Recent Cyber Security Breaches: Spotify, Capcom and More

Cyber Security Breaches

As a managed IT service provider it is important to us to make sure to stay in know about the latest cyber security breaches. Every few weeks we like to share our findings with you here on our blog. Please take a peek below to learn more about some of the most recent cyber security attacks here and around the world.

Spotify (United States)

Streaming Music Service

The Hack: Credential Stuffing

Quick Summary: “Spotify has returned for another appearance with a credential stuffing disaster eerily similar. This time, data for approximately 100k users appeared in an Elasticsearch instance spotted by researchers. This is distinctly different data than the load that researchers discovered in November 2020.” -ID Agent

Read More Here >> Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months

 

Nissan North America (United States)

Automotive Manufacturer

The Hack: Misconfiguration

Quick Summary: “Nissan North America recently suffered a data breach that resulted in source code for its mobile apps and internal tools turning up online. The data leak is reportedly the result of a misconfigured Git server. The source code is reported by a security researcher to pertain to Nissan NA Mobile apps, some parts of the Nissan ASIST diagnostics tool, the Dealer Business Systems and Dealer Portal, Nissan internal core mobile library, Nissan/Infiniti NCAR/ICAR services, client acquisition and retention tools, sale and market research tools and data, various marketing tools, the vehicle logistics portal and vehicle connected services.” -ID Agent

Read More Here >> Data Leak Hits Nissan North America

 

the7stars (United Kingdom)

Talent Agency

The Hack: Ransomware

Quick Summary: “Clop ransomware is at the root of a data breach at the7stars, a London-based talent agency that handles clients with connections to Atlantic Records, Suzuki and Penguin Random House. Internal client records, business agreements, photographs, business records, and other communications were included in this haul. The agency announced that it was able to restore its systems from back-ups and are continuing to investigate.” -ID Agent

Read More Here >> Clop ransomware gang clips sensitive files from Atlantic Records’ London ad agency The7stars, dumps them online

 

Pixlr (Sweden)

Photo Editing Software Developer

The Hack: Third Party Data Breach

Quick Summary: “ShinyHunters are at it again, this time with a dump of data from Pixlr. The gang claims that the Pixlr data was obtained through their earlier successful breach at stock photo site 123rf, which is owned by the same parent company. The Pixlr database posted by ShinyHunters contains 1,921,141 user records consisting of email addresses, login names, SHA-512 hashed passwords, a user’s country, whether they signed up for the newsletter, and other internal information.” -ID Agent

Read More Here >> Hacker posts 1.9 million Pixlr user records for free on forum

 

Taylor Made Diagnostics (United States)

Occupational Healthcare Provider

The Hack: Ransomware

Quick Summary: “A Conti ransomware attack at this Virginia-based healthcare provider led to some unpleasant consequences for employees of the Norfolk Southern Railroad and UPS after 3K patient records were snatched. The stolen data included health records for employees from both firms, in addition to multiple smaller trucking companies, U.S. government agencies and defense contractors from as recently as December 2020.” -ID Agent

Read More Here >> Hackers leak trucker, rail worker medical records

 

Capcom (Japan)

Videogame Developer

The Hack: Ransomware

Quick Summary: “Recent data breach damage at Capcom was significantly worse than they thought. Capcom has announced that their investigation has uncovered that the personal data of up to 400,000 customers was compromised in the attack — 40,000 more than the company originally estimated. The announcement added that its investigation is ongoing and that new evidence of additional compromise could still come. The Ragnar locker ransomware group also captured 1TB of corporate data, including banking details, contracts, proprietary data, emails and more.” -ID Agent

Read More Here >> Data Breach at ‘Resident Evil’ Gaming Company Widens

*****

To learn more about how to keep your company safe and secure from cyber security attacks, click here to explore our San Diego IT Services & IT Security plans that are offered by SDTEK.

Leave a Reply