At a glance.
- Western Digital attackers demand ransom for stolen data.
- Latitude breach raises questions about customer data retention.
- Attackers use stolen admin credentials to steal Kodi forum data.
Western Digital attackers demand ransom for stolen data.
American data storage company Western Digital disclosed it experienced a “network security incident” earlier this month that resulted in the theft of company data. The firm declined to share details about exactly what data were exfiltrated, but TechCrunch reports that the hackers allegedly behind the breach have come forward and are claiming they made off with about 10 terabytes of data. They say the bounty includes customer data, and they’re demanding a ransom of a “minimum of 8 figures” in exchange for keeping the info from going public. To verify their claims, the cybercriminals demonstrated they could digitally sign a document with Western Digital’s code-signing certificate. For further evidence, they proved they are in possession of the phone numbers of several company executives, and shared screenshots of a folder from a Western Digital Box account, an internal email, and a group call with Western Digital’s chief information security officer. One of the thieves stated that their motives are financial, but that they’re having trouble communicating with Western Digital to negotiate payment. “I want to give them a chance to pay but our callers […] they have called them many times. They don’t answer and if they do they listen and hang up,” the hacker said. In an email sent to Western Digital, the attackers stated, “Cut the crap, get the money, and let’s both go our separate ways. Simply put, let us put our egos aside and work to find a resolution to this chaotic scenario.” Western Digital has declined to comment on the hacker’s claims.
Latitude breach raises questions about customer data retention.
Australian finance services giant Latitude Financial is working to recover from the massive March data breach that resulted in the theft of approximately 14 million customer records, which the cybercriminals behind the attack are threatening to publish on the dark web. As Latitude continues the arduous process of notifying the impacted customers, ABC reports that some individuals are claiming they’re receiving notifications despite never being Latitude clients. What’s more, many are wondering how 14 million customer records were stolen when Latitude only has 3 million customers. Experts say it could have something to do with Australia’s financial institution data retention laws, which vary across different jurisdictions and industries. Although the Australian Privacy Principles state that "entities must also take reasonable steps to destroy or de-identify the personal information they hold once it is no longer needed for any purpose for which it may be used or disclosed under the APPs," there are several exceptions, and companies sometimes fall behind on destroying unneeded customer data because of the cost. Rob Nicholls, an associate professor in regulation and governance at the University of New South Wales, explained, "I think part of the problem is that it's cheaper to keep data than to cleanse it properly.”
Attackers use stolen admin credentials to steal Kodi forum data.
The Kodi Foundation, maker of a cross-platform open-source media player, has disclosed it suffered a data breach in which attackers exfiltrated the organization's now-shuttered MyBB forum database and attempted to sell it online. Bleeping Computer explains that the forum, which supported approximately 401,000 members and contained over 3 million posts, served as a platform to discuss media streaming tips and advice. The hackers used an inactive staff member's credentials to log into the forum’s Admin console, from which they created and downloaded database backups. In a notification to users, Kodi explains, "MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February.” The compromised data include public posts, staff posts, private messages sent between users, and forum member data including usernames, email addresses, and encrypted passwords. Security Week notes that the threat actor has started advertising the data for sale on underground cybercriminal marketplaces. Kodi announced Tuesday that it has begun the process of rebuilding the forum by commissioning a new forum server, a move that was in the works before the attack. Kodi stated, “We have chosen to redeploy the forum on the latest version of MyBB software. This requires us to extract and review all differences between the latest MyBB release and the fork we maintain, which includes numerous functional changes and backported security fixes.” The company has also taken steps to improve the forum’s security by hardening access to the MyBB admin console, revising admin roles, and improving audit logging and backup processes.