Hackers steal 26 MILLION logins for Amazon, Apple, Facebook and other tech giants after targeting PCs and making off with payment information from three million devices in latest major security breach
Hackers have stolen 26 million user logins for tech giants including Amazon, Apple, Facebook as well as vital payment information in the latest online security breach.
The malware hack, exposed by cybersecurity provider NordLocker, also saw payment details nabbed from 3.25 million computers that run Windows software. It was uncovered after researchers discovered a 1.2 terabyte database filled with stolen personal information.
The other firms whose accounts were targeted include eBay, Instagram, Netflix, Paypal, Roblox, Steam, Twitch and Twitter. It saw victims computers' infected by opening emails, or downloading bootleg software, and enabled the malware to take screenshots of their browsing activity - including private login details.
According to a report released by NordLocker on Wednesday, an unidentified, Trojan-type malware stole the files, including 26 million login credentials, between 2018 and 2020. It saw victims' webcams taken over by the malware, which then took screenshots as people used their computers to reveal personal information.
It remains unclear if any of that data was then used to scam or defraud its rightful owners. People who fear they may have been targeted can visit the website haveibeenpwned and insert their details to find out.
The news comes amid a spike in cybersecurity and ransomware attacks affecting major American companies - one that crippled a key pipeline along the East Coast, affecting gasoline supplies and leading to shortages at filling stations. Another shut down beef plants of the world's largest meat producer.
As for NordLocker and the huge cache of stolen data it found, the company said: ‘We want to make it clear: we did not purchase this database nor would we condone other parties doing it. A hacker group revealed the database location accidentally.’
An unidentified, Trojan-type malware stole 1.2 terabytes of personal information from 3.25 million Windows-based computers, between 2018 and 2020
The mystery malware that stole information from from over three million PCs has not been identified and its reasons for existing are unknown.
NordLocker found that the malware was transmitted through email and illegal software, including bootlegged versions of Adobe Photoshop 2018 and a number of computer games.
The stolen data includes 26 million sets of login credentials for common online services, including Amazon, Apple,
The database also contains 2 billion session cookies, or online footprints that hackers use to view their targets behaviors and habits on their computer.
Lastly, it contains 6.6 million desktop files, including 1 million images and 650,000 Word and .pdf files.
Nordlocker explained that, after infecting its host computers, the malware took screenshots using their webcams and assigned unique IDs to each set of stolen data to sort it according to where it came from.
Security experts said people could check the 'have i been pwned?', which is play on words of 'owned' to see whether their data might have been compromised. The site compiles data breach information.
On Wednesday, the same day Nordlocker released its study, it was revealed that beef supplier JBS paid an $11 million ransom in Bitcoin to hackers who compromised its systems, forcing them to shut down multiple meat processing plants.
Meanwhile, U.S. officials said this week the Department of Justice would now investigate cyberattacks on the same level as terrorism.
JBS, which supplies 20 per cent of all beef and pork in the US, received a demand from 'a criminal organization likely based in Russia' following the attack that has affected its operations in Australia and North America, White House spokeswoman Karine Jean-Pierre said.
Andre Nogueira, the CEO for the Brazilian company's United States division, told The Wall Street Journal in an interview that the payment was made after most JBS plants were already up and running again as 'insurance to protect our customers.'
Regarding the hack, JBS wrote: 'The FBI stated this is one of the most specialized and sophisticated cybercriminal groups in the world.'
The meat supplier claimed that it was able 'to quickly resolve the issues' because of the company's cybersecurity protocols, redundant systems and encrypted backup servers. JBS spends more than $200 million annually on information technology and employs more than 850 IT professionals globally, according to the release.
America's largest beef supplier JBS recently paid an $11 million ransom in Bitcoin to the hackers who shut down its plants in the United States
Last month, the major gasoline transporter Colonial Pipeline also suffered a ransomware attack and paid about $4.4 million in bitcoin to the hacking group DarkSide. The Justice Department on Monday recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline, Reuters reported.
Colonial Pipeline was the target of a huge cyber attack early last month, which halted 2.5 million barrels per day of fuel shipments along the line running from Texas to New Jersey.
Officials labeled it the most disruptive cyberattack on US energy infrastructure in history.
DarkSide hackers were able to breach Colonial Pipeline's computer system last month using a single compromised password, according to testimony from the company's top executive and revelations from a cybersecurity expert.
Colonial Pipeline CEO Joseph Blount appeared before the Senate Homeland Security Committee on Tuesday to discuss the May 7 ransomware attack that caused widespread fuel shortages and panic buying.
He admitted the attack occurred using a legacy Virtual Private Network (VPN) system that did not have multifactor authentication in place, meaning it hinged on a single password.
Most major companies require two-factor across all internal applications. The use of a single factor login system, security experts say, is generally viewed as a sign of poor cybersecurity 'hygiene.'
Colonial Pipeline was the target of a huge cyber attack early last month because its Virtual Private Network (VPN) system hinged on a single password used by all of its staff.
But Colonial Pipeline wasn’t the only target. The DarkSide hackers that closed the Colonial Pipeline have bagged more than $90 million in Bitcoin ransom payments from 47 victims and have infected at least 99 companies in the last year.
Blockchain analytics firm Elliptic said DarkSide's Bitcoin wallet received millions of dollars worth of ransom payments in the nine months between October last year and last week when the wallet shut down.
Roughly half of all organizations targeted by the cybercriminal gang paid ransom money with the average payment being around $1.9 million, Elliptic said.
Dark web intelligence firm DarkTracer has identified 99 organizations that were infected with Darkside including fashion label Guess and car firm Toshiba. It is not clear which companies paid the hackers ransom money.
Malware are harmful computer programs that could be either attached to an email or installed through illegal software. Malware is an umbrella term that includes commonly-known computer viruses, ransomware used to extort its victims and backdoor malware that allows hackers access to a host computer at any time.
No comments