Tag Archive for: Stole

Attackers stole LastPass data by hacking an employee’s home computer

/in


LastPass says that a threat actor was able to steal corporate and customer data by hacking an employee’s personal computer and installing keylogger malware, which let them gain access to the company’s cloud storage. The update provides more information about how the series of hacks happened last year that resulted in the popular password manager’s source code and customer vault data being stolen by an unauthorized third party.

Last August, LastPass notified its users of a “security incident” in which an unauthorized third party used a compromised developer account to access the password manager’s source code and “some proprietary LastPass technical information.” The company later disclosed a second security breach in November, announcing that hackers had accessed a third-party cloud storage service used by the password manager and were able to “gain access to certain elements” of “customers’ information.”

On December 22nd, LastPass revealed that the hackers had used information from the first breach in August to access its systems during the second incident in November and that the attacker was able to copy a backup of partially encrypted customer vault data containing website URLs, usernames, and passwords. LastPass then advised its users to change all of their stored passwords as “an extra safety measure,” despite maintaining that the passwords were still secured by the account’s master password.

Now, LastPass has revealed the threat actor responsible for both security breaches was “actively engaged in a new series of reconnaissance, enumeration, and exfiltration activities” between August 12th and October 26th. During this time, the attacker stole valid credentials from a senior DevOps engineer to gain access to shared cloud storage containing the encryption keys for customer vault backups stored in Amazon S3 buckets. Using these stolen credentials made it difficult to distinguish between legitimate and suspicious activity.

It’s suspected the hacker accessed the private computer via Plex media software installed on the machine

Just four DevOps engineers had access to the decryption keys needed to access the cloud storage service. One of the…

Source…

CentraState hack stole data from 617,000, including some Social Security numbers

/in


FREEHOLD TOWNSHIP – CentraState Healthcare System is notifying 617,000 patients that information including names, addresses and Social Security numbers were part of a cyberattack that hit the hospital network in December, company officials said Friday.

The hacker obtained a copy of an archived database that also included dates of birth, health insurance information, medical record numbers and patient account numbers. No financial account or payment card information was involved, officials said.

CentraState, which largely serves western Monmouth and Ocean counties, said in late December that it discovered unusual activity in its computer system, forcing it to temporarily divert ambulances to other hospitals and halt outpatient care.

It joined a lengthy list of hospitals nationwide that have been targeted by hackers. The reason: The health care industry has lots of information that can affect the health of its patients, experts say.

CentraState cyberattack: Why are hospitals so vulnerable to hackers?

CentraState Medical Center in Freehold Township is shown Tuesday, April 14, 2020.

CentraState Medical Center in Freehold Township is shown Tuesday, April 14, 2020.

CentraState said it immediately took steps to contain the breech. It brought in a forensics firm to investigate and reported the incident to the FBI. The investigation found that an unauthorized person on Dec. 29 obtained a copy of the database.

In addition to the personal information, the database included information related to care, including physician names, diagnoses and treatment plans, the health system said.

A CentraState spokeswoman said Friday company’s computer system has been restored.

‘Highlight of my career’: Saxophonist who survived COVID plays for hospital that saved him

CentraState said it began mailing letters Friday to patients affected by the incident. It said it would provide credit monitoring and identity theft protection services to patients whose Social Security numbers were taken, And it encouraged patients to review statements from their health providers and insurers and report to them any inaccuracies.

“CentraState deeply regrets any concern this incident may have caused and is continually enhancing the security of its electronic systems and the patient data it maintains to help prevent…

Source…

Hackers Stole Data on 37 Million T-Mobile Customers

/in


Stock photo of T-Mobile headquarters

T-Mobile announced that hackers accessed data on 37 million of its customers, in a Thursday filing with the Securities and Exchange Commission. The massive security breach impacts both prepaid and postpaid customer accounts, and is the second notable hack in less than two years. The company said it is in the process of notifying those affected.

The (sort of) good news: T-Mobile has claimed that sensitive financial customer info like credit card and social security numbers were not part of the hack. Instead, the bad actors were only able to collect account data like names, billing addresses, emails, phone numbers, birth dates, and phone line specifics, according to the company. Still though, that’s a lot of data for cybercriminals to get a hold of, and T-Mobile customers should be aware that their personal information could be out there.

Hackers were reportedly able to access the data through a single Application Programming Interface (API), a software that allows multiple computer programs to communicate with one another. The bad actors broke into T-Mobile’s API without authorization.

The telecom provider said it first detected the hack on January 5, and shut down the malicious activity less than a day later, with the help of external cybersecurity support. However, by that point, the breach had been going on for over a month. The company noted that it believes hackers first got into the impacted API around November 25, 2022.

“The malicious activity appears to be fully contained at this time,” the company wrote in the Thursday filing, but added that it was continuing to investigate what happened.

G/O Media may get a commission

This most recent hack is far from the only one T-Mobile and its customers have had to deal with in recent years. In August 2021, the company admitted to an even larger breach concerning at least 48 million customers (though a subsequent class action suit alleged 76 million and hackers claimed the number was closer to 100 million). Previously, T-Mobile also suffered data breaches in 2020, 2019, 2018, and 2015.

The 2021 security failure resulted in T-Mobile paying out a $500 million settlement. $350 million of that money went to affected customers, while…

Source…

Hackers Behind Riot Games Breach Stole League of Legends Source Code

/in


Riot Games says it lost the source code to the multiplayer title League of Legends after hackers breached its internal systems last week. 

The hackers also stole the source code to another game, TeamFight Tactics (TFT), and the computer code for a “legacy anticheat platform,” Riot Games revealed on Twitter today.

In addition, the hackers sent a “ransom email” to the game studio on the same day, demanding it pay up to keep the source code private. But Riot Games is refusing to submit.

As a result, it’s possible the hackers could publicly leak or try to sell the stolen source code to the highest bidder. However, both League of Legends and TFT are already free-to-play titles. Copyright protections also prevent other game studios from stealing assets for a game. 

According to Riot Games, the real threat is the stolen source code giving cheaters a behind-the-scenes look at exploiting the game mechanics. “Truthfully, any exposure of source code can increase the likelihood of new cheats emerging,” the company said. “Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed.”

The stolen source code also contains experimental features for the games, but not all of these features may end up in the final product. 

So far, Riot Games has only said the hackers managed to infiltrate the company’s systems through a “social engineering attack.” This likely means the attackers duped a company employee into giving up their corporate password or installing malware onto their computer. 

The incident has temporarily forced the company to delay updates for its games. But in some good news, Riot Games maintains that no user data appears to have been compromised in the hack. The company also expects to repair its ability to release game updates later this week. 

“We’re committed to transparency and will release a full report in the future detailing the attackers’ techniques, the areas where Riot’s security controls failed, and the steps we’re taking to ensure this doesn’t happen again,” the studio added.

Source…