Week 27 Cyberattack Digest 2018 – Adidas, Facebook, Timehop and others
We are not breaking with the tradition of posting our cyber attack week digest. So, let’s move on to the latest incidents of the week 27.
Even coffee is not secure enough
Whitbread, the parental company of several businesses including Costa Coffee, Premier Inn, Brewers Fayre, Beefeater and other UK chains, announced about a security breach. The hospitality chain representatives informed that critical data of job applicants who used PageUp’s clients was presumably affected by the breach as well as the records of the ones who were listed as employment reference. The company declined to mention exact number of the people affected, still it stated that it had notified all affected parties.
Better not choose Adidas this time
No surprise that attackers keep eye on the trends, as the more a company is surrounded by hype, the more data can be exposed. So was the latest attack on the Adidas website. The popular sportswear retailer experienced an espionage attack on its website. The company warned about a breach all the costumers that had made purchases via adidas.com/US. The exposed data might have exposed contact information, usernames and encrypted passwords, still there is no evidence that any credit card or personal fitness information has been exposed. Fred Kneip, CEO at CyberGRX, commented that retail websites became a fertile hunting ground for hackers interested in customers’ personal data recently.
Facebook quizzes expose data
Millions of Timehop’s accounts are compromised
Sadly, a Facebook quiz flaw was not the only one security incident involving applications recently. Timehop mobile application also announced a security breach that exposed over 21 million users’ data. The malefactor stole the access keys for all 21 million users, still not all the affected ones had an email address or phone number attached to the account. The application developer declared that it had de-authenticated all the affected accounts so that there would be no possibility for the attacker to use any of the stolen access keys to retrieve the information from its users’ third-party social media account like Facebook, Twitter, or Instagram.
The week was overloaded by data leakages and the recent incidents clearly demonstrate once again that attack tend to choose the victims that possess large amounts of personal data. As always, follow us on Twitter, Facebook, and LinkedIn.