‘Mother of All Breaches’
A supermassive Mother of all Breaches (MOAB) was reported last week. It contains 26 billion–with a ‘b’–records and comprises 12 terabytes of data. Researchers say it is broken up into 3,800 folders that each correspond to a separate data breach, all of which have been meticulously compiled and reindexed.
How bad is it?
According to Bob Dyachenko and the Cybernews team, it contains data from previous breaches, which is better than new ones. And billions of records makes duplicates highly likely.
But that amount also points to a very high probability that the MOAB contains some never before seen information.
As the researchers say, “the leaked data contains far more information than just credentials – most of the exposed data is sensitive and, therefore, valuable for malicious actors.”
And that means the consumer impact of the MOAB could be unprecedented.
“Since many people reuse usernames and passwords, malicious actors could embark on a tsunami of credential-stuffing attacks.”
So what can you do?
Users are strongly advised to stay vigilant and take care of their cyber hygiene.
- Make sure each of your logins has its own unique password.
- Use strong, hard-to-guess passwords.
- Consider using a password manager to handle those first 2 items.
- Enable multi-factor authentication (MFA) on all possible accounts.
- Keep an eye out for scam attempts – anything unsolicited, any unexpected ‘account error’ messages that want you to click a link.
- Take the time to close any of your old accounts you no longer use. when you do, you can also ask that company to completely delete any of your data.
Undetected for Months
DNA testing company 23andMe said it has determined hackers started to compromise customer accounts in April 2023, continuing into September. The company became aware of the breach in October.
“In other words, for around 5 months, 23andMe did not detect a series of cyberattacks where hackers were trying — and often succeeding — in brute-forcing access to customers’ accounts, according to a legally required filing 23andMe sent to California’s attorney general.”
Ultimately, the intruders broke into about 14,000 accounts and stole genetic data and other information related to 6.9 million people. Several class-action lawsuits have been filed against the company. In one of the lawsuits, 23andMe responded by blaming users for allegedly using reused passwords. (TechCrunch)
BBB Tax Season Warning
The Better Business Bureau (BBB) has issued a warning to individuals and businesses to be vigilant against potential tax scams as another tax season begins.
“Tax season often sees an uptick in scams, ranging from emails to fraudulent phone calls. Scammers may pose as IRS agents, tax professionals, or even government officials, exploiting the anxiety and urgency associated with tax-related matters.”
Tom Stephens, President of the BBB of Northeast Florida & the Southeast Atlantic, reminds us that criminals are getting more and more sophisticated and harder to spot so vigilance is crucial. “If something seems suspicious, don’t hesitate to contact BBB for guidance,” he says.
To report scams or seek assistance, contact BBB at 904-721-2288 or visit their website.
Hack Settlement
Atlanta-based natural gas company Gas South agreed to pay nearly $900k to settle a data-breach lawsuit after a cyberattack in 2022.
The roughly 39,000 people who had their personal data exposed can claim up to $3,250 each from the company, which under the settlement denied any wrongdoing.
Notifications to customers were sent in the beginning of November, and the deadline to submit a claim is today, Feb. 1st. (Atlanta Journal-Constitution)
Bravo Host Andy Coen Shares Scam Experience (Video)
The Bravo host went on NBC’s “Today” to share his story and tips to avoid imposter scams after wire transfers were initiated out of his bank account.
Stu Sjouwerman of KnowBe4 says, “This story has many parallels with banking fraud scams where the communications are controlled using a medium where the victim believes the impersonated identity of the fraudster is real. It’s only when the victim uses another medium does the reality come to light. In Cohen’s case, it was too late.”
Click image for video. Video is 7:34 minutes long.
Quick Hits
Taylor Swift is not giving away Le Creuset cookware. But a deepfake ad tricked a lot of people into thinking she was.
See the ad and advisory McAfee tweeted on X.
Hewlett Packard Enterprises (HPE) recently reported a breach. It just proves no organization, no matter how sophisticated, is immune to cybersecurity threats.
That doesn’t mean don’t bother. It means cover the security basics, train your people, and put processes in place to protect yourself and your business.
Read the SEC disclosure here.
The National Motor Freight Traffic Association (NMFTA) warns the trucking industry that social engineering attacks are on the rise.
In the first edition of the 2024 Trucking Cybersecurity Trends Report, they remind everyone that “Trucking companies’ best preparation for, and defense against, these attacks is to thoroughly train their people on how to spot a phishing attack.”
Final Reminders
Cyber criminals are real. They’re making money running their scams, and they’re not going away anytime soon.
I share this information, not to be negative, but to warn you. I want you to be aware so you can be prepared.
- Teach your team about the risks and how to properly handle them.
- Make sure you have multiple layers of protection built into your business.
- Don’t panic, but don’t be complacent. Check on your cyber insurance coverage.
- Test your business continuity and incident response plans.
- If you have questions, ask them. Even when you don’t like the answers, it’s better to know so you can move forward.
