Week 39 Cyberattack Digest 2018 – SHEIN, Facebook, Tesco and others
We are not breaking our tradition and, as always, we are ready to introduce you our weekly cyber attack digest.
An attack on SHEIN affected 6.42 million customers
by SC Media – 25 September 2018
On August 22, SHEIN, a U.S. based online fashion retailer, became aware that personal information of its clients was exposed as a result of a sophisticated cyber incident. Malefactors managed to compromise company’s computer network and accessed the emails and encrypted passwords of over 6.42 million customers. “Our investigation has confirmed that the perpetrators gained access to email addresses and encrypted password credentials of customers who registered on the company website,” organization’s officials commented. SHEIN also noted that there was no evidence that any credit card details were stolen. The company did not give too much details on a breach, however SHEIN says that the online store is now safe to visit and use and recommends its customers to reset their passwords. SHEIN said that it would “continue to closely monitor the network and servers so future breaches can be prevented.” While the incident took place in June, but was discovered in late August, the experts say that it is a common situation when organizations, especially as big as SHEIN, need time to find out and solve the incident.
Hacking ports is a new trend
by The San Diego Union-Tribune – 26 September 2018
Cyber criminals have a new trend: hacking ports seems to be on hype now. “The Port of San Diego has experienced a serious cybersecurity incident that has disrupted the agency’s information technology systems,” that is how CEO Randa Coniglio described an incident that has affected the port of San Diego recently. As a result of the attack, public agency’s ability to process park permits and records requests was disrupted. Immediately after learning about the incident, the authorities applied to security experts and local, regional, state and federal partners in order to reduce possible impacts and restore the system. The first reports of a disruption were received by the port employees on Tuesday and the organization reported a breach the next day. The representatives of the port did not give many details on the incident. “So far, no one has been impacted,” Sharon Bernie-Cloward, president of the San Diego Port Tenants Association, said.
Tesco bank is fined
by The Guardian – 1 October 2018
We always talk about actual attack, and now, let’s discuss what may happen if an attacked company does not take seriously befallen incidents. Back in 2016, Tesco Bank has fallen a victim of a cyber attack that affected over 9,000 customers. As a result of an incident, hackers managed to steal £2.5m. Two years later in 2018, Tesco Bank was forced to pay £16.4m as part of a settlement with the Financial Conduct Authority. Tesco’s representatives claim that the attack did not involve the theft of any customers’ information, but attackers managed to perform 34 transactions debiting funds from accounts. The FCA experts concluded that the criminals got away with £2.26m, which were collected with the help of exploiting “deficiencies” in Tesco Bank’s design. The loopholes were found in the design of the bank’s debit cards, its financial crime controls and financial crime operations team. Mark Steward, the executive director of enforcement and market oversight at the FCA, commented: “The fine the FCA imposed on Tesco Bank today reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks.” Probably, this situation may serve a good lesson for other banks that will learn to care about their customers’ security in advance.
Facebook is lacking security
by 9to5Mac – 28 September 2018
Another news that exploded the headlines last week was an incident that involved Facebook… neglecting security of its users too! Recently a popular social network shared details on a flaw in its “View As” feature. This potentially allowed hackers to takeover Facebook accounts. Over 50 million accounts were left vulnerable to attackers. “View As” is a feature that allows users to look at their profile as others see it. The exploit helped attackers to gain access tokens, which are what keeps users logged into their accounts over multiple sessions, and these tokens let malefactors takeover Facebook accounts. the flaw was patched it is still unclear if the stolen tokens were used. Anyway, Facebook has reset the access tokens for 90 million accounts, so some of the users may need to log back in to the platform; users are recommended to change their passwords.Banks, socials networks, ports – these are among most popular recent trends of attackers. We hope you do not forget to follow us on Twitter, Facebook, and LinkedIn.