At a glance.
- Data breach reported at Idaho healthcare provider.
- Cell carrier discloses breach in billing system.
- DatPiff passwords for sale in C2C market.
Idaho healthcare system suffers a data breach.
Security Week reports that Saltzer Health, which operates twelve healthcare facilities in the state of Idaho, has disclosed a data breach that might have compromised personal patient data. The organization, owned by the large not-for-profit medical system Intermountain Healthcare, told the US Department of Health and Human Services that information on some 15,650 individuals was potentially exposed when an intruder gained unauthorized access to an employee email account last spring. The exposed data include contact information, driver’s license and state ID info, Social Security numbers, and financial account details, as well as medical info like treatment details, prescription info, and health insurance details.
UScellular breach exposes customer billing data.
US wireless carrier UScellular’s billing system was hacked last month, Bleeping Computer reports. Notification letters sent to approximately four hundred affected customers explained that the threat actors used some of the stolen account data to port customers' phone numbers. The compromised data include names, physical addresses, phone numbers, PIN codes, and plan details, but fortunately the system masks more sensitive info like Social Security and credit card numbers. Although the company, which describes itself as the fourth largest wireless carrier in the country, did not disclose the exposure of any employee data, a number of retail store login employee credentials were reset. This was the second attack suffered by UScellular last year, as last January hackers breached the carrier's CRM software.
Hackers play DatPiff passwords on repeat.
Crooks are hawking the unhashed passwords of nearly 7.5 million members of DatPiff, a leading mixtape hosting service. Though it’s unclear when the breach occurred, a stolen DatPiff database has appeared for sale in underworld souks since July 2020, but this is the first time the cracked passwords have been up for grabs. One hacker put the database up for sale in November, and then another offered it for free soon thereafter. DatPiff has been criticized for encrypting the passwords using the easily crackable MD5 hashing algorithm, widely considered obsolete. According to Bleeping Computer, DatPiff was breached by an attacker using a website vulnerability scanner, but it’s unclear whether the threat actor accessed the actual website or a server housing an old database backup.