At a glance.
- Stolen Robinhood data offered for sale.
- Update on the Newfoundland healthcare data breach.
- Aruba Networks breach disclosed by HPE.
Hacker offers stolen Robinhood data for sale.
As noted last week, commission-free stock trading website Robinhood suffered a data breach that potentially compromised the data of nearly 7 million users. “Potentially” just became “likely,” as the alleged customer data has been posted for sale on an underground marketplace by an operator whose nom-de-hack is "Pompompurin." Pompompurin told BleepingComputer he gained access to the data by tricking a customer support employee into installing remote access software on their machine. The posted data includes the email addresses of 7 million users, 2 million of which include full names, but Pompompurin is declining to part with the more sensitive data, which includes the ID card numbers of about three hundred customers. The presence of the ID numbers is a new development, Pompompurin claiming he downloaded them from SendSafely, the secure file transfer service Robinhood employs when completing Know Your Customer (KYC) requirements.
It’s worth noting that Pompompurin was also responsible for hacking into the US Federal Bureau of Investigation’s (FBI's) email servers by exploiting a vulnerability in the FBI Law Enforcement Enterprise Portal, which he then used to send threatening emails from FBI IP addresses. No data are believed to have been compromised in the FBI hack.
Newfoundland healthcare data breach.
The healthcare system of the Canadian province of Newfoundland suffered a cyberattack in late October that disrupted operations and delayed medical procedures. As the province struggles to recover, authorities confirm the private data of patients and healthcare workers was accessed, and that for three out of the four local health authorities, personal employee info was in fact stolen. Details about the attack are murky, and the New York Times reports government officials remain tight-lipped, not even revealing which authorities are investigating the incident. “Our advice from world-class experts is to say nothing,” Newfoundland’s health minister John Haggie said at a news conference.
With little concrete info, cybersecurity experts speculate that the healthcare network’s outdated systems could have compounded the seriousness of the attack's consequences. University of Toronto assistant professor Nicolas Papernot said the systems are “too old to be maintained at current security standards.” Former Ontario privacy commissioner Ann Cavoukian, who described the incident as “appalling” told IT World Canada “This is sensitive health information. Why wasn’t it encrypted? Why were there not security measures associated with this? I think it was just overlooked all these years.”
Hewlett Packard data exposed in Aruba Networks data breach.
Hewlett Packard Enterprises (HPE) says that customer data was stolen as a result of a data breach involving Aruba Networks, networking equipment provider and HPE subsidiary. TechCrunch explains that companies working with Aruba use a dashboard called Aruba Central to manage their Wi-Fi networks, and the intruder gained unauthorized access to the Aruba Central cloud using a private key. (How the intruder obtained that private key has not been disclosed.) The compromised data includes info about devices accessing a customer’s Wi-Fi network, and location data about devices on the network, such as a device’s MAC and IP address, and device hostname and operating system. In some cases, the usernames of individuals accessing a Wi-Fi network were exposed, and HPE said usernames could include the users’ actual names or email addresses. Though the data was encrypted, the hacker could have used the private key to decrypt it.