The Monday Media Wrap Up: PayPal Phishing Scam, Ryuk Ransomware Attack, and Marriott Data Breach

Cybersecurity Articles from December 29 – January 4

Marriott Says Data Breach Not as Bad as Originally Disclosed
Skift | Deanna Ting | January 4, 2018
Following the news of the massive, four-year data security breach on November 30, Marriott International provided new updates Friday that show that the breach, while far-reaching, was not as impactful as the hotel chain originally reported. Marriott initially reported that it estimated some 500 million guests who made a reservation at a Starwood property from 2014 to September 10, 2018 may have been impacted by the data breach. On Friday the company said it has identified approximately 383 million records that may have been compromised, but noted that the number of guests impacted is likely less than 383 million. In a statement, the company wrote: “This does not, however, mean that information about 383 million unique guests was involved, as in many instances, there appear to be multiple records for the same guest.”

Hackers dump data of hundreds of German politicians on Twitter
ZDNet | Catalin Cimpanu | January 4, 2018
A group of hackers has published the personal details of hundreds of German politicians, but also German artists and local YouTube celebrities. The data was uploaded online and later promoted via Twitter, starting a few days before the Christmas holiday. The source of the data appears to be the victims’ smartphones. Details about how the data was stolen and exfiltrated from infected phones remain unclear, at the time of writing. According to German news outlets, which first reported the hack, the leaked data contains names, home addresses, phone numbers, email addresses, photo IDs, personal photos, and personal chat histories. The leak affects politicians part of all of Germany’s left and centrist political parties, such as the CDU, CSU, SPD, Greens, Left Party, and the FDP. Data from Germany’s populist right-wing party, the AfD (Alternative for Germany), was not included.

Town Of Salem Hacked Leaving More Than 7.6M With Compromised Data
Forbes | Davey Winder | January 3, 2018
BlankMediaGames (BMG) has confirmed that it suffered a data breach impacting more than 7.6 million players of popular browser-based role playing game Town of Salem. The breach was first disclosed on December 28th in an anonymous email to security firm DeHashed that included evidence of the server compromise and access to the complete player database. DeHashed state that the total row count of that database is 8,388,894 which included some 7,633,234 unique email addresses. According to the DeHashed disclosure, the compromised data contained email addresses, usernames, IP addresses, game and forum activity, passwords (phpass, WordPress and phpBBstolen) as well as payment information. It also stated “some of the users who paid for certain premium features having their billing information/data breached as well” although this has been disputed by BlankMediaGames.

Twitter let someone promote an obvious PayPal phishing scam
TNW | Mathew Hughes | January 2, 2018
Phishing scams are nothing new, but it’s certainly unusual to see them show up in your Twitter timeline as a promoted tweet. Nevertheless, earlier this evening, I came across this promoted post from the (since deleted) account @PaypalChristm. The account purported to be a legitimate PayPal account and promoted an end-of-year sweepstakes event. While it didn’t explicitly say what the prizes were, it dangled the prospect of a new car and an iPhone in-front of the potential marks. To be in with a chance of winning, all you must do is verify your details.

Except, it’s a fake. Sorry, I said the words. There were several tell-tale clues that @PaypalChristm wasn’t exactly kosher. For starters, in the phishing URL, it misspelled “PayPal” as “Paypall.” Furthermore, the tweet came from an unverified account with fewer than 100 followers. And then there’s the fact that the image on the promoted tweet just wasn’t congruent with PayPal’s distinctive branding. It looked like something someone knocked up in MS Paint in less than ten minutes.

‘Stalinist’ Vietnamese cybersecurity law takes effect, worrying rights groups and online campaigners
CNN | Euan McKirdy | January 2, 2018
Vietnam has enacted a catch-all cybersecurity law that could easily be used to ensnare citizen journalists and bloggers, free speech advocates and rights groups warn. The law, which criminalizes criticism of the government and obliges internet companies to store data locally and hand over user data to the government without the need for a warrant, came into effect on January 1, according to state media. In an article in the lead-up to the law being enacted, government-run media described the seven-chapter law as one that “(protects) national security and ensures social order and safety on cyberspace, and responsibilities of agencies, organizations and individuals.” In his New Year’s Day speech, Vietnamese Prime Minister Nguyen Xuan Phuc said: “Mass communication efforts must be stepped up to create ‘social consensus.’

Major US newspapers crippled by Ryuk ransomware attack
CSO Online | Ms. Smith | January 2, 2018
Ryuk ransomware is believed to be the culprit behind printing and delivery issues for “all Tribune Publishing newspapers” — as well as newspapers that used to be part of Tribune Publishing. The malware was discovered and later quarantined on Friday, but the security patches failed to hold when the servers were brought back online and the ransomware began to re-infect the network and impact servers used for news production and manufacturing processes. A Tribune spokesperson said the malware “impacted some back-office systems, which are primarily used to publish and produce newspapers across our properties.” The Los Angeles Times reported that the cyber attack is believed to have “originated from outside the United States, but officials said it was too soon to say whether it was carried out by a foreign state or some other entity.”

One thought

Comments are closed.