Data Breaches | SC Media

Data Breaches

Password-spraying attacks abuse IMAP to break into targets’ cloud accounts


Taking advantage of recent stolen credential dumps, attackers have been exploiting legacy protocols like IMAP to engage in high-volume password-spraying campaigns for the purpose of breaking into companies’ cloud accounts, researchers at Proofpoint are reporting. Used by email clients to retrieve messages from a server, IMAP (Internet Message Access Protocol) is an ideal protocol to…

Ransomware attack targets college admissions data


Threat actors launched ransomware attacks against three U.S. colleges seizing the data on students applying for admission to the schools and demanded 1 Bitcoin or approximately $3,800 from students to retrieve their “entire admission file.” Attackers targeted Oberlin College in Ohio, Grinnell College in Iowa, and Hamilton College in New York to seize teacher recommendations,…

Cybersecurity partnerships defend threats during NCAA college football playoff championship


In a first of its kind partnership and event,  cybersecurity students from Norwich University teamed up with Respond Software to monitor cyber attacks during the NCAA College Football Playoff Championship between the Clemson Tigers and Alabama Crimson Tide. Together with stadium security, the team analyzed and resolved over 243,000 monitored events and threats during game…

Exactis breach exposes 340M records, may compel GDPR-like reg in U.S.


An exposed database at data broker Exactis exposed nearly 340 million records amounting to around two terabytes of information. “If U.S. citizens did not think their personal information has ever been compromised, this should convince them it definitely is,” said Robert Capps, vice president and authentication strategist for NuData Security, noting the Exactis “breach blows up…

Researcher finds login info for 92 million MyHeritage users on private server


A file named myheritage discovered on an outside private server contained the email addresses and hashed passwords of more than 92 million MyHeritage customers, the genealogy and DNA testing company’s CISO said. “Immediately upon receipt of the file, MyHeritage’s Information Security Team analyzed the file and began an investigation to determine how its contents were…

Under Armour: unauthorized third party accessed 150 million MyFitnessPal accounts


Under Armour notified MyFitnessPal users that an unauthorized third party accessed usernames, email addresses and hashed passwords in about 150 million accounts in late February,  The hashed passwords affected were in large part ones “with the hashtag function called bcrypt used to secure passwords,” the company said in an alert.  “The affected data did not…

Next post in Privacy & Compliance News and Analysis