8.11.19 – Cyber News Update

This post will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.

The post is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.

The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

Malaysia’s Malindo Air, a subsidiary of Indonesia’s Lion Group, said it was investigating a data breach involving the personal details of its passengers during September 2019.

Malindo Air’s statement followed a report by Moscow-based cyber-security firm Kaspersky Lab that the details of around 30 million passengers of Lion Group and were posted in online forums.

The report said the leaked information included passengers’ passport details, addresses and phone numbers.

this reminds the famous incident of Cathay airlines not long ago.

Malindo Air said it was notifying the authorities internationally about the incident and advised customers with online frequent flyer accounts to change their passwords.

It declined to provide more details on its investigation, including how many customers were affected, but said it did not store any customer payment details on its servers.

Lion Air received global attention in October when one of its new Boeing 737 Max jets crashed into the Java Sea, killing all 189 passengers and crew on board.

The files were sold on the darknet and some of them were uploaded and stored in an open Amazon Web Services S3 bucket and made public. AWS, which is an external data service provider for Malindo, was not immediately available for comment.

Facebook is huge company and it is constantly having securiy issues, during september 2019 Hundreds of millions of phone numbers linked to Facebook accounts have been found online. 

The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam. But because the server wasn’t protected with a password, anyone could find and access the database.

Facebook spokesperson Jay Nancarrow said the data had been scraped before Facebook cut off access to user phone numbers. “This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” the spokesperson said. “The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.” Facebook later claimed the server contained “about 220 million” records. But questions remain as to exactly who scraped the data, when it was scraped from Facebook and why.

This latest data exposure is the most recent example of data stored online and publicly without a password. Although often tied to human error rather than a malicious breach, data exposures nevertheless represent an emerging security problem.

That’s it for this podcast, stay safe and see you in the next podcast.

Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

Leave a Reply