lock’s data, and the second opens it.

“Two quick taps and we open the door,” says Wouters, a researcher in the Computer Security and Industrial Cryptography group at…

Source…

Estonia’s BotGuard OÜ secures €12 million in Series A funding to expand global cybersecurity reach

/in


– Advertisement –


BotGuard OÜ, a cybersecurity software company based in Tallinn, has secured €12 million in Series A funding led by MMC Ventures, with participation from Tera Ventures, Expeditions Fund, and angel investors including Stefan Lindeberg. The company specializes in helping web hosting providers manage and protect their infrastructure from malicious threats. With this funding, BotGuard OÜ plans to further develop its technology, recruit tech development talent, and expand its sales and marketing teams as it continues to scale globally.

BotGuard is a cybersecurity company founded in 2019, with a global presence and clients across more than 30 countries. The company specializes in developing user-friendly online tools designed to protect businesses from contemporary web threats. Embracing a remote-first culture, BotGuard boasts an international team comprising over 15 nationalities, collaborating on agile projects to enhance internet security for businesses and individuals worldwide. The company has secured funding through various rounds, with notable investors including Tera Ventures and Expeditions Fund.

Nik Rozenberg, CEO and co-founder at Botguard OÜ, says, “Every business should have effective web traffic management, yet there are no affordable solutions focused on the SME segment due to complicated and expensive onboarding processes. Malicious bot traffic can be extremely harmful for businesses – particularly for the likes of e-commerce retailers that depend on their website to operate – and organisations require tools that keep pace with the rapidly-evolving threat landscape. Even neutral web traffic – like some crawler bots – can drive up management costs. We are democratising web security by offering web hosting providers a flexible, easy-to-use, and cost-effective solution that still offers the highest level of control over web traffic. We are excited for this next stage of our growth journey as we continue to innovate and expand into new territories.”

Mina Samaan, Partner at MMC Ventures, states, “Born from the pain of living through this problem, Nik and Denis have built an impressive business, and the incredible traction BotGuard…

Source…

Prominent Sacramento law firm sues for $1 million after falling prey to ransomware attack

/in


A prominent Sacramento law firm that represents police officers and sheriff’s deputies in the capital region is suing a computer firm for more than $1 million alleging that, after hiring the company to provide cybersecurity, the law firm was hit with a ransomware attack.

The Mastagni Holstedt law firm filed the suit in Sacramento Superior Court this week against Lantech LLC, claiming that because of the cyberattack last year, Mastagni Holstedt was forced to pay a ransom to regain access to its data.

An office manager at Lantech who would not give her name Wednesday morning declined to comment when reached by phone, saying she knew nothing about the suit, which names Lantech, former Lantech owner Terry Berg and backup computer data storage company Acronis Inc.

Lantech did not respond to a subsequent email request for comment, and Acronis denied any responsibility for the cyberattack.

Law firm founder Davis Mastagni also did not respond to a request for comment.

The lawsuit alleges the attack came from a group known as “Black Basta,” a Russian-speaking group first detected in early 2022 that has been blamed for hundreds of ransomware attacks that have resulted in payments of more than $100 million by firms seeking to retrieve data.

“In its first two weeks alone, at least 20 victims were posted to its leak site, a Tor site known as Basta News,” according to a March 2023 “threat profile” by the U.S. Health and Human Services Department’s Office of Information Security. “It exclusively targets large organizations in the construction and manufacturing industries, but was also observed to target other critical infrastructure, including the health and public health sector.

“While primarily targeting organizations within the United States, its operators also expressed interest in attacking other English-speaking countries’ organizations in Australia, Canada, New Zealand, and the United Kingdom. Threat actors that used the ransomware have additionally impacted organizations based in the United States, Germany, Switzerland, Italy, France, and the Netherlands.”

The group has extorted at least $107 million in bitcoin from targets, according to a November report by Reuters news…

Source…