At a glance.
- Menswear brand Bonobos sustains data breach.
- Dating service MeetingMindful is compromised.
- Skeevy adult video service hacked.
- Report: court in Cook County, Illinois, suffers data exposure incident.
- California children's hospital sued over Blackbaud data breach.
Bonobos suffers data breach.
The infamous hackers or hacker ShinyHunters strike again, this time attacking US clothing retailer Bonobos, reports SecurityWeek. The Walmart-owned menswear brand informed its customers that usernames, contact information, and encrypted passwords might have been compromised in the breach, but that no financial information had been stolen. ShinyHunters has already posted the bounty, a 70GB SQL database containing millions of user records, in an underground hacker forum. While the passwords were indeed hashed, a hacker on the forum has already managed to decipher some of them, indicating Bonobos’s decision to reset all user passwords was a wise choice.
As if online dating weren’t hard enough...
ShinyHunters did not limit his targets to the well-dressed this week; he or they also published the data of more than two-million love-seekers from dating website MeetingMindful.com. ZDNet notes that the database includes sensitive information like real names, dating preferences and marital status, geographic coordinates, and hashed passwords. While no payment info is included, the data could be used to blackmail the victims with the threat of exposing their identities and dating histories, a practice some think could lead to “sextortion.”
Adult video service victim of cyberattack.
And speaking of which, in another potential “sextortion” opportunity, a hacker claiming he executed an SQL injection attack on adult video streaming and chat service MyFreeCams is now selling the stolen login credentials of two-million users, reports BleepingComputer. The data, which the seller explained could be used to access the tokens (funds for in-platform purchases) of these top-tier customers, include usernames, passwords, and token counts. Buyers trading in this criminal-to-criminal market, apparently unsatisfied with the initial selling price of $1,500 in bitcoin for all of the data, have instead opted to purchase smaller batches of one thousand records for $150.
Cook County court allegedly exposes case database.
SecurityWeek explains how researchers at WebsitePlanet found an exposed server containing over 323,000 sensitive records on court cases in Illinois’ Cook County, the second-largest county in the US and home to the City of Chicago. The database, which was easily accessible to anyone on the Internet, included personally identifiable information such as full names, street addresses, and case details. Two days after researchers informed the Cook County CTO of the breach, the database was secured, but the CTO has not yet issued a response. Though Cook County has not confirmed that the database belonged to them, researchers speculate that it was created by case workers working with especially vulnerable clients, as the cases involved sensitive issues like domestic abuse, child custody, crimes by minors, and immigration, all of which would make ideal material for blackmail.
California children’s hospital sued over Blackbaud breach.
Law360 reports that Rady Children's Hospital-San Diego, the largest children’s hospital in the US state of California, is being sued in a putative class action in federal court for its handling of patient data that were compromised in last year’s Blackbaud ransomware attack. The hospital, which uses Blackbaud to manage its fundraising software, is accused of violating California's Confidentiality of Medical Information Act and the California Consumer Records Act, as the plaintiff states it was the healthcare provider’s responsibility to "reasonably protect the confidentiality of the medical information that it maintains, preserves, stores, abandons, destroys or disposes of."