Most of us might have been on holiday during the month of August but hackers didn’t take any time off and the attacks just kept on coming. Carphone Warehouse in the UK was on the receiving end of an attack which left around 2.4million customers exposed. There were also attacks on the Pentagon, Sabra Corporation and American Airlines and Impact Team came through with their threat against Avid Media and released the data of 37 million Ashley Madison customers.
Time to countdown the top 10 hacks, attacks, bugs and vulnerabilities exposed in the month of August.
Ashley Madison reveal
The Ashley Madison breach might have only happened last month but things turned hot on August 18 when Impact Team released the full database of customer records together other information on the dark web. Countless news posts followed, revealing samples of information about the data dumped and, apart from the serious discrepancy in male vs female numbers, one thing which really stood out was the vast amount of business emails used. Reports said that some people have already started using the data for malicious intent but recently the focus has shifted on who are the people behind Impact Team. John McAfee claimed it was a lone female ex-employee who simply had access to all the information which she simply copied, meaning Ashely Madison was not hacked. We will probably never know who did it but Brian Krebs has quite an interesting theory.
Carphone Warehouse cyber attack
On August 8, Reuters released a report about a cyber-attack on Dixons Carphone, a UK group trading under Carphone Warehouse, Currys and PC World. The electrical goods reseller said that the personal date of up to 2.4 million customers may have been exposed after they discovered a breach in their IT systems on August 5.
China-tied hacks attack American Airlines and Sabre Corp
On August 7 both Sabre Corp, processor of hundreds of airlines and thousand of hotel operators, and American Airlines, one of the biggest airline carriers, were investigating attacks which seem to have originated in China. Bloomberg reports that both companies suffered the same wave of attacks seen in the Anthem Inc. attacks and the US government’s personnel office.
Sophisticated attack on the Pentagon
On August 6 US government officials admitted that the Pentagon’s Joint Staff unclassified email system was at the end of a sophisticated attack, shutting down the system and leaving it offline for two weeks. The intrusion is said to have happened on July 25 and affected 4,000 people working under the joint Chiefs of Staff department.
100 million profit with insider-trading exposed
During a news conference on August 11, it was revealed that a group of US-based stock traders using hackers in Ukraine made up to $100 million in illegal profits in the space of five years after stealing press statements before these were released to the public. The fraud scheme involved 150,000 press releases from distributors like Business Wire, Marketwired and PR Newswire.
Credit card breach on Web.com
The computers systems of Internet services provider Web.com were breached on August 13 by hackers who stole the credit card details of 93,000 customers. The breach was discovered during a security monitoring session and the company said that the verification codes weren’t exposed in the attack. Account holders have been informed of the breach and received a one-year free credit monitoring service.
Malicious ads on Plenty of Fish
On August 20, Malwarebytes revealed that users of Plenty of Fish (POF.com) were subjected to malvertising through a third-party advertising network ad.360yield.com. The dating website attracts some three million daily visitors. The malvertising ad is said to download malware to a victim’s computer through an exploit tool that takes advantage of known vulnerabilities in Flash, Java, Adobe Reaser and Silverlight.
The Internet Corporation for Assigned Names and Numbers (ICANN) issued a security warning on August 6 to notify customers that login credentials were compromised when an unauthorized person obtained usernames/emails together with password hashes. ICANN.org is asking customers to change their passwords as a precaution.
Valve’s Dota 2 tournament delayed by DDoS attack
It was bad news for Valve’s Dota 2 fans when The International, an annual tournament featuring millions in prize money, had to be put on hold due to a DDoS attack. This particular tournament is not down over LAN and instead uses an internet connection which has put into question the security of future tournaments when they are so easily susceptible to an attack.
Medical Informatics Engineering (MIE) breach
Finally, to conclude August’s Hack Hall of Shame we list yet another medical records breach which was revealed in the beginning of the month. The Indiana Attorney General’s Office is said to have launched an investigation into the recent breach suffered by the Medical Informatics Engineering on May 7, possibly exposing the data of 5.5 million US patients.