New Cybersecurity Threats and How to Protect Yourself: April 2019
New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
MICROSOFT EMAIL SERVICE BREACH
Microsoft let users know mid-April that one of their support agent's credentials for its mail service had been compromised. It appears between January 1st and March 28th, the attackers could have used this information to view email addresses, folder names, and subject lines of emails.
Microsoft initially said hackers would not have had access to full email content or attachments. However, in a separate notification to affected users, they claimed email contents could have been viewed.
Login details and personal information were reportedly not stolen, and Microsoft has not revealed how many users were affected. To be safe, Microsoft recommends resetting your password if you received a notification that your account was affected.
What to do: If you use Outlook, Hotmail, or MSN as your email provider, keep an eye out for an alert email from Microsoft. Even if you have not received one, it's always a good idea to err on the side of caution and change your password anyway.
BODYBUILDING.COM SECURITY BREACH
Bodybuilding.com publicly announced a breach on April 12th stemming from a phishing email its staff received in July 2018. At least one staff member fell for the email which granted unauthorized access to the attackers.
Once discovered and their investigation completed, the site notified all its users and reset passwords. It's not known if the hackers accessed customer data.
What to do: If you have a profile on Bodybuilding.com, ensure you change your password to something you don't use on any other website. The site warned to be on the lookout for fraudsters sending phony data breach notification emails that appear to come from Bodybuilding.com - their legitimate emails will never ask you to download anything, open an attachment, click a link, or fill in personal information.
RESTAURANT POS CHAIN DATA BREACH
Restaurants under the parent company Earl Enterprises have suffered from a breach caused by malware on their point of sale systems, exposing financial information on customers from May 23, 2018 to March 18, 2019.
Restaurants affected include Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy, Mixology and Tequila Taqueria. You can check the status of various locations and full details of the breach on Earl Enterprises' incident site.
What to do: If you believe you were affected by this breach, keep a close eye on credit card and debit statements. Alert your financial providers and if desired, sign up for credit monitoring/fraud alerts or freeze your accounts.
FACEBOOK THIRD-PARTY APP DATA BREACH
"More than 540 million records about Facebook users were publicly exposed on Amazon's cloud computing service, according to a cybersecurity research firm. A report out Wednesday by UpGuard said two third-party Facebook app developers posted the records in plain sight, causing yet another major data breach for the world's biggest social network.
According to UpGuard, a Mexico-based media company called Cultura Colectiva was responsible for the biggest leak. It exposed 146 gigabytes of Facebook user data, including account names, IDs and details about comments and reactions to posts. It's unclear how many individual users had data exposed.
Separately, an app called At the Pool exposed databases that appeared to include data about user IDs, friends, photos and location check ins, as well as unprotected Facebook passwords for 22,000 users. The app — which was meant to help people meet up for offline activities — shut down in 2014." (CBS News)
What to do: It doesn't appear that this information will lead to malicious activity, nor that it was accessed by anyone nefarious. However it's always a good idea to regularly change online passwords, especially after a breach. We recommend never reusing passwords across sites, as attackers will try breached passwords across other popular sites in hopes you don't follow this advice.
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!