MyFitnessPal Data Breach
| Breach: | MyFitnessPal |
| Date of breach: | 1 Feb 2018 |
| Number of accounts: | 143,606,147 |
| Compromised data: | Email addresses, IP addresses, Passwords, Usernames |
| Description: | In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to “BenjaminBlue@exploit.im“. |
I’ve Been Hacked – What To Do After You’ve Been Hacked
By Carter Graydon at Hacked.com
There’s nothing quite like that feeling of dread that slowly envelops you when you realize you’ve been backed. Regardless if it’s just your social media account or something as serious as your bank account or credit card, you can’t escape those first few moments of confusion, anger, and the overwhelming sense of fear. You don’t know how they got your information, what other accounts they’ve had access to, how long they’ve had access, and it’s terrifying. So I’ve come up with a checklist to help you protect yourself from further damage and begin the repairing process.
Do Not Panic
First off, breath. It might sound silly, but you need a clear head to proceed. Panic and fear will only lead to confusion. You can easily forget crucial steps you need to take or repeat ones and waste time.
Change your Passwords
Change your passwords, especially if you use the same password for multiple accounts. You should change your passwords once every 3-6 months. Consider using a password management software like LastPass or KeePass. In the future, set up two-factor authentication when possible.
Identity Theft? Notify Credit Agencies
If your personal information (such as social security number) has been compromised, notify the credit agencies (Equifax, Experian and TransUnion) and request a 90-day credit alert. Activating this tells businesses to contact you before any new account can be opened in your name. This alert can be renewed every 90 days. It can also stay in effect for seven years – so long as your identity has been stolen, and you’ve filed a report with the police.
The Federal Trade Commission also offers some excellent advice and includes details on how to get your life back after your identity has been stolen.
Monitor your Credit Card Bills
Monitor your credit card bills and double check any charges you don’t recognize. Criminals are known to make small charges to begin with, hoping they’ll go unnoticed, before running your card for something really big. If you see a charge you didn’t make, call the credit card company and alert them right away.
Close Accounts
If someone has already stolen your identity and opened an account, immediately contact the credit issuer and have the account closed. Dispute any charges that were made. Request your credit report from one of the three credit agencies and ask for any unauthorized accounts or incorrect information be removed from your record. This will help preserve your credit score.
Record Calls
Submit your report through the FTC website and keep copies of all your reports and correspondences with these agencies. Record everything, use certified mail and get delivery receipts. Most of the places you’ll need to call will have a notice, “This call may be recorded for quality assurance purposes”, but don’t rely on them for recording the conversation. Record the call yourself, but be sure to inform the person on the other end of the line that you are recording the call. Check your state for telephone recordings laws.
Check the Sent Folder in your Email
Check your sent folder of your email and look for any messages that may have gone out that you didn’t send. Hackers might request personal information from banks or send viruses to your friends. If you see anything suspicious, contact the recipients and let them know.
If the hacker has gained access to your account and locked you out by changing the password, you’ll need to contact the email provider and prove you’re the rightful account holder. And remember, if you’ve used your email address and the same password for other websites, those are all compromised as well. Change those as fast as you can to beat them to the draw. Even if you don’t use the same password for those accounts, the hacker can still use the “forget my password” feature and have a new one email to them.
If you’re concerned, your computer may have a virus, avoid making online purchases until you have run comprehensive anti-virus and malware software. Some virus installs keyloggers on your computer, letting the hacker see every keystroke. Typing in your credit card information is all they would need.
First it was Marriott, now Quora has been Hacked…
100 million Quora users may have had their data accessed by an unauthorized third party. Quora is actively investigating the incident, and has already taken steps to improve its security.
What happened
On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to one of our systems. We’re still investigating the precise causes and in addition to the work being conducted by our internal security teams, we have retained a leading digital forensics and security firm to assist us. We have also notified law enforcement officials.
While the investigation is still ongoing, we have already taken steps to contain the incident, and our efforts to protect our users and prevent this type of incident from happening in the future are our top priority as a company.
Read more on their blog here.
Marriott Data Breach and What You Need to Know
Marriott just announced a data breach that’s exposed sensitive customer info
Here’s what you need to know about the Marriott breach
· Marriott International said its Starwood guest reservation database was breached, exposing the personal info of about 500 million customers.
· Compromised data includes: Name, address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account info, date of birth and more.
· Some customers’ info also includes payment card numbers and expiration dates, but the payment card numbers were encrypted.
How to protect your info after this breach
To support you during this time, we’ve put together some guidelines to help you protect yourself:
· Stay alert for new info. If you have been part of a data breach, the breached company may send you a notice. Retain all documents and consider any suggestions they may have. Also, pay attention to and retain any mail you receive that is unfamiliar to you, such as notices from the IRS regarding your taxes or any bills from unknown lenders.
· Change your passwords on any accounts that may have been breached and remember to use unique passwords across different accounts.
· Keep an eye on your financial accounts online and set up any alert features they may have. This could help save time and keep you notified of any unusual events if they occur.
· Monitor your credit and identity by checking your credit reports at each of the 3 credit bureaus for free once every 12 months. Look for unusual activity, such as new accounts, personal info or inquiries.
The SecurityOrb Show – An Interview with Dr. Elizabeth Milovidov, Esq. founder of DigitalParentingCoach.com. – 11/27/2018
I had the opportunity to speak with Dr. Elizabeth Milovidov, Esq. founder of DigitalParentingCoach.com about Internet Safety.
Listen to what Dr. Milovidov has to say here:
Elizabeth Milovidov is an American lawyer, a French law professor and a European eSafety consultant. She founded Digital Parenting Coach and provides support to governments and associations.
From 2014-2016, she consulted for European Schoolnet, a European consortium of 30 Education Ministries on several internet-related projects, including the ENABLE (the European Network Against Bullying in Learning and Leisure Environments) project and 2017-2018 she helped create the e-Salama national child online protection plan in Morocco. Currently, she is consulting for the Digital Society division of the Ministry of Transport and Communication, Qatar.
She provides support to EU Kids Online, Internet Matters, UK Safer Internet Centre, Family Online Safety institute, DigiLitEY and many other key actors in online child protection. She is a frequent guest on France 24 where she shares digital parenting tips and strategies.
She regularly intervenes as an independent expert on Children’s Rights and the Internet and Digital Parenting for the Council of Europe and is currently an Expert Working Group member on Digital Citizenship Education as well as a member of the Drafting Group of Specialists on Children and the Digital Environment.
She has several publications on parenting in the digital age available on Amazon and co-wrote the Internet Literacy Handbook for the Council of Europe. She is an international speaker on Internet safety issues, leads parental workshops, writes on digital parenting, and coaches parents on best practices in the digital age through her website www.digitalparentingcoach.com and Facebook Group, The Digital Parenting Community.
A graduate of UCLA and UC Davis, she practiced as a litigator in California for four years before moving to France to work as General Counsel in two Internet Technology companies. She earned a Ph.D. in International Relations and Diplomacy from the American Graduate School (AGS) in Paris (dissertation: international adoption via Internet and photo listings).
She is an Assistant Professor at AGS and a lecturer at several universities in France and Geneva and specializes in Law and Technology (ISCOM, Paris), Intellectual Property and Internet Law (INSEEC, Paris) and Children’s Rights and the Internet (University of Geneva, Geneva).
CVE-2018-15454 (Cisco SIP) Exploit Information
IB-18-20248-CVE-2018-15454 Exploit Attempts Against Government Facilities Sector
TLP: AMBER
Department of Homeland Security
NCCIC US-CERT
Reference Number: IB-18-20248
Report Date: 2018-11-15T22:19:01+00:00
Notification:
DISCLAIMER: This report is provided “as is” for informational purposes only. The
Department of Homeland Security (DHS) does not provide any warranties of any
kind regarding any information contained within. The DHS does not endorse any
commercial product or service, referenced in this bulletin or otherwise. This
document is distributed as TLP:AMBER: Limited disclosure, restricted to
participants’ organizations. Recipients may only use TLP:AMBER information with
members of their own organization, and with clients or customers who need to
know the information to protect themselves or prevent further harm. For more
information on the Traffic Light Protocol, see http://www.us-cert.gov/tlp.
Summary:
From October 2018, NCCIC analysts have observed network traffic indicating
attempts, by unknown actors against multiple government agencies, to exploit a
vulnerability [CVE-2018-15454] in the Session Initiation Protocol (SIP)
inspection engine of Cisco ASA Software and Cisco FTD Software. This
vulnerability could allow an unauthenticated, remote attacker to cause an
affected device to reload or trigger high CPU usage, resulting in a DoS
condition.
The vulnerability is due to improper handling of SIP traffic and affects Cisco
ASA Software Release 9.4 and later and Cisco FTD Software Release 6.0 and later
if SIP inspection is enabled (ENABLED BY DEFAULT). An attacker could exploit
this vulnerability by sending SIP requests designed to specifically trigger this
issue at a high rate on any of the following Cisco products:
– 3000 Series Industrial Security Appliance (ISA)
– ASA 5500-X Series Next-Generation Firewalls
– ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600
Series Routers
– Adaptive Security Virtual Appliance (ASAv)
– Firepower 2100 Series Security Appliance
– Firepower 4100 Series Security Appliance
– Firepower 9300 ASA Security Module
– FTD Virtual (FTDv)
This activity was observed in the Government Facilities Sector.
Analysis:
Host
IPv4: 46.249.59.196
Sighted: 2018-10-19 [only single sightings used]
Killchain Phase: Exploitation
Characterization: IP Watchlist
Notes: NCCIC analysts have observed network traffic from this IP address,
related to attempts by unknown actors against multiple government
agencies, to exploit a vulnerability [CVE-2018-15454] in the Session
Initiation Protocol (SIP) inspection engine of Cisco ASA Software and
Cisco FTD Software. This vulnerability could allow an unauthenticated,
remote attacker to cause an affected device to reload or trigger high
CPU usage, resulting in a DoS condition.
Attempted scanning/exploit activity will be over port 5060 and will
show a large number of incomplete SIP connections while the
vulnerability is actively being exploited.
Open source research indicates this IP is geolocated in the Netherlands
[ASN: AS50673]. Reporting by security vendors indicate this IP has been
involved in scanning, brute force attempts, and other malicious network
activity.
Host
IPv4: 5.62.63.223
Sighted: 2018-10-19 [only single sightings used]
Killchain Phase: Exploitation
Characterization: IP Watchlist
Notes: NCCIC analysts have observed network traffic from this IP address,
related to attempts by unknown actors against multiple government
agencies, to exploit a vulnerability [CVE-2018-15454] in the Session
Initiation Protocol (SIP) inspection engine of Cisco ASA Software and
Cisco FTD Software. This vulnerability could allow an unauthenticated,
remote attacker to cause an affected device to reload or trigger high
CPU usage, resulting in a DoS condition.
Attempted scanning/exploit activity will be over port 5060 and will
show a large number of incomplete SIP connections while the
vulnerability is actively being exploited.
Open source research indicates this IP has a point-of-presence (PoP) in
the United Kingdom [ASN: AS198605] and virtual PoP in the United
States. Reporting by security vendors indicate this IP has been
involved in scanning, brute force attempts, and other malicious network
activity.
Host
IPv4: 212.129.19.40
Sighted: 2018-10-19 [only single sightings used]
Killchain Phase: Exploitation
Characterization: IP Watchlist
Notes: NCCIC analysts have observed network traffic from this IP address,
related to attempts by unknown actors against multiple government
agencies, to exploit a vulnerability [CVE-2018-15454] in the Session
Initiation Protocol (SIP) inspection engine of Cisco ASA Software and
Cisco FTD Software. This vulnerability could allow an unauthenticated,
remote attacker to cause an affected device to reload or trigger high
CPU usage, resulting in a DoS condition.
Attempted scanning or exploit activity can be observed over port 5060
and shows a large number of incomplete SIP connections while the
vulnerability is actively being exploited.
Open source research indicates this IP is geolocated in France [ASN:
AS12876]. Reporting by security vendors indicate this IP has been
involved in scanning, brute force attempts, and other malicious network
activity.
