New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
TIMEHOP DATA BREACH
Timehop is a free service that shows users their past social media activity and content. On July 4th, the service was breached. The breach included much of its 21 million users' phone numbers, usernames, email addresses, and later Timehop discovered users' names, dates of birth, and genders. Luckily, it does not appear any financial data, private messages, photos, social media content, or social security numbers were taken.
What to do: The company has voided all social media authorization tokens and alerting its users. If you are a Timhop user, you will need to reauthenticate your social accounts and will surely want to change your password. Keep an eye on any other accounts that share the stolen password, and it's highly recommended to change those passwords as well.
MEGA CREDENTIALS EXPOSED
Mega is a popular online file storage and sharing service. A text file containing over 15,000 Mega usernames, passwords, and file names was discovered published online. They do not appear to be from a breach, but from a tactic called credential stuffing.
ZDnet states, "We sent the data to Troy Hunt, who runs data breach notification site Have I Been Pwned, to analyze. His analysis pointed to credential stuffing -- where usernames and passwords are stolen from other sites and ran against other sites -- rather than a direct breach of Mega's systems. He said that 98 percent of the email addresses in the file had already been in a previous breach collected in his database.
Some 87 percent of the accounts in the Mega file were found in a massive collection of 2,844 data breaches that he uploaded to the service in February, said Hunt."
What to do: The exposed credentials represent a small portion of Mega's users. However just to be safe, you may consider updating your password and any other sites you use the same password on.
SUNSPIRE HEALTH PHISHING ATTACK
Sunspire Health is a nationwide network of healthcare facilities. They recently discovered that a number of their employees fell victim to a phishing attack. Hackers had access to patient information for about two months. The phished accounts contained patient names, dates of birth, medical data, and health insurance information.
What to do: All patients of Sunspire are being notified and offered a free year of credit monitoring. Unfortunately, there is not much else on the customers' end to be done. Sunspire is working with the government and security experts to mitigate the effects of this attack and ensure it doesn't happen again.
If you need some extra help identifying or protecting against any of these or other cybersecurity threats, let us know!