Welcome to our Cybersecurity News Rundown for the month of December 2017. Here, we will be sharing latest and trending news on events and technological updates from the world of cybersecurity that happened over the past month. Make sure to visit the News Rundown by the end of every month for quick highlights and insights.
1. Nissan Canada data breach exposed data of 1.13 million customers
Nissan Canada’s finance business revealed that the firm has been a victim of a data breach. It all started with a malware placed on the Nissan Motor Co.’s network that allowed the transmission of sensitive data such as user IDs and passwords. The data breach exposed personal and financial information of 1.13 million current and previous customers of Nissan’s vehicle-financing arm.
The company became aware of unauthorized access to the personal information of some customers on 11th December 2017. It is believed that the unknown hacker may have had access to the customers’ personal information such as name and address, vehicle identification number (VIN), makes and models of cars, loan amounts, credit scores, etc.
2. A collection of 1.4 billion hacked and leaked password found on the Dark Web
As per the security researchers of 4iQ, who have been monitoring the Dark Web sites, online black markets and hacker forums, a 41GB file has been found on the Dark Web that contains 1.4 billion username and password combinations. The collection also consists of email addresses and other credentials in clear text. This huge data trove was found online on December 5.
According to 4iQ, the file shows dumps from LinkedIn, Pastebin, Bitcoin, RedBox, MySpace, Anti Public, Netflix, Minecraft, Runescape and many other well-known websites. The most common passwords found in the database are 123456, qwerty, password and 111111.
3. Bitcoin Heist: Millions stolen from NiceHash
NiceHash, a Bitcoin mining platform, was attacked and hacked by some professional hackers. The attack happened on 6th December, when the hackers broke into the Bitcoin mining marketplace using highly sophisticated social engineering skills. The hackers stole more than 4,700 Bitcoins, worth more than $60 million at current prices.
NiceHash stopped all the operations for 24 hours after the payment system was compromised and NiceHash Bitcoin wallet has been stolen.
4. MoneyTaker revealed after 1.5 years of silent bank heists, stole more than $10 million
A group of Russian-speaking hackers has been uncovered by the security researchers of the security firm Group IB. The security researchers nicknamed the group of hackers as “MoneyTaker” after the malware used in certain hacks. This group of hackers has been silently targeting financial institutions, legal firms and some major banks in United Kingdom, United States and Russia.
MoneyTaker stole millions of dollars since May 2016 through these international heists. It is believed that the group of hackers conducted more than 20 attacks against multiple financial institutions and stole more than $10 million.
5. Virtual keyboard app exposed 31 million users’ personal data
Virtual keyboard app developer, Ai.type accidentally leaked the personal data of approx 31 million users. As per the security researchers, the exposed personal data majorly consist of contact numbers.
The security researchers from Kromtech Security Center discovered the data breach and later reported that nearly 580 GB of sensitive data was leaked online. The leaked data was stored in MongoGB database which allows the user to access the stored files online. The server was owned by Mr. Eitan Fitusi, CEO, and founder of Ai.type. The exposed database is visible to the application’s Android users.