Recent Cyber Security Breaches: GoDaddy, Home Chef and More

Cyber Security

As a managed IT service provider it is important to us to make sure to stay in know about the latest cyber security breaches. Every few weeks we like to share our findings with you here on our blog. Please take a peek below to learn more about some of the most recent cyber attacks here and around the world.

GoDaddy

Domain service provider

The Hack: Unauthorized database access

Quick Summary: “GoDaddy has reported an October data breach to California authorities after it identified an unauthorized individual operating within their platform. Although the company believes that files were not altered or modified, the company was forced to reset user account passwords and to provide a free year of its website security and malware service. It’s possible that the intruder is related to an earlier cybersecurity incident stemming from an employee who engaged with a phishing scam. The hosting platform often touts its small business services, and these organizations will now have to decide if a platform with multiple cybersecurity lapses is the best place for their digital services to reside.” -Kevin Lancaster

Read More Here >> GoDaddy reports data breach involving SSH access on hosting accounts

 

Home Chef

Meal kit & food delivery company

The Hack: Unauthorized database access

Quick Summary: “Hackers obtained a database containing customer data, and sold the information on the Dark Web. The database, which was lifted in a data breach in early May, was available for just $2,500, and it contains the personal data for more than 8 million customers. This incident will further stigmatize Home Chef, which is still grappling with the cybersecurity implications of the previous breach.” -Kevin Lancaster

Read More Here >> Home Chef announces data breach after hacker sells 8M user records

 

StorEnvy

Online retailer

The Hack: Unauthorized database access

Quick Summary: “Hackers gained access to a company database containing customer information. This database was subsequently downloaded and posted online as a free resource. Making matters worse, the database contained plaintext passwords and other personal data that can quickly be used by bad actors to execute cybercrimes ranging from spear phishing scams to malware attacks. This is the company’s second data breach in two years, undermining its credibility at a critical time. Online shopping is experiencing a boon because of the COVID-19 pandemic, but customers are increasingly unwilling to do business with platforms that can’t protect their information.” -Kevin Lancaster

Read More Here >> E-commerce firm StorEnvy hacked; 1.5m plain-text accounts leaked

 

York University (Canada)

Academic institution

The Hack: Malware attack

Quick Summary: “A cyberattack corrupted several of York University’s servers and workstations, forcing the school to take its remaining network offline to stop the spread. As a result, students and staff were unable to access remote learning applications and other digital resources. In addition, students who are upset by a lack of communication from the university are complaining to the media, inviting brand erosion and other long-term consequences.” -Kevin Lancaster

Read More Here >> Students, experts call for explanation after York University suffers ‘extremely serious’ cyber attack

 

Toll Group (Australia)

Transportation and logistics company

The Hack: Ransomware

Quick Summary: “After recovering from a ransomware attack in early 2020, Toll Group has once again been victimized by bad actors. This attack exploited vulnerabilities in a Remote Desktop Protocol to infect the company’s network. To prevent the malware’s spread, Toll Group brought many of its servers offline, compounding the cost by curtailing productivity during an already precarious time.” -Kevin Lancaster

Read More Here >> Toll Group Suffers Ransomware Attack Again  

 

Wishbone

Poll & Comparison App

The Hack: Unauthorized database access

Quick Summary: “A company database was stolen by hackers, who then released the data in full on the Dark Web. The information was captured as part of a cybersecurity incident that occurred in January 2020, and it’s unclear why it took Wishbone more than five months to identify the incident. This is the second cybersecurity incident for the perennially popular company. Now, consumers are much less forgiving. In addition, today’s regulatory environment is significantly more critical of companies’ cybersecurity stance, which could contribute to a multifaceted problem for the platform moving forward.” -Kevin Lancaster

Read More Here >> Hacker leaks 40 million user records from popular Wishbone app

 

To learn more about how to keep your company safe and secure, click here to explore our San Diego IT Services & IT Security plans that are offered by SDTEK.

Leave a Reply