Week 36 Cyberattack Digest 2019 – Yves Rocher, Wikipedia, New Bedford and others
If you are in search for some hot cybersecurity news, our week 36 cyberattack digest will provide you with an overview on the latest events of the sphere.
Customers of Yves Rocher cosmetic giant are affected in a breach
by Insurance Business – 5 September, 2019
It came to light recently that the personal data of about 2.5 million Canadian customers of cosmetics brand Yves Rocher were publicly accessible on an unsecured database.
The records were found by vpnMentor researchers when they discovered a vulnerability in the Elasticsearch database. Customer data that might have been compromised consisted of first and last names, dates of birth, phone numbers, email addresses, and zip codes.
“The data breach exposed full contact details for individual customers of Yves Rocher. Hackers, scammers, and advertisers can easily exploit this information. With access to your address, email addresses, and phone number, malicious parties can create sophisticated phishing schemes and ransomware attacks,” vpnMentor representatives commented.
Attacked town avoids paying $5.3 million in bitcoin in a ransomware
by NPR – 6 September, 2019
On the night of July 4, the city of New Bedford, Mass. was hit by a ransomware attack
Hackers demanded $5.3 million in bitcoin to release the data that was accessed. Town officials tried an old tactic of dealing with malefactors, which is open dialogue and stall for time. The hackers performed the attack with the help of Ryuk ransomware and as the attack took place over the holiday period and most computers were shut off, the malware affected just 4% of the city’s more than 3,500 computers.
After IT specialists noticed the evidence of the attack the next day, city officials contacted the anonymous hacker via email and were told to pay the ransom. The demands for the attack is one of the largest-ever known.
Wikipedia is unavailable for European and Asian users
by Gizmodo – 12 August, 2019
Last Friday afternoon, Wikipedia went offline and remained unavailable until Saturday morning as a result of a cyberattack that had international consequences.
Millions of users across Europe and in Middle East were affected. While there is just a few details on what exactly happened, Wikimedia’s German Twitter account confirmed that the website experienced a wide-ranging DDoS attack that made the online encyclopedia go offline. The IT specialists are still working to restore access “wherever you might be reading Wikipedia in the world”.