SOCRadar® Cyber Intelligence Inc. | Major Cyber Attacks in Review: December 2022
Home

Resources

Blog
Jan 06, 2023
6 Mins Read

Major Cyber Attacks in Review: December 2022

In the last month, we have seen many cyber incidents, ranging from data breaches at retailers to various cyberattacks on cryptocurrency exchange platforms. These types of incidents can harm a company’s reputation and lead to the theft of private information and financial loss. Individuals and organizations must be aware of these threats and take precautions to avoid them.

This blog reviewed the major cyberattacks that happened in December 2022. 

Global Online Retailer Data Breach: 1.1 Billion Records

december cyberattacks

Security researcher Jeremiah Fowler found a non-password protected database with a huge number of records. The dataset’s total size was 601.84 GB, with more than 1,16B documents.

Because of a misconfiguration, anyone with a browser could access the database and edit, download, or even delete data without having administrative privileges. 

Upon further investigation, researchers discovered that the database contained numerous references indicating that the information belonged to the California-based online retailer Vevor

What was in the database: 

1st Exposure in April 2022:

  • Total Size: 406.79 GB
  • Total Documents: 706,206,770 

2nd Exposure in July 2022:

  • Total Size: 601.84 GB
  • Total Documents: 1,166,293,742 

30 Million Railway Customers’ Data were Exposed

december cyberattacks

The Indian Railways experienced a data breach on December 27 that resulted in the theft of the personal information of about 30 million people

The user data is allegedly up for sale on the dark web. User data and invoices, some of which have due dates of December 31, 2022, are included in the stolen data. 

The data includes username, email, verified mobile numbers, gender, city id, city name, state id, and language preferences. Some records with the emails and phone numbers of people who have bought tickets from Indian Railways are included in the hacker’s sample data.

According to the hacker’s claims, ten copies of the stolen data are being sold. 

Cryptocurrency Exchange BTC.com is Victim of a Cyberattack

december cyberattacks

The biggest cryptocurrency mining pool, BTC.com, reported being the target of a cyberattack that stole digital assets worth about $3 million

The company has recovered some of the stolen cryptocurrency despite not disclosing the quantity. 

The client fund services provided by BTC.com are unaffected, aside from its digital asset services. There is no information on how the cryptocurrency was taken, nor is there any information on whether any data or individual information was taken. 

400 Million Twitter User Data Allegedly Being Sold by a Hacker

december cyberattacks

Using a vulnerability, a threat actor claimed to have 400 million Twitter user records on December 23, 2022, in a post shared on a dark web forum tracked by SOCRadar.

The personal information of 37 people is included in the sample that is directly shared in the post. The threat actor also shared a link to another 1,000 users’ data. 

The sample data was examined by SOCRadar analysts. Some data, like name, username, number of followers, and account creation date, are already available to the public and can be scraped from Twitter using automated tools.

Only the email addresses and phone numbers in this sample set of personally identifiable information (PII) data are susceptible to being scraped via a vulnerability. Some of the email addresses are business ones, which are already listed in the bios of Twitter accounts. 

Shoemaker Ecco Exposes Over 60GB of Private Information

Millions of documents were made public by Ecco, a major shoe retailer, and manufacturer. In addition to the possibility of data modification, the severity of the server misconfiguration likely exposed the business to an attack that might have had global implications for clients. 

The research team discovered that Ecco left 50 indices open to the public, with more than 60GB of data accessible since June 2021. 

Access was available to millions of private documents, including information about sales and systems. Anyone with access could have looked at, edited, copied, and taken the data or deleted it. 

The team claims that historical data shows the exposed database was left accessible for at least 506 days, starting on June 4, 2021. 

Source Code Stolen from Okta’s GitHub Repositories

Okta claims that its private GitHub repositories were compromised. Threat actors allegedly stole Okta’s source code, according to Okta’s “confidential” email notification. 

Given the email’s wording, it appears that the incident relates to Okta Workforce Identity Cloud (WIC) code repositories but not to Auth0 Customer Identity Cloud

According to the company, attackers could not access the Okta service or customer data despite stealing Okta’s source code. 

Threat Actors Stole Information on 5.7M Users from the Gemini Cryptocurrency Exchange

After a threat actor obtained the customers’ personal information from a third-party vendor, the Gemini cryptocurrency exchange disclosed that users had been the target of phishing campaigns. 

The alert was sent out following several posts on a hacker forum offering to sell a database that allegedly belonged to Gemini and contained the contact information for 5.7 million users

The cryptocurrency exchange’s customers received phishing emails because of the breach. Although the attacker’s intentions are unknown, threat actors frequently seek access to accounts and financial data. 

HHS Discloses 254K Compromised Health Data from Third-party Vendor Incident

In response to a ransomware attack on one of its third-party vendors, the Centers for Medicare and Medicaid Services of the Department of Health and Human Services informed 254,000 of its 64 million Medicare beneficiaries that their data had been compromised. 

Information that may have been compromised includes names, birthdates, social security numbers, contact information, Medicare beneficiary identifiers, banking information, Medicare entitlement information, enrollment, and premiums. 

A new Medicare card with a new beneficiary identifier and no-cost credit monitoring services will be given to all affected patients.