Weekly Breach Report – Jul 13th

Jul 13, 2020By Shaina Raskin


A snapshot of last week’s reported cybersecurity breaches and vulnerabilities



European and British law enforcement agencies arrested hundreds of criminals after infiltrating into the encrypted communication app EncroChat. The Hacker News: https://thehackernews.com/2020/07/encrochat-encrypted-phone.html 



Researchers discovered a data breach on Clubillion, a casino gambling app with millions of daily active players. European Gaming: https://europeangaming.eu/portal/latest-news/2020/07/08/73747/popular-gambling-app-exposed-millions-of-users-in-massive-data-leak/


Microsoft users

A massive phishing campaign is targeting Microsoft Office 365 customers across 62 countries. The Seattle Times: https://www.seattletimes.com/business/vast-phishing-campaign-hits-microsoft-users-in-62-countries/



Brazilian health insurer announced it suffered a cyberattack that potentially involved customer personal information. Reuters: https://in.reuters.com/article/us-hapvida-cyber-attack/brazils-hapvida-discloses-cyber-breach-potential-client-data-leak-idINKBN2471IP


Frost & Sullivan

The business consulting firm suffered a major data breach exposing personal data. Digital Journal: http://www.digitaljournal.com/tech-and-science/technology/frost-sullivan-suffers-from-global-data-breach/article/574409



A data breach hit a bus operator in Egypt, Kenya, and Pakistan. The Daily Swig: https://portswigger.net/daily-swig/egyptian-bus-operator-swvl-hit-by-data-breach



A data breach at the Indonesian company Tokopedia exposed the personal data of 91M users. Coconuts Jakarta: https://coconuts.co/jakarta/news/private-data-of-91-million-tokopedia-users-openly-traded-online-cyber-security-firm/



Facebook took down several networks based in Brazil, Canada, Ecuador, Ukraine, and the US that violated the social network’s policy against foreign interference. CyberWire: https://thecyberwire.com/newsletters/daily-briefing/9/132


Dark Web

A new audit of the Dark Web revealed 15bn stolen logins from 100,000 breaches. Forbes:



Magellan Health

An April ransomware attack on Magellan Health impacted over 365,000 patients’ data. HealthITSecurity:



Russian Hacker

A Russian hacker found guilty in California court for the Dropbox, LinkedIn, and Formspring breaches. ZDNet: https://www.zdnet.com/article/russian-hacker-found-guilty-for-dropbox-linkedin-and-formspring-breaches/



A hyperlocal Indian delivery service suffered a data breach that exposed customer emails and phone numbers. The Next Web: https://thenextweb.com/in/2020/07/11/google-backed-indian-delivery-startup-dunzo-suffers-data-breach/



Researchers discovered possible intentional backdoors in the firmware of 29 FIber-To-The-Home Optical Line Termination devices from Chinese vendor C-Data. ZDNet: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/



Hackers are scanning the internet looking for vulnerable Citrix installations after the company patched 11 security bugs in its network perimeter products. The Register: https://www.theregister.com/2020/07/09/citrix_bugs_proof_of_concept_exploits/



KingComposer, creators of a popular WordPress plugin, patched the software because of a cross-site scripting vulnerability. ZDNet: https://www.zdnet.com/article/kingcomposer-wordpress-plugin-patches-xss-flaw-impacting-100000-websites/

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.