Weekly Breach Report – October 26th

Oct 26, 2020By Shaina Raskin

A snapshot of last week’s reported cybersecurity breaches and vulnerabilities

Albion Online

A hacker has breached the forum of Albion Online, a popular free medieval fantasy MMORPG, and stole usernames and password hashes. ZDNet: https://www.zdnet.com/article/albion-online-game-maker-discloses-data-breach/

Chrome

Google released an update to Chrome because of a zero-day vulnerability that is being actively exploited in the wild. The Hacker News: https://thehackernews.com/2020/10/chrome-zeroday-attacks.html

Beijer Ref France

Refrigeration and air conditioning wholesaler Beijer Ref’s French operations were targeted by a cyberattack that resulted in 2.4m euros in lost sales. Cooling Post: https://www.coolingpost.com/world-news/beijer-ref-france-suffers-cyber-attack/

Made in Oregon

Gift-retailer Made in Oregon alerted thousands of online customers that hackers had stolen their personal information in a data breach. Oregon Live: https://www.oregonlive.com/business/2020/10/made-in-oregon-notifies-7800-customers-of-possible-data-breach.html

Toledo Public Schools

Hackers stole nearly 9GB of sensitive personal data belonging to Toledo Public Schools in Ohio, after cyberattacks forced administrators offline and disrupted virtual classes. Infosecurity Magazine: https://www.infosecurity-magazine.com/news/major-data-breach-at-ohio-school/

Verificient Technologies

Verificient, which develops software to monitor online exam cheating, announced that it had detected a security breach in one of its servers. Security Magazine: https://www.securitymagazine.com/articles/93669-verificient-technologies-anti-cheating-software-suffers-data-breach

Kleenheat

This Australian gas producer (very) belatedly informed customers of a 2014 data breach that may have exposed their information. The breach occurred in a third-party system that the company apparently no longer uses. ZDNet: https://www.zdnet.com/article/kleenheat-customer-names-and-addresses-exposed-in-system-breach/

Malicious JavaScript

npm, a subsidiary of Microsoft’s GitHub and a package manager for JavaScript, removed three packages from the npm portal because they contained malicious code that opened shells on victim devices. ZDNet: https://www.zdnet.com/article/three-npm-packages-found-opening-shells-on-linux-windows-systems/

Dr. Reddy’s

Indian multinational drugmaker Dr. Reddy’s Laboratories isolated its data center services after detecting a cyberattack. Bloomberg Law: https://news.bloomberglaw.com/privacy-and-data-security/dr-reddys-isolates-data-centers-after-detecting-cyber-attack

Pfizer

Pfizer misconfigured a Google Cloud storage bucket, which led to a data breach that exposed personal HIPAA-related information. Security Boulevard:https://securityboulevard.com/2020/10/pfizer-suffers-huge-data-breach-on-unsecured-cloud-storage/

Nando’s

Hackers compromised this South African-based restaurant chain’s customer accounts, and placed multiple high-value orders from many of them in several countries. Mirror: https://threatpost.com/nandos-hackers-customer-accounts/160527/

Sopra Steria

French IT-services company Sopra Steria revealed that it had experienced a cyberattack last week. Computing: https://www.computing.co.uk/news/4022174/sopra-steria-cyber-attack

Shionogi

This Japanese pharmaceutical company announced that it was hit by a cyberattack that exposed licenses for medical equipment and employee residency permits. Japan Times: https://www.japantimes.co.jp/news/2020/10/23/business/corporate-business/japan-shionogi-cyberattack-data-breach/

Polyverse technologies could have prevented many of the above attacks…

Like the report? Sign up below and get it in your inbox.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.