At a glance.
- AnyVan discloses data breach.
- Excellus settles HIPAA lawsuit.
- Vulnerabilities found in Reolink security cameras.
- User records for photo editing app Pixlr published online.
- OpenWrt forum breached.
AnyVan data breach goes unnoticed for months.
European online transportation marketplace AnyVan has notified their customers that cybercriminals compromised their user database, reports the Register. Though the breach occurred in September, it was not detected until New Year’s Eve. The exposed data include customer names, email addresses, and hashed passwords. AnyVan has advised customers to change their passwords, but it is unclear whether any additional action is being taken by the company to avoid future breaches. AnyVan has not officially reported the attack to the UK’s Information Commissioner, indicating the company does not see the breach as a high-risk incident.
Excellus settles HIPAA violation lawsuit.
Excellus Health Plan, based in the US state of New York, will pay $5.1 million to settle a lawsuit regarding the health insurer’s violation of HIPAA laws in connection to a 2013 data breach, reports Healthcare IT News. The breach, which exposed the protected health information of over 9.3 million individuals, was the result of a malware attack that lasted seventeen months. The subsequent investigation conducted by the US Department of Health and Human Services Office of Civil Rights found that Excellus had broken HIPAA laws by neglecting to implement the necessary risk management and access control procedures.
When security cameras are not secure.
The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released an advisory regarding vulnerabilities found in Reolink security cameras. Researchers at Nozomi Networks explained how they uncovered the security flaws in the camera’s Peer-to-Peer (P2P) feature, which allows the user to transparently connect to audio or video streams online and unfortunately opens the door to threat actors seeking access to sensitive information. After realizing that the privacy weaknesses of P2P functions were unknown to most users, Nozomi began an in-depth investigation in order to better inform the security community of the issue.
Nearly 2 million Pixlr user records exposed.
A hacker published 1.9 million user records from online photo editing app Pixlr on an underground forum, BleepingComputer reports. While the Inmagine-owned app is free, users can sign up for premium accounts to access special features. The infamous cybercriminal known as ShinyHunters says he obtained a database including users’ hashed passwords and location from Pixlr’s AWS bucket when he breached the stock photo website 123rf (also owned by Inmagine).
OpenWrt forum hacked.
SecurityWeek reports that the developer of the open source Linux operating system for embedded devices, the OpenWrt Project, suffered a data breach this past weekend. OpenWrt notified users that its forum was infiltrated when a hacker gained access to an administrator account, despite the account being protected with a strong password. The threat actor stole usernames, email addresses, and user statistics.