New Cybersecurity Threats and How to Protect Yourself: December 2019
New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
RING CAMERA DATA LEAK
Information about Ring camera users including login emails, passwords, time zones, and camera names were found exposed online. A New Zealand security researcher discovered the list posted anonymously on a text storage site.
The researcher got in touch with a Ring security team member, who said they were not aware of any data breaches or privacy issues and no one is sure how the data was leaked.
Surprisingly, "Ring does not alert users of attempted log-in from an unknown IP address, or tell users how many others are logged into an account at one time. Because of this, there is no obvious way to know whether any bad actors have logged into people’s compromised Ring accounts without their consent." (Buzzfeed News)
What to do: If you use Ring cameras, be sure to change your account password as soon as possible. Ring may or may not have alerted all affected users, so whether you've received a notification or not it's important to be proactive.
267 MILLION FACEBOOK USER RECORDS FOUND PUBLICLY AVAILABLE
A technology website called Comparitech along with a security researcher discovered over 267 million Facebook user records publicly available online, accessible without a password or other authentication. They also found the data available on a hacker website, after the original list was removed from its server.
"The data appears to have been either illegally scraped from publicly available Facebook profiles or obtained via Facebook’s own APIs prior to 2018, when technical changes made such data leaks more difficult." (Silicon.co.uk)
While login information wasn't exposed, malicious actors can combine information from various data leaks to put together a frighteningly detailed profile of people. These can be used for phishing, scams, extortion, theft, and other damaging activities.
What to do: Unfortunately the information is out there and can't be taken back! If you use Facebook, it's a good idea to ensure your account and personal information is set to private. Also be wary of possible new incoming scams, the more information out there about you the more likely you are to be successfully targeted.
PAYPAL PHISHING EMAIL CAMPAIGN
Phishing emails appearing to come from PayPal warn recipients that their account has experienced unusual activity. It then tells the user to click the link to log into their account and verify details.
If the person is tricked into clicking the link, they're directed to a PayPal dupe that will steal their account login information. Even further, the person will be asked to verify their account information afterwards. The information asked for includes their billing address, payment card details, and email address. At the end the screen tells them that their PayPal account has been restored.
What to do: Never click the links in unexpected emails like this one. If you're unsure, go to the website directly from your internet browser. If something is wrong you'll be able to see right away. Be on the lookout for giveaways to scams like these - in this one, the URL used isn't related to PayPal and there are some misspellings in the text.
PLENTY OF FISH DATA APP BREACH
Security researchers discovered a data vulnerability on the Plenty of Fish app - the app was leaking information users had set to private on their profile due to an API issue. Leaked information may include first names and postal codes.
What to do: Plenty of Fish was quick to act, and fixed the issue. If you use the app, ensure that you update it as soon as possible and that your profile privacy information is set up correctly.
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!