At a glance.
- Third-party breach affects cryptocurrency exchange.
- Tata Communications sustains data breach.
- ShinyHunters resurface with new breach.
- Password reset required at Moneycontrol.
- Healthcare data exposed in third-party breach.
Paxful data exposed through third-party breach.
A hacker on a Russian-language Telegram channel claims to have stolen customer and employee data from New York-based cryptocurrency exchange Paxful. Cointelegraph reports that a Paxful spokesperson says the theft was not the result of a breach of the company’s systems, but rather the data was obtained from a third-party supplier, and that customer data was not in fact involved. “Paxful terminated its contract with this supplier in September 2020,” they stated.”We have taken measures to ensure that our employees are not impacted by this event and we’re continuing to actively monitor the situation as a precautionary measure.”
Tata Communications suffers data breach.
On the heels of the breach of digital wallet Mobikwik, another India-based tech giant has suffered a data leak. OpIndia reports that hackers allegedly infiltrated the servers of telecommunications leader Tata Communications. The threat actors are offering to sell backdoor access to other hackers for the price of $9,000 in bitcoin, and are also willing to unload the 50GB of data, which includes customer information, contract details, employee emails, plaintext passwords, and administrator credentials.
ShinyHunters hit Upstox.
The ShinyHunters, the threat group allegedly responsible for attacks on several Indian firms like BigBasket and ChqBook in the past year, have struck again. Inc42 reports that leading India-based investment platform Upstox suffered a ransomware attack that potentially compromised the data of 2.5 million customers. ShinyHunters has requested $1.2 million in exchange for not publishing the stolen data, Medianama explains, and has already released the data of 100,000 investors as a warning. Security researcher Rajshekhar Rajaharia discovered the breach when he encountered the data for sale on the dark web. The thieves claim they used Amazon Web Services keys to access Upstox servers, and the stolen data includes names, identification numbers, and passport info. In response, Upstox stated on its blog, “We have upgraded our security systems manifold recently, on the recommendations of a global cyber-security firm. We brought in the expertise of this globally renowned firm after we received emails claiming unauthorized access into our database.” Though it’s unclear exactly when the breach occurred, Upstox experienced an outage for two days in February, which the company said was the result of hardware issues. Insiders say the company notified India’s Computer Emergency Response Team of the incident on March 31, meaning the company was aware of the incident for almost two weeks before it informed users.
Moneycontrol news website resets user passwords.
Also in India, finance news site Moneycontrol notified users that their passwords have been reset en masse due to a policy update, but it appears the reset might instead be in response to a data leak. Inc42 explains that researcher Sourajeet Majumder discovered the stolen data of more than 700,000 users being sold on the dark web for $350. The hackers claim to have access to 40 million user records total, and the stolen data includes usernames, phone numbers, geographic locations. Plain-text passwords were also present, which likely prompted the forced password update just one day after Majumder reported his discovery on Twitter. The hackers claim they gained access to the data via a blind SQL injection.
TriHealth medical data exposed.
Patient and employee data from TriHealth medical system, based in the US state of Ohio, might have been compromised through third-party breach, reports WKRC Cincinnati. TriHealth works with Bricker & Eckler law firm, who experienced a breach of their email systems, exposing “personally identifiable and protected health information belonging to a select group of TriHealth employees and patients." The firm says it is improving its security procedures and is contacting all compromised individuals.