Monthly Breach Report August 2020

  • by

Breach Report August Firecompass

This report summarizes the top breaches from early July till 15th August 2020 accounting for the major breaches the world has seen. This helps you in keeping track of the latest hacks and safeguarding your organization by looking at the trends. We share insights to the breach

 

 

Kiwi Bank Breach

Kiwibank is investigating how it sent 4200 customers an email or online bank statement with their own account number, name and address, but another person’s transaction history. The commissioner, John Edwards, said some people will be identifiable by the statements and information sent.

“We generally have an expectation that our financial records will be kept private and the banking relationship is one of high expectation of confidence so to get this so wrong is a pretty serious matter.

Anyone affected had a right to complain to the commission, he said.

“If any of the 4000 or so people whose statements have been disclosed to the wrong person suffers some adverse consequence because of that they can come to us and maybe we can help.”

Citrix

In the letter, Citrix unveils that the attackers “had intermittent access” to Citrix’s inner system between Oct. 13, 2018, and Mar. 8, 2019, yet there is no proof that the cybercriminals stay in the organization’s frameworks. There is additionally “no indication” any of Citrix’s goods or services were compromised by hackers.

Cybercriminals are had some expertise in focusing on far off nations and taking ordered data from government offices and major financial players. As of late, Iranian hackers have been blamed for hacking VPN servers worldwide trying to secondary passages in enormous corporate systems.

Git Analytics Form Waydev

Waydev, an m used by software companies, has disclosed a security breach in July .The company says that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database.

Waydev CEO and co-founder Alex Circei said Waydev learned about breach after one of its customers was contacted by GitHub’s security team after GitHub detected suspicious activity originating from the customer’s Waydev token.

READ MORE >>  Domain Hijacking & 3 Easy Countermeasures

Dunzo

Google-backed Indian hyperlocal delivery service Dunzo said it suffered a data breach that left customer data including email IDs and phone numbers exposed. The company said that hackers gained unauthorized access to one of its databases:

“Recently, our team identified a security breach that involved unauthorized access to one of our databases. While we are still investigating, we believe it is our responsibility to inform you as soon as possible.”

It included that money related subtleties, for example, charge card data and exchange subtleties were not bargained. Dunzo said a worker of an outsider help that it used to store its databases was penetrated. The startup didn’t give any insight regarding this outsider assistance.  For safety efforts, the organization has now made sure about the entirety of its databases and changed gets to tokens and passwords to forestall any further information penetrate.

Promo.com

In the most recent seven day stretch of July an Israeli showcasing video firm, Promo.com uncovered a massive client information penetrate seeming to have affected in excess of 23 million records, as per “have I been pwned”. The break, happening through an undisclosed outsider merchant of the promoting site, likewise influenced the subsidiary organization, Slidely. In outsider actuated breaks, it isn’t unexpected to see the expanding influences of a penetrate in a digital biological system. The breach was found when client information was uninhibitedly accessible on a darknet gathering.

About FireCompass

Firecompass helps to Enumerate Vulnerabilities (CVEs, Takeover Risk etc.), Discover Exposed DB Servers & S3 Buckets, Discover Domains, Exposed Applications, Websites & Identify Exposed Documents & Files, IoT Infrastructure, Compromised / Malicious Infrastructure, exposed services like APIs, FTP Servers, Exposed Personnel Information including email addresses, phone numbers etc. It can also Detect Fake Mobile Apps & Websites or Domains.

You can use FireCompass for the following usecases:

  • Shadow IT & Asset Inventory
  • Red Teaming Attacks & SOC / Security Effectiveness Testing
  • Ransomware Attack Surface Monitoring
  • 3rd/4th Party Breach Monitoring

Reference

https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-july-2020-77-million-records-breached 

Request Demo