Media
Blockpass Data Breach Intelligence Report - December 2018
January 2019
In December, the Blockpass Research Team analyzed 9 data breach events, chosen either for their significant impact on consumers, or their implication on global politics. Five of these events affected private companies while public institutions accounted for the remaining four.
In December, the Blockpass Research Team analyzed 9 data breach events, chosen either for their significant impact on consumers, or their implication on global politics. Five of these events affected private companies while public institutions accounted for the remaining four.
At least five of these events were the result of hacks on the part of malicious actors. Among the events analyzed were two that concerned highly sensitive government institutions. NASA was subject to another in a series of attacks, although this one seems not to have had any effect on the administration’s mission. In South Korea, a center that is meant to serve the interests of highly-vulnerable North Korean defectors had its database stolen, potentially putting the lives of thousands of individuals who remain in the north at risk.
This report, for the month of December, is the second in our monthly Data Breach Intelligence Reports which are being posted here on the Blockpass blog. We encourage the Blockpass community and anyone who might otherwise interested to let us know what kinds of information they would like to see provided in future reports by contacting us at [email protected] under the subject line “Suggestions for the blog.”
Quora | Worldwide | 100 Million
Monday, December 3rd, the popular question-and-answer social network, Quora, announced that it had discovered a major security breach a few days before, on November 30th. The company admitted that as many as 100 Million users may have been affected. Stolen information includes user names, email addresses, and encrypted passwords.
According to company records, the majority of accessed information were already publicly available user-submitted questions and answers. Quora CEO Adam D’Angelo admitted that the breach had been a hack carried out by some “malicious third party.” D’Angelo claims that the company has already taken pains to address the issue.
Source: https://edition.cnn.com/2018/12/03/tech/quora-hack-data-breach/index.html
Google+ | Worldwide | 52.5 Million
A major security breach in Google’s social network meant that developers had access to user information even in those cases where the profiles were set to "private". Developers had access to user names, ages, occupations, and email addresses. The bug was live for six days, between November 7th and November 13th. The bug was discovered during regular checks and was immediately fixed.
Originally, Google had planned to shut down their social network by August, but, as a result of the data breach, have decided to accelerate the process by four months. Additionally, the API that had caused the vulnerability is set to be taken offline within 90 days.
Source: https://www.theverge.com/2018/12/10/18134541/google-plus-privacy-api-data-leak-developers
Facebook | Worldwide | 5.6 Million
Facebook announced on December 15th that a bug in their Photo API gave app developers too much access to user photos. Applications that would normally only collect timeline photos also collected photos from Stories, the Marketplace, and from the dashboard to which users upload their photos prior to sharing them.
The breach, which was in violation of GDPR and other global regulations, occurred for 12 days, starting September 13th. According to a spokesperson, the bug was discovered on September 25th. Why Facebook failed to notify users until mid-December remains unclear.
Source: https://techcrunch.com/2018/12/14/facebook-photo-bug/
San Diego Unified School District | United States | 500,000
On December 21st it was announced that the personal data of over 500,000 San Diego Unified School District students and staff had been stolen by an anonymous hacker. The data breach was the direct result of a phishing attack. Suspicious emails were first noticed by school district employees in October and investigators have found that the hacker had access to personal data from January until November. Data stolen goes back to the 2008-2009 school year.
The late response and announcement following the discovery has been attributed to the investigation itself. Investigators did not want the hackers to be aware that the breach was discovered right away, so that their behaviour might lead to their location and arrest.
At the time of reporting, no arrests have been made. Stolen data includes all types of personally identifiable and financial information, such as names, dates of birth, addresses, social security numbers, ID numbers, tax information, and bank details.
Source: https://www.zdnet.com/article/hacker-steals-10-years-worth-of-data-from-san-diego-school-district/
Nova Entertainment | Australia | 261,948
It was announced on December 28th that Nova Entertainment, a company which has radio stations in the Australian cities of Sydney, Melbourne, Brisbane, Adelaide and Perth, had been subject to a major data breach affecting 261,948 listeners across the country. Leaked data included usernames, home addresses, emails, phone numbers, genders, dates of birth, and encrypted passwords.
While the leak has occurred recently, it only concerns a dataset from May 2009 to October 2011. Details on who may have accessed the leaked data and whether this was a malicious attack has not been publicized. Nova Entertainment has informed, and is cooperating with, relevant authorities.
Source: https://www.smh.com.au/business/companies/nova-warns-listeners-of-major-data-breach-affecting-250-000-listeners-20181228-p50omw.html
Victorian State Government | Australia | 30,000
At the end of December it was reported that 30,000 employees of the state government in Victoria, Australia, had had their personal and work details stolen by an unknown malicious party. Stolen data includes employee emails, phone numbers, and job titles. Particularly sensitive personal data, such as banking information, seems not to have been leaked.
When exactly the attack occurred has not been publicly reported but state officials have notified employees, the relevant authorities and investigative units. While this particular attack may not have any immediate and direct negative consequences on victims, it potentially opens the door to larger issues. The 30,000 released emails, for example, may be targeted by thousands of phishing attacks.
Source: https://www.abc.net.au/news/2019-01-01/victorian-government-employee-directory-data-breach/10676932
9/11 Victim Hack | United States | 1,500
A group of hackers has succeeded in stealing 18,000 documents from a law firm advising Hiscox Syndicates Ltd, an insurer that is handling cases related to the September 11th attacks. Hiscox Syndicates, which is currently handling the cases of about 1500 US-based commercial insurance policyholders that may have been affected by the attacks, claims that their own security infrastructure remains secure.
The group of hackers calling themselves “The Dark Overlord” seems to have carried out the attack in order to gain some sort of leverage in support of a set of 9/11 conspiracy theories, and to extort an undisclosed ransom fee. While the hack had previously been partially reported in 2018, the actual severity had not been publicly disclosed until now.
Source: https://motherboard.vice.com/en_us/article/yw79k5/hacker-group-threatens-dump-911-insurance-files-dark-overlord
NK Defector Database | South Korea | 997
Normally our report focuses on data breaches that negatively impact the lives of the customers or employees of public and private organizations. This is not the case with the breach widely reported on December 28th which affected 997 highly vulnerable defectors from North Korea who had entrusted their data to the South Korean Ministry of Unification.
The defectors had entrusted the data to their local Hana center, in the province of Gyeongbuk. Hana centers are special facilities designed to help defectors to integrate into South Korean society. Across the country, these facilities support around 30,000 individuals. While Hana centers are generally managed by the Ministry of Unification, this particular center was privately run.
A preliminary investigation found that the breach was likely the result of a phishing attack. The data would have been leaked when a Hana center employee opened a malicious attachment to an email. Officials say that the attack occurred sometime in November and that the released data identifies all defectors supported by the Hana center in Gyeongbuk. The data has not been released to the public.
There is a fair amount of speculation that the phishing attack may have been a malicious act on the part of the North Korean government. If this is the case, any family members of defectors that might remain in the North may have been put at risk of life-threatening persecution.
Source: https://www.bankinfosecurity.com/data-breach-leaks-1000-north-korean-defectors-details-a-11905
NASA | United States | Undisclosed
On December 19th it was widely reported that the personal information of NASA employees going back as far as 2006 had been hacked. NASA officials indicated that they have been aware of the attack and have been carrying out a probe since October 23rd.
In an email sent to NASA staff, it was indicated that such sensitive information as social security information had been made vulnerable, in addition to general personal identification information, such as names. Officials have claimed that the hack should not have negatively affected any NASA mission.
Source: https://www.zdnet.com/article/nasa-discloses-data-breach/
At least five of these events were the result of hacks on the part of malicious actors. Among the events analyzed were two that concerned highly sensitive government institutions. NASA was subject to another in a series of attacks, although this one seems not to have had any effect on the administration’s mission. In South Korea, a center that is meant to serve the interests of highly-vulnerable North Korean defectors had its database stolen, potentially putting the lives of thousands of individuals who remain in the north at risk.
| # of Events Analyzed | 9 |
| # of Identities Lost | approx. 158,894,445 |
| % of World Population | 2.1% |
| Industry Hardest Hit | Social Media |
This report, for the month of December, is the second in our monthly Data Breach Intelligence Reports which are being posted here on the Blockpass blog. We encourage the Blockpass community and anyone who might otherwise interested to let us know what kinds of information they would like to see provided in future reports by contacting us at [email protected] under the subject line “Suggestions for the blog.”
Quora | Worldwide | 100 Million
Monday, December 3rd, the popular question-and-answer social network, Quora, announced that it had discovered a major security breach a few days before, on November 30th. The company admitted that as many as 100 Million users may have been affected. Stolen information includes user names, email addresses, and encrypted passwords.
According to company records, the majority of accessed information were already publicly available user-submitted questions and answers. Quora CEO Adam D’Angelo admitted that the breach had been a hack carried out by some “malicious third party.” D’Angelo claims that the company has already taken pains to address the issue.
Source: https://edition.cnn.com/2018/12/03/tech/quora-hack-data-breach/index.html
Google+ | Worldwide | 52.5 Million
A major security breach in Google’s social network meant that developers had access to user information even in those cases where the profiles were set to "private". Developers had access to user names, ages, occupations, and email addresses. The bug was live for six days, between November 7th and November 13th. The bug was discovered during regular checks and was immediately fixed.
Originally, Google had planned to shut down their social network by August, but, as a result of the data breach, have decided to accelerate the process by four months. Additionally, the API that had caused the vulnerability is set to be taken offline within 90 days.
Source: https://www.theverge.com/2018/12/10/18134541/google-plus-privacy-api-data-leak-developers
Facebook | Worldwide | 5.6 Million
Facebook announced on December 15th that a bug in their Photo API gave app developers too much access to user photos. Applications that would normally only collect timeline photos also collected photos from Stories, the Marketplace, and from the dashboard to which users upload their photos prior to sharing them.
The breach, which was in violation of GDPR and other global regulations, occurred for 12 days, starting September 13th. According to a spokesperson, the bug was discovered on September 25th. Why Facebook failed to notify users until mid-December remains unclear.
Source: https://techcrunch.com/2018/12/14/facebook-photo-bug/
San Diego Unified School District | United States | 500,000
On December 21st it was announced that the personal data of over 500,000 San Diego Unified School District students and staff had been stolen by an anonymous hacker. The data breach was the direct result of a phishing attack. Suspicious emails were first noticed by school district employees in October and investigators have found that the hacker had access to personal data from January until November. Data stolen goes back to the 2008-2009 school year.
The late response and announcement following the discovery has been attributed to the investigation itself. Investigators did not want the hackers to be aware that the breach was discovered right away, so that their behaviour might lead to their location and arrest.
At the time of reporting, no arrests have been made. Stolen data includes all types of personally identifiable and financial information, such as names, dates of birth, addresses, social security numbers, ID numbers, tax information, and bank details.
Source: https://www.zdnet.com/article/hacker-steals-10-years-worth-of-data-from-san-diego-school-district/
Nova Entertainment | Australia | 261,948
It was announced on December 28th that Nova Entertainment, a company which has radio stations in the Australian cities of Sydney, Melbourne, Brisbane, Adelaide and Perth, had been subject to a major data breach affecting 261,948 listeners across the country. Leaked data included usernames, home addresses, emails, phone numbers, genders, dates of birth, and encrypted passwords.
While the leak has occurred recently, it only concerns a dataset from May 2009 to October 2011. Details on who may have accessed the leaked data and whether this was a malicious attack has not been publicized. Nova Entertainment has informed, and is cooperating with, relevant authorities.
Source: https://www.smh.com.au/business/companies/nova-warns-listeners-of-major-data-breach-affecting-250-000-listeners-20181228-p50omw.html
Victorian State Government | Australia | 30,000
At the end of December it was reported that 30,000 employees of the state government in Victoria, Australia, had had their personal and work details stolen by an unknown malicious party. Stolen data includes employee emails, phone numbers, and job titles. Particularly sensitive personal data, such as banking information, seems not to have been leaked.
When exactly the attack occurred has not been publicly reported but state officials have notified employees, the relevant authorities and investigative units. While this particular attack may not have any immediate and direct negative consequences on victims, it potentially opens the door to larger issues. The 30,000 released emails, for example, may be targeted by thousands of phishing attacks.
Source: https://www.abc.net.au/news/2019-01-01/victorian-government-employee-directory-data-breach/10676932
9/11 Victim Hack | United States | 1,500
A group of hackers has succeeded in stealing 18,000 documents from a law firm advising Hiscox Syndicates Ltd, an insurer that is handling cases related to the September 11th attacks. Hiscox Syndicates, which is currently handling the cases of about 1500 US-based commercial insurance policyholders that may have been affected by the attacks, claims that their own security infrastructure remains secure.
The group of hackers calling themselves “The Dark Overlord” seems to have carried out the attack in order to gain some sort of leverage in support of a set of 9/11 conspiracy theories, and to extort an undisclosed ransom fee. While the hack had previously been partially reported in 2018, the actual severity had not been publicly disclosed until now.
Source: https://motherboard.vice.com/en_us/article/yw79k5/hacker-group-threatens-dump-911-insurance-files-dark-overlord
NK Defector Database | South Korea | 997
Normally our report focuses on data breaches that negatively impact the lives of the customers or employees of public and private organizations. This is not the case with the breach widely reported on December 28th which affected 997 highly vulnerable defectors from North Korea who had entrusted their data to the South Korean Ministry of Unification.
The defectors had entrusted the data to their local Hana center, in the province of Gyeongbuk. Hana centers are special facilities designed to help defectors to integrate into South Korean society. Across the country, these facilities support around 30,000 individuals. While Hana centers are generally managed by the Ministry of Unification, this particular center was privately run.
A preliminary investigation found that the breach was likely the result of a phishing attack. The data would have been leaked when a Hana center employee opened a malicious attachment to an email. Officials say that the attack occurred sometime in November and that the released data identifies all defectors supported by the Hana center in Gyeongbuk. The data has not been released to the public.
There is a fair amount of speculation that the phishing attack may have been a malicious act on the part of the North Korean government. If this is the case, any family members of defectors that might remain in the North may have been put at risk of life-threatening persecution.
Source: https://www.bankinfosecurity.com/data-breach-leaks-1000-north-korean-defectors-details-a-11905
NASA | United States | Undisclosed
On December 19th it was widely reported that the personal information of NASA employees going back as far as 2006 had been hacked. NASA officials indicated that they have been aware of the attack and have been carrying out a probe since October 23rd.
In an email sent to NASA staff, it was indicated that such sensitive information as social security information had been made vulnerable, in addition to general personal identification information, such as names. Officials have claimed that the hack should not have negatively affected any NASA mission.
Source: https://www.zdnet.com/article/nasa-discloses-data-breach/