At a glance.
- LinkedIn dataset for sale on underground forum.
- Fallout from the Facebook data leak.
- Learning platform security flaw discovered.
- The latest victims of the Accellion breach.
- Comment on the Broward County school district ransomware incident.
LinkedIn dataset for sale on underground forum.
Investigators at CyberNews have discovered an archive for sale on the dark web containing a massive set of user data scraped from leading professional networking platform LinkedIn. The database allegedly contains info pulled from 500 million Linked-in user profiles, and 2 million profiles have been posted as a sample, containing details such as full names, employers, email addresses, and phone numbers. While the seller says he will only disclose the selling price to interested buyers privately, he indicated an amount in the 4-digit range. Though the archive does not appear to contain highly sensitive information like financial data or social security numbers, the scraped data could be used for phishing scams or even identity theft. As TechRepublic notes, LinkedIn has 740 million users, so if the hacker is to be believed, the leaked archive contains a vast majority of the social media platform’s users (though it is unclear if the stolen data is current or outdated info from a past breach).
Fallout from the Facebook data leak.
As the CyberWire has been covering this week, the data of 533 million Facebook users was released for free on an underground forum, and though Facebook has stated that the data originated from a 2019 breach caused by a now-corrected vulnerability, Wired examines the inconsistencies in the social media giant’s response. Facebook pointed to a 2019 Forbes article as evidence that it has already publicly discussed the security flaw that led to the breach, but that article actually discussed a similar vulnerability in Instagram, not Facebook. And with Facebook’s checkered history with privacy issues (Cambridge Analytica, anyone?), it’s difficult to determine with any certainty exactly which of its several past breaches this particular dataset originated from. Often hackers combine or chop up datasets multiple times in order to sell them off in chunks of various sizes, and Facebook’s lack of transparency about the breach makes it all the more difficult to pinpoint the source and exact age of the data. Meanwhile, the Wall Street Journal offers a primer on what we do know about the breach, including how to determine if your Facebook account was among those exposed -- useful information seeing as Facebook has not indicated whether it will be notifying the impacted users.
Learning platform security flaw discovered.
Researchers at WizCase detail their findings on a vulnerability detected in Moodle, an open-source educational platform with over 240 million users in around 250 countries. Moodle is designed to help teachers and students share communications and documents, and the vulnerability, identified last October, essentially allowed anyone with a TeX filter-enabled Moodle account to take over other student, teacher, or even platform administrator accounts. TeX filter is typically used for mathematical formulas, so any school with a department involving math (engineering, economics, physics, and so on) was at risk. A patch for the issue was released in January of this year.
The latest victims of the Accellion breach.
The repercussions of last summer’s breach of Accellion’s file transfer service are still rippling through the cloud services provider’s many clients, and MSSP Alert offers a regularly updated overview of the incident, including details on the vulnerabilities that caused the breach and an ever-growing list of the entities impacted. GovInfo Security reports that the US Department of Health and Human Services’ HIPAA Breach Reporting Tool website has been notified of several additions to the list of victims, including two health insurance providers: HealthNet (who recently filed a lawsuit against Accellion for the breach) and California Health & Wellness. The University of California announced last week that the school had also been compromised in the breach, and Berkeley News reports that campus community members are being advised to sign up for credit monitoring services in case their data was stolen.
Comment on the Broward County school district ransomware incident.
Eddy Bobritsky, CEO of Minerva Labs commented on the gangland demand for an utterly unrealistic $40 million in an extortion attempt against Broward County, Florida, schools.
"Ransomware groups are continuing with the trend of data theft in addition to encryption. Devious ransomware operators understand that they can gain an edge in ransom negotiation by threatening not only to lock corporate data, but to leak it as well. Virtually all big ransomware groups have started leak sites where stolen data is published and unpaying victims are shamed.
"This is just another case demonstrating the major problem of ransomware attacks that are increasing more and more. It doesn’t matter if you are Public School, a contractor dealing with sensitive military data, or a small business with personal clients data, they are all target for this kind of attacks.
"This is another example demonstrate the importance for organization to protect themselves before the attack, no matter the organization type or size. This also shows why it is important not to relay only on detection and response solutions that were never built to prevent threats from execution, they build to detect them first."
We'll add that victims have little to no reassurance that the gangs will unlock and protect the data they've encrypted and stolen.