Cyber Intel Update 20.4.20

Welcome to the CyberCure Bi-Weekly podcast (transcript).

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.

The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

—-

Social Bluebook, a Los Angeles-based company, allows advertisers to pay social media “influencers” for posts that promote their products and services. The company claims it has some 300,000 influencers on its books.

Influencers are people that have large followings on different social media platforms.

TechCrunch  obtained the database, which contains some 217,000 user accounts — including influencer names, email addresses, and passwords hashed, which had been scrambled using the strong SHA-2 hashing algorithm. 

It’s not known how the database was exfiltrated from the company’s systems or who was behind the breach.

The reporters contacted several users who when presented with their information confirmed it as accurate. 

Social Bluebook response was “They have just now become aware of this data breach that occurred in October 2019”.

They said affected users will be informed of the breach by email. 

The company also informed the California attorney general’s office of the breach, per state law.

Social media influencers are a constant target for hackers, who often try to hijack accounts with popular handles or high follower counts. 

Successful cyber attacks against influencers can generate big amounts of cash quickly, 

if the attacker is able to impose a identity of trusted person, it is easier to deliver malware or ransomware to large group of audience that usually have a common subject or interest.

It is still unknown how the breach was made and its currently under investigation.

In many incidents we cover the attackers are asking for money or information in return for the data they have stolen. in this case it seems the hackers used the information for their own purposes and sold it to others afterwards.

—-

We have covered the Marriott hotel chain hack in 2019 but it seems they have been hacked again.

During the end of March 2019, hotel giant Marriott experienced its second breach in three years, this time affecting up to  5.2 million of its guests. 

The breach originated from a franchise hotel that operates under the Marriott brand. Unknown individuals used the log-in credential of two employees at the hotel to access the guests’ information.

The exposed information consisted of basic contact details and personal identifying information, such as birthday, gender and employer, as well as loyalty member data and travel information, including hotel and room preferences. 

Marriott said it “has no reason to believe” payment data was stolen.

Marriott has also said that at present it does not believe passports, payment details or passwords were exposed in the data breach.

The first data breach to Marriott was centred on the Starwood hotel chain, a Marriott subsidiary, and exposed more severe customer data, including passport details. It ultimately saw the company slapped with more than  $100m fine under GDPR regulation, one of the highest fines to date.

GDPR – is a regulation in EU law on data protection and privacy meant to try keeping customers data safe.

This days its up to the organizations to make sure its employees are educated and aware to phishing scammer.

Scammers can use social engineering techniques to motivate people to enter sensitive information, such as credit card details and login credentials, or, if they’re employed, confidential company details. 

criminals can be masquerading as a well-known company and may ask you for billing information in order to receive a refund. 

You’re directed to a fake site, where your information is used for identity theft. 

Other scammers use more sophisticated methods such as tricking users into installing ransomware or malware, or using fake social media profiles to build up a connection with targeted individuals. 

Thousands of organizations and businesses are impacted each year, according to the FBI. 

The FBI estimates that the impact of phishing costs US business around  $5 billion a year.

Since Marriot is a chain of hotels it is constantly claiming that the breaches its having are breaches related to specific chains that were acquired.

For the end consumers that have had their personal data exposed for the second time in a couple of years its not so much reassuring.

Leave a Reply