Cyber Security Leaks
(Tip: Everyone should look into their email filters, use a password manager and change their passwords often.)
Articles you may want to take a look at:
- FBI warns of BEC scammers using email auto-forwarding in attacks
- Fort Mill business says email scam cost it more than $1 million
- Nearly 26M Amazon, Facebook, Apple, eBay user logins stolen by hackers
- Bad news: your password has almost certainly leaked online
- 3.2 billion emails and passwords exposed online — what you need to know
2020 Data Breach Report for North Carolina
In 2020 people did more work across the Internet because of the COVID-19 pandemic. People worked from home via the Internet, students learned from home via virtual learning, people did more online shopping and online banking, and interacted with family and friends via Internet. Technology was great for those purposes, but these digital platforms made it possible for individuals, such as hackers, to gain access to our bank accounts, credit card number, Social Security number, online shopping accounts through security breaches. Since I live in North Carolina I will use the data from the 2020 Data Breach Report - NCDOJ - Attorney General Josh Stein. As you can see in the illustration below, nearly 1.2 million people in NC were impacted by some sort of data security breach. "Hacking incidents led to two-thirds of all breaches."
In 2020 people did more work across the Internet because of the COVID-19 pandemic. People worked from home via the Internet, students learned from home via virtual learning, people did more online shopping and online banking, and interacted with family and friends via Internet. Technology was great for those purposes, but these digital platforms made it possible for individuals, such as hackers, to gain access to our bank accounts, credit card number, Social Security number, online shopping accounts through security breaches. Since I live in North Carolina I will use the data from the 2020 Data Breach Report - NCDOJ - Attorney General Josh Stein. As you can see in the illustration below, nearly 1.2 million people in NC were impacted by some sort of data security breach. "Hacking incidents led to two-thirds of all breaches."
2020 Data Breach Report - NCDOJ - Attorney General Josh Stein
As you can see in the graph below, the number of reported security breaches have been going up each year. This graph does not include the number of security breaches that go unreported.
2020 Data Breach Report - NCDOJ - Attorney General Josh Stein
As you can see in the pie chart below, hackers or hacking made up 68% of the data breaches and phishing (online scams) made up 17% of the data breaches. The other 15% came from accidental release and display, lost data or stolen equipment, and data theft by employee/contractor.
2020 Data Breach Report - NCDOJ - Attorney General Josh Stein
PC Mag Australia lists the worst data breaches online in the last 20 years and lists the data breaches by brand. The chart below is from that website that lists the top 10 companies affected by data breaches. "According to the numbers, Facebook and Yahoo breaches have affected the most people, while Amazon has fallen victim a record-breaking six." -- Jason Cohen
https://au.pcmag.com/security/88165/these-companies-data-breaches-impact-their-users-the-most
Digital Information World: Google, Apple, Facebook and other big tech giants under attack as 26 million login credentials get stolen "Another hack has surfaced where millions of user logins were hacked from well-known mega-platforms including Instagram, Apple, Gmail, and eBay. These aren't all the sites that have been attacked, seeing how these malicious criminals managed to get through Amazon, Netflix, and even Twitter, with the main targets being Facebook and Google with around 1 million snuck among the 26 million IDs reportedly stashed." -- Arooj Ahmed
Reported Data Breach Incidents
On May 14, 2021 the Wells Fargo Bank, N.A. discovered that a Change of Broker-Dealer Request form contained sensitive data was sent to an unintended recipient on May 5, 2021. Wells Fargo sent out notifications to its customers to inform them of the accidental leak and to let them know what they need to do to protect their personal information. On April 16, 2020 Wells Fargo Bank, N.A. sent out notifications to certain customer's to inform them that their name and social security number was sent to the wrong account.
On March 15, 2021 AmeriGas Propane sent out letters to its customers to inform them that there were unauthorized disclosures of credit card information. They inform you what you need to do if your credit card was included in the security leak.
On March 15, 2021 AmeriGas Propane sent out letters to its customers to inform them that there were unauthorized disclosures of credit card information. They inform you what you need to do if your credit card was included in the security leak.
| ameri-notif.pdf |
The State of Montana requires businesses involved in a data breach to notify affected Montana residents if the resident’s personal information that is compromised and to send a copy of the consumer notification to the Office of Consumer Protection (OCP) and they post them online for their residents. Every state in the United States needs to do the same thing.
According to Data Breach Weekly Security Report there was $70M ransomware attack on Florida-based technology services firm Kaseya, Northwestern Medical HealthCare, and a provider to investment bank Morgan Stanley. They go on to include data breaches from LinkedIn, Mercedes-Benz, Herff Jones, Office 365, Illinois Department of Transportation, Rhode Island Department of Labor and Training, Wegmans, CVS Pharmacy, Alibaba, and many more.
Recently billions of emails and passwords were leaked online and may have contained information on your Gmail, Hotmail, Outlook, and Yahoo email accounts. On February 2, 2021 COMB was leaked on a popular hacking forum. According to Cybernews, they were "approximately 200 million Gmail addresses and 450 million Yahoo email addresses in the COMB data leak."
If your Gmail, Hotmail (Outlook), and/or Yahoo accounts were compromised
It's important that you remove any rules or filters that someone may have added to your compromised email account. Then I recommend changing your password to a length of 16 characters and include symbols, numbers, lowercase and uppercase characters, and exclude using similar characters. Do Not save your new password in your browser, use a password manager to store your passwords. A compromised browser can sync your new passwords saved in the browser.
If your Gmail, Hotmail (Outlook), and/or Yahoo accounts were compromised
- How to Secure Your Gmail Account
- How to Secure Your Hotmail (Outlook) Account
- How to Secure Your Yahoo Account
It's important that you remove any rules or filters that someone may have added to your compromised email account. Then I recommend changing your password to a length of 16 characters and include symbols, numbers, lowercase and uppercase characters, and exclude using similar characters. Do Not save your new password in your browser, use a password manager to store your passwords. A compromised browser can sync your new passwords saved in the browser.
According to ZDNet, 23,600 hacked databases have leaked from a defunct 'data breach index' site. The FBI and DOJ have been taking down and seizing websites that sell or share stole data, but these type of websites keep popping back up online. The Washington Times reprted on March 25, 2020: "FBI seizes Deer.io, Russian cybercrime portal, following arrest of suspected administrator at JFK." "The FBI took credit Tuesday for shuttering Deer.io, a Russian-based website accused of enabling the sale of stolen data, following the recent arrest of its alleged administrator."
The Russian hacker that operated the website Deer.io was arrested for selling over $17 million worth of stolen data. He was recently sentenced 30 months for operating the website. There are a lot of websites just like the Russian website that are currently selling or giving away stolen data for online accounts.
Hacking Forum - Selling 47,000 Yahoo usernames & passwords on June 26, 2021
The Russian hacker that operated the website Deer.io was arrested for selling over $17 million worth of stolen data. He was recently sentenced 30 months for operating the website. There are a lot of websites just like the Russian website that are currently selling or giving away stolen data for online accounts.
Hacking Forum - Selling 47,000 Yahoo usernames & passwords on June 26, 2021
Hacking Forum - Selling 316,000 Yahoo, 5,600 Hotmail, 70,300 Gmail usernames & passwords
Selling stolen accounts from Netflix, Amazon, Hulu, HBO Max, Disney+, ESPN+, and much more
195K Mail Accounts that contains accounts to Netflix, Paypal, eBay, Minecraft, PSN, Amazon,...
109K Mail Accounts that contains accounts to Netflix, Amazon, Paypal, Fortnite, PSN, ...
Mixed Accounts from Netflix, HBO, Disney+, Paypal, Spotify, Minecraft, Amazon, Ebay, Hulu,...
'Sextortion' Scams:
With all the data leaks of email usernames and passwords has caused an old email scam look more believable. The email claims to come from a hacker who has compromised your computer and used your webcam and filmed you watching porn. The individual goes on to say that he/she will release it to all your friends unless you pay a Bitcoin ransom. The message displays your actual email and password to put fear in the individual reading the email. Fox 6 Milwaukee does a great job explaining the scam and what to do to protect yourself in a story called, ‘Sextortion’ scams: Fear, shame used to extort money. The National Cyber Security Centre from the UK has a great Sextortion protect yourself infographic.
With all the data leaks of email usernames and passwords has caused an old email scam look more believable. The email claims to come from a hacker who has compromised your computer and used your webcam and filmed you watching porn. The individual goes on to say that he/she will release it to all your friends unless you pay a Bitcoin ransom. The message displays your actual email and password to put fear in the individual reading the email. Fox 6 Milwaukee does a great job explaining the scam and what to do to protect yourself in a story called, ‘Sextortion’ scams: Fear, shame used to extort money. The National Cyber Security Centre from the UK has a great Sextortion protect yourself infographic.
Remember, scammers try to trick you into getting you to give up your personal information, while hackers use hacking tools to collect your information without your knowledge. Hackers know where to look for security breaches and they collect the data and sell it online and on the dark web. Scammers may use the information that a hacker collects to trick you in to giving up more information or make you believe they are real. Never react in a panic mode. Wait to verify something is true before you give your hard earned money or any additional information to anyone.
Other Online Scams:
Check to see if your Email was Compromised
Below are eight websites that you can use to check if your email was posted on the dark web.
Below are eight websites that you can use to check if your email was posted on the dark web.
I hope you have updated your passwords for all your email accounts and protect them using a password manager. Also, make sure that you have no rules or filters that you didn't create within each of your email accounts.
July 14, 2021
