BLOG

Category Archives: News on Hack attacks

INSTAGRAM Data Breach left High Profile user’s Contact info exposed

20 Sep 2017
Chandru
No Comments

 

The hackers didnt leave Instagram too. The Breachers stole contact info of High-Profile users.

The cause of the hack, as we believe, might be due to its popularity and its global network which is increasing everyday.

We all know that Instagram is a fast growing online community of more than 600 million active users capturing (both pictures and videos) and sharing their moments, either publicly or privately, with the rest of the world.

In recent times, Instagram has made its user base to 700 million actives, in short span of years energized by web-sign, android phones and stories. The last 100 million users were added in just four months.

The growth rate of Facebook owned company is rapidly speeding up.

 

 

Having a motive of affecting their growth and hampering their reputation, the hackers gained access, to the contact information of high profile users, through a security breach.

The company made a note on security breach by stating that they recently found a bug that could possibly be used to access some user’s email information and contact numbers even if they were private.

No Password and other Instagram activities were revealed.

 

 

Adding more to the fact, earlier this month, Instagram’s most followed person’s account was hacked.

Yes, We are talking about Selena Gomez, a singer and an actress.

The hackers had posted, Justin Bieber’s many full-frontal naked pictures in her account. He is Selena’s ex-boyfriend and a singer by profession.

This posting of pictures was done for quite a short period of time before the company actually noticed it.

 

 

Now, Instagram is giving a red alert warning to the “high-profile users” that a hacker uncovered a bug and was able to access their personal data.

It is uncertain, if the hack just happened and Selena’s account was one among them or if she was part of the plan to he hacked.

 

 

The below statement was issued by Instagram:

“We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information — specifically email address and phone number — by exploiting a bug in an Instagram API,”

Meanwhile, the company added that it had quickly fixed the bug through which the intrusion took place and have been dealing with the law enforcement.

It added that “they cannot determine which particular accounts, may have been impacted“, in a very generic way, thereby not mentioning or commenting on the users, whose accounts were exposed.

 

A Demographic on Instagram:

gives information about the percentage of people using Instagram among the Internet users.

 

 

Near about 6 million Instagram accounts were hacked.

Doxagram is an online database, (dark data) that have been selling personal contact information of famous celebrities.

For $10, it sold private information of the top celebrities and it made use of Instagram, for those information.

 

 

According to UK cyber-security company, Repknight, who were able to identify the list of Instagram high profiles that were compromised, said that there have found 500 A list celebrities and High profile brands.

Following are the Popular celebrities, Musicians, Singers, Athletes, whose contact information were exposed during this attack:

  • Actors: Emma Watson, Leonardo Di Caprio, Channing Tatum, Zac Efron, Emilia Clarke.
  • Musicians: Britney Spears, Katy Perry, Adele, Snoop Dogg, Lady Gaga, Rihanna, Victoria Beckam, Ellie Goulding, Harry Styles, Taylor Swift, Beyonce,
  • Athletes: Sachin Tendulkar, David Beckham,Virat Kohli, Ronaldinho, Floyd Mayweather, Zinedine Zidane.

An Instagram account run by the social media group of the White House for the President of US was also reported to be one among the hack attacks.

Television model Kim Kardashian and her sisters Khloe Kardashian and Kourtney Kardashian were all on the database of the exposed list.

May be the hackers aim at selling the data of High-Profile users for money. But once the bad guys have privy to that information, they can launch phishing attacks at any moment.

Instagram mobile application had an issue in the reset password option which made to expose the contact numbers and email addresses but not the passwords. This threat existed in Instagram’s 2016 version. So, those users with their accounts up-to-date should be safe.

 

Shield yourself on Instagram

Instagram has been advicing their users officially on what has to be done if their account has been hit.

The exact statement said on a security note:

“Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails”.

NOW WATCH : 5 tips to help you stay safe on Instagram

 

In addition to that advice given by the official note, they also encourage the users to report about any unusual activity happening, through a reporting tool.

The users can make use of those tools by tapping the “…” menu from their profile, and then by choosing ‘Report a Problem’ and then by choosing ‘Spam or Abuse’.

Its good information that Instagram has got a page which gives advice to the users on how to manage their accounts and being safe from such threats.

The moment the users think that their account have been hacked, they should change their password immediately or send an reset password email by themselves.

For added protection, the users were also suggested about how to turn on Two-factor authentication on their accounts.

 

How to turn on two-factor protection on Instagram

 

 

  • Click the settings tab found in the right top of your profile.
  • In the options you will see “Two-Factor Authentication”
  • Then click “Require Security Code”
  • It will pop up saying “Phone number required, To turn this On, you need to add a phone number to your account”.
  • A code will be sent to your mobile phone each and every time you try logging in your account.
NOW WATCH: How to Enable Two-Factor Authentication

 

 

Share this post :

Category Archives: News on Hack attacks

Spambot Server – Massive exposure of Over 711 Million Email addresses

20 Sep 2017
Chandru
No Comments

What is a Spambot?

Spambots are automated computer applications capable of sending enormous number of emails to a large mailing list. These Spambots are utilized by Spammers for multiple purposes.

A Malware can be spread by attaching a virus in a spam email. They are also used to post undignified things in other’s inbox.

Email Spambots are the common type of Spambots well known for crawling through the web and collect email contacts from many sources such a  Web posts, chat rooms, newsgroups, dicussion forum, customer forums.

In this blog, we are going to see about how 711 million email addresses were exposed from Spambot Server.

 

 

A Spambot named, Onliner Spambot has compromised 711 million email addresses and passwords.

NOW WATCH: Onliner had affected 711 Million Email Accounts

 

The above incident was identified by Benkow, a security researcher. He found that the text files of the host contains server information of emails, login passwords and email addresses, that spammers manage to send, while he had a quick visit across the web.

Making use of these credentials, malware spam, were sent by the spammers.

The Malware spam is efficient enough to bypass the spam filters, for they use valid email servers.

The Spambot tests each and every arrival by linking to server to make sure that the details are authentic and spam are made to send. All the accounts are ignored for those which didn’t work in accordance with this way.

 

 

Onliner Spambot made use of SMTP (Simple Mail Transfer Protocol) details to deliver its Ursnif malware.

Since 2006, The Ursnif, a trojan had been affecting the users by stealing their usernames and passwords and also their banking account informations along with their debit and credit card particulars.

In a statement Benlow said that the onliner Spambot were using a list which had near about 80 million accounts.

 

 

In the files, each and every line comprises of SMTP server, email contact address, login password and the port which is being used by them to send the emails.

The Spambots delivers a “Dropper” file which almost looks like a usual email attachment. This when clicked and opened, simply downloads malware.

The Onliner Spambot made to hide a small pixel-sized image in the emails, it sent. These gets in through the spam filters as the credentials are authentic.

 

 

This Email when clicked, the small pixel image gets loaded and sends the IP address back with the entire information of the user, that identifies the operating system and other information.

The Ursnif malware eases the work of the attackers, that he knows who to be targeted.

This strategy is termed ‘fingerprinting’, which allows the spammers to demonstrate that the email campaign was successful or not.

 

URSNIF

It is a Password protected – MS Word attachment. The email containing this attachments, is the initial attack, which is identified as backdoor.spamdoccryptd.bc, which ends in the theft of data, IE., the Ursnif malware.

Below is a sample SPAM email comprising Password protected – MS Word file attachment.

 

 

Verify Yourself:

If you think that your email address is in the list of the attack, all you have to do is, visit the website www.haveibeenpwned.com. This website stores details of email contacts that have been exposed.

 

 

Panic time arises at the moment when you see your email address in the Onliner dump in the result section. Well settle down a bit and take a deep breath  and spend some time for simple remedial measures which are:

  • Changing your email passwords immediately
  • Ensure that you are not using the same password in any other accounts online, mainly for banking purpose.
  • Enable 2FA (Two Factor Authentication). Please refer to our other blogs on the usage of 2FA in a detailed way.
  • Always be aware of any suspicious activity on your bank account, as the attackers will try to secretly access your personal information.
NOW WATCH: 711 Million email Id’s Hacked. How to check Your’s?

 

A Info-graphic demonstration of the Spambot Invaders ilustrating the countries with the most spam sending bots in the entire world.

 

 

 

Share this post :

Category Archives: News on Hack attacks

Taringa: 28 Million Accounts exposed due to a massive breach

20 Sep 2017
Chandru
No Comments

Taringa is a social network predominantly used among Latin Americans.

It has its presence among the Spanish-speaking nations, Argentina, Peru, Spain, Chile, Colombia and US latino community and it receives 75 million unique visitors every month.

 

 

Earlier this month, a data breach shook the world. Yes, we are talking about Taringa data breach.

About 28 million registered user base were compromised by the hackers. They exposed merely all record. Taringa confirmed it.

It all happened on September 4, 2017, where the attackers stole the records of 28,722877 registered users. Initially it was disclosed by LeakBase, a data breach notification website.

In addition to the above, it was inferred and confirmed from the analysis that, the database contains email addresses, usernames and passwords with a weak MD5 Hashing Algorithm.

The company used a weak MD5 (128-bit) Algorithm, rather a strong SHA (256-bit) Algorithm, which was very easy to crack.

 

 

Hash passwords were using an aging algorithm MD5 which was considered outdated before 2012 itself. It can be interrupted easily by the attackers, resulting in access to all the user details.

The LeakBase group cracked near about 93.79 % (27 million) of the disclosed passwords by exploiting the threats in the MD5 Hashing Algorithm in a couple of days.

 

A small comparison between MD5 and SHA

Taking into consideration about the security alone which is the prime concern, SHA (Secure Hash Algorithm) is ofcourse highly secured than that of MD5, which is backed up by many facts, for your reference.

 

 

Database analysis:

Even though, numerous security websites are recommending and creating awareness to safeguard the passwords of the user’s login, the Taringa users, many of them used, very basic fundamental passwords to protect their more sensitive data.

As can be seen below,

The researchers at LeakBase identified the MD5 hashed and cracked nearly 26939351 passwords out of 28722877. The archive contains about 15 million+ passwords.

 

 

The shocking aspect is that most of the cracked passwords did not even contain any special characters or symbols.

The most used email services were Gmail and Hotmail.

To know what really the users of Taringa were using as passwords for logging in, please see the below:

 

 

The worst scenario is that the most used passwords were 123456789, 123456, 1234567890, 000000, 12345 and 12345678. The users of Taringa were using such a poor passwords to login.

 

Choice of Passwords – Whom to Blame?

Yes. It is the company’s fault alone which failed to recommend and implement a strong password policy for its users.

Soon after violations of data, the organizations usually tend to blame their users for poor password security usage, but instead they neglect to provide one.

Taringa, instantly realized its faults and forced a global reset on users. It has also updated to the secure SHA (256-bit) and points out that the end users need to take preventive security measures to protect themselves.

The Taringa admin said the following statement which is Google translated as:

“From the moment our team detected the incident was working to secure the accounts and personal information of our users. At the moment there is no concrete evidence that the attackers continue to have access to the Taringa code! and our team continues to monitor unusual movements in our infrastructure.”

In addition to that, as a measure to protect the users, Taringa is presently sending a reset password link via email to all its users, the moment they access their account with the old password.

 

 

Later, a Taringa spokesperson said:

“We’ve made a massive password reset strategy and also increased the encryption of the passwords from MD5 to SHA256. We’ve also been in contact with our community via our customer support team,”

The users must follow the tips and watch out for any suspicious communications that requests for their account details or any other personal information.

NOW WATCH: Latin American Social Media Giant Taringa Hacked

 

Shield yourself from any Data Breach:

It is highly recommended to change your passwords, if you are one of those potentially affected users.

Change all the passwords of all the other online accounts if you are currently using the same password, used already for the Taringa account.

Even if a website, allows you to create an account with a normal and simple password (which will be hacked easily), you are highly recommended to use strong passwords or follow the tips given in our blogs on how to create strong passwords or even visit Password Generator for creating unique long passwords which takes nearly years by the hackers to crack it.

Avoid clicking any attachment or suspicious link, you received through an email and provide your personal credentials or your financial information without proper verification of the source.

 

Share this post :

Category Archives: News on Hack attacks

EQUIFAX Data breach: Approximately 143 million personal info exposed

14 Sep 2017
Chandru
No Comments

Equifax is a Credit reporting giant for consumers. It collects and gathers information of all the customers, that it has over 800 million of it.

It is considered as the oldest of the three America’s largest credit agencies.

An unfortunate thing happened to the company which nearly trembled the whole of Americans. It is literally considered as the biggest disaster in the history of data breach for Americans.

 

 

  • Equifax informed that the data of about 143 million customers (U.S) was acquired in a breach.
  • The details about the breach was discovered on July, 29,2017.
  • It was informed that the credit card particulars and personal information including the birth date details and more were acquired in this attack.
  • Soon after the breach was identified, three executives of the Top management level of Equifax had sold shares in the company.
NOW WATCH:  One of the biggest breach in history.

 

It is to be noted that the Equifax hack could be one of the worst disaster in the history for Americans.

Equifax hack manages to enter the top 10 biggest data breaches.

 

 

The main cause is that the breach comprises of all the 143 million person’s most important personal data, including birth dates, contact addresses, social security numbers, license numbers, payment card numbers and much more.

This information and particulars links access to various businesses and companies which are into financial sectors, insurance sectors, certain other security based businesses that use phone contacts, online, etc to identify a customer.

In the future this breach absolutely helps the possible identity theft.

The Atlanta based credit reporting agency, also confirmed that the attack scooped almost 209000 customer’s payment card details (credit card).

As a measure to help you, Equifax set up a website, www.equifaxsecurity2017.com, to find out whether your information was exposed and to know if you are a victim of this attack.

 

 

Start the process by clicking on the ‘Check Potential Impact’.

It will direct to the page asking for your ‘Last Name’ and the ‘Last 6 digits of Social Security Number’.

 

 

Having done that, Equifax will inform the individuals by sending a message allowing them to know whether their personal particulars was compromised or not.

The company, with a motive to help the customers, had setup a emergency phone contact 866-447-7559 for any phone clarification and the homepage of the official website for any email assistance.

The time taken by the company for the proper preparation, of these setup, was nearly five weeks. Until this was done, the Credit report giant had to face many criticisms about their approach to the attack.

No matter you are using the site or not, its always worth having a security service checked for any vulnerabilities, thereby keeping your bank information, property details, Identity info and other personal significant credentials protected.

 

Executives at Equifax sold shares:

As a result of this massive attack, 3 senior management executives in the top hierarchy of the company sold almost $2 million, equivalent in value, of the company’s shares just a few days after the attack.

Bloomberg news made a report on it initially.

The following were the top executives who made share sales:

  1. John Gamble,Chief Financial Officer
  2. Joseph Loughran, President of U.S Information Solution
  3. Rodolfo Ploder, President of Workforce Solutions.

It happened on August 1, SEC filings show.

 

 

Let see what the CEO of Equifax got to say?

CEO Smith said,

“I’ve told our entire team that our goal can’t be simply to fix the problem and move on.  Confronting cybersecurity risks is a daily fight.  While we’ve made significant investments in data security, we recognize we must do more.  And we will.”

 

 

A Infographics is provided to gain knowledge about data breaches-CBTS.

 

 

To know what lies in the depths of the internet, see this Dark Web infographics as it gives you a better understanding about the pros and cons and how to be protective when such scenarios happen.

 

 

Shield yourself:

“The Foremost assumption a customer should make is that they are a victim and they might possibly be attacked.”

 

 

NOW WATCH : Equifax Breach and how to protect yourself

 

Referring to our earlier discussions, find that your information was exposed by simply clicking on the ‘Check Potential Impact’ and once it directs you to the next page, enter your ‘Last Name’ and your ‘Last 6 digits of your SSN’.

While entering your SSN, ensure that you are working in a protected computer and using network connection which is encrypted. The website will provide you the result, stating whether you have been affected by this attack or not.

No matter whether the personal information was compromised or not, U.S customers are liable to get a free credit monitor services and other supports for a year. The website will provide details about the enrolling date. The last date to enroll is November 21,2017.

 

Post-breach measures:

Visit www.annualcreditreport.com to check your personal credit reports from Equifax, TransUnion and Experian. The possible identity theft is set to happen when you identify any unknown activity in your account or when your account is unrecognized.

It is advisable to go to www.identitytheft.gov and analyze what to be done further.

It is recommended to place credit freeze on your files. It doesn’t allow anyone to open a fresh new account in your name.

Closely observe your bank account informations and credit card details for any charges you don’t seem to acknowledge.

Placing a fraud alert on your files is also considered wise if not opting for a credit freeze.

It warns and notifies the creditors that you might be the victim of identity theft and that verification will be done when anyone gains access using your name is really you.

Another significant step is filing your taxes asap before the attacker gets entire access of your tax information through SSN, to get a job or a tax refund. Do reply to IRS.

WATCH NOW: What to do after a Data Breach?

 

A Small Infographics will suffice to demonstrate what has to be done post-breach.

 

 

 

Share this post :