At a glance.
- Cl0p breaches UK Pension Protection Fund (PPF).
- ChatGPT temporarily shut down after user data leak.
- More on the FBI’s takedown of BreachForums.
Cl0p breaches UK Pension Protection Fund (PPF).
The UK Pension Protection Fund (PPF) has been added to the growing list of organizations impacted by the exploitation of recently discovered vulnerabilities in the GoAnywhere file transfer service. The Record by Recorded Future reports that on Thursday the Cl0p ransomware group added over three dozen new victims to its leak site, and the hackers claim there are more than 130 victims total. One of Britain’s largest asset owners, the PPF says GoAnywhere’s parent company Fortra initially “assured us that our data had not been impacted, but that does not appear to be the case. The PPF disclosed that “some of our current and former employees have been affected” and that they are working closely with Fortra to respond to the breach. However, the organization says that the data of their current members and levy payers were not compromised in the incident. Other victims of the GoAnywhere hacks include Japanese tech leader Hitachi, Canadian financier Investissement Québec, metals and mining giant Rio Tinto, and British multinational Virgin.
ChatGPT temporarily shut down after user data leak.
OpenAI’s chatbot ChatGPT has seen a recent surge in popularity as users marvel at its ability to create convincing dialogue. Last week several ChatGPT users reported being able to see other people's chat queries and personal information in their history. Bleeping Computer reports that OpenAI took ChatGPT offline for ten hours to investigate the issue, and the American artificial intelligence research laboratory confirmed on Friday that a Redis client open-source library vulnerability was the cause.
OpenAI says the bug impacted 1.2% of ChatGPT Plus subscribers. “As soon as we identified the bug, we reached out to the Redis maintainers with a patch to resolve the issue,” Open AI explained. “Upon deeper investigation, we also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window." They added that the number of compromised users is likely to be very low as the leak required very specific actions to be taken during a limited period of time. Engadget adds that Open AI has taken steps to prevent the issue from occurring again, including adding redundant checks to library calls, "programatically examined our logs to make sure that all messages are only available to the correct user," and "improved logging to identify when this is happening and fully confirm it has stopped."
More on the FBI’s takedown of BreachForums.
As we noted last week, owner and administrator of cybercriminal marketplace BreachForums Conor Brian Fitzpatrick, aka "Pompompurin," was arrested by the US Federal Bureau of investigation (FBI) on March 15. The FBI and Department of Health and Human Services Office of Inspector General also conducted a disruption operation that resulted in the shutdown of the site. In connection with his activities on BreachForums, Fitzpatrick was charged with one count of conspiracy to solicit individuals with the purpose of selling unauthorized access devices and could serve a maximum sentence of five years in prison if convicted.
The Department of Justice reports that Fitzpatrick made his first appearance in court on Friday in the Eastern District of Virginia. With 340,000 members at the time of the arrest, BreachForums supported the sale of stolen data including bank account information, login credentials, social security numbers, and other personally identifying information, as well as hacking tools, breached databases, and services for gaining unauthorized access to victim systems. The Hill notes that the marketplace has been linked to breaches of millions of citizens, including lawmakers. The Record by Recorded Future adds that the FBI were able to determine that Fitzpatrick was the man behind the pompompurin account by using IP address data obtained from Verizon, Google, and Apple.
Deputy Attorney General Lisa O. Monaco stated, “Today, we continue our work to dismantle key players in the cybercrime ecosystem. Like its predecessor RaidForums, which we took down almost a year ago, BreachForums bridged the gap between hackers hawking pilfered data and buyers eager to exploit it. All those operating in dark net markets should take note: Working with our law enforcement partners, we will take down illicit forums and bring administrators to justice in U.S. courtrooms.” It’s worth noting that in a recent interview, pompompurin said he’d made plans in case of his future arrest, stating, “I have a trusted person who will have full access to everything needed to relaunch it without me. This person will also never be made known to the public, so it wouldn’t be possible for the police to also target them in the event that they want to get the forum taken down for good.” Whether BreachForums is resurrected in the future remains to be seen.