Major Cyberattacks in Review: January 2023

Cybersecurity is a constantly changing concern because threats always evolve and adapt to new technology and trends. The first month of 2023 has seen numerous significant cyberattacks that had an impact on people, organizations, and governments all over the world. 

In this blog, we examine the most prominent cyberattacks that grabbed attention in January 2023 and examine their techniques and effects. 

JD Sports Data Breach Affected 10 Million Customers

A data breach affecting 10 million customers was disclosed by UK-based sports fashion retailer JD Sports. The ordering information, which included names, phone numbers, addresses, email addresses, and the last four digits of credit cards, was stolen between November 2018 and October 2020. 

According to JD Sports, it secured the infected server and stopped more unauthorized access. The platform used by JD Sports as well as any other platforms where the password has been reused, requires users to reset their passwords. 

37 Million T-Mobile Customers Data were Accessed by a Hacker

A threat actor used a T-Mobile API to gain access to 37 million active customer accounts’ personal information. 

According to T-Mobile, the affected customers’ passwords, PINs, payment card information (PCI), and other financial information were not accessible through the misused API. 

Only a small subset of data, including name, billing address, email, phone number, birthdate, account number, number of lines on the account, and plan features, can be provided by the API.

Riot Games Hacked: Hackers Auctioned Source Code for League of Legends

Threat actors stole Teamfight Tactics (TFT), League of Legends (LoL), and a legacy anti-cheat platform source code due to a social engineering attack that compromised Riot Games’ development environment on January 21. 

No personal information was compromised, and the majority of the data is only a prototype. However, the incident caused some content to be published later than planned. The business later came across a $10 million ransom demand, which it rejected. 

The threat actor auctioned off 72.4GB of stolen data on a hacker forum. The worry is that threat actors might develop an exploit that would let them remotely control players’ devices.

Yandex Denies the Leak of its Source Code

The source code repositories of Yandex were exposed on a hacker forum. Yandex claims that a former employee stole the repositories. 

The hacker shared a magnet link on the leak post with 44.7GB of data, stating that the data was only taken from the repositories and did not include anti-spam rules. The hacker further claims to have acquired the information in July 2022. 

You can find a directory listing of the leaked files on GitHub.

Leak of 235 Million Twitter Users’ Data

The email addresses of 235 million Twitter users were exposed in a data leak on a hacker forum. Threat actor offered a data archive containing the details of 235,000,000 users on Breach Forums for eight credits (equal to about $2). 

This data set is the same as the 400 million sets in earlier breaches. The total has been reduced to 221,608,279 lines after being cleaned up to remove duplicates. Even so, some analyses confirmed that duplicates were present in this most recent data leak. 

Data Breach Leads to the Sale and Leak of 250M+ Deezer Users’ Information

More than 250 million customers were affected by a data breach confirmed by Deezer. The data was sold and made public on a dark web forum. Deezer clarified the situation in an advisory, noting that threat actors had acquired the data from a third party that had suffered a data breach incident in 2019. 

Among the stolen data full names, genders, birthdates, email and IP addresses, locations, user IDs, and join dates. According to Deezer, attackers stole no payment or password information. 

SOCRadar discovered the initial sale posting on a hacker forum in November. A hacker claimed to have a 60GB file containing over 250 million records, 228 million unique email addresses and logged sessions. 

PayPal Accounts Compromised in a Credential Stuffing Attack

According to PayPal, a credential stuffing attack occurred between December 6 and December 8. 34,942 PayPal users’ accounts were vulnerable to unauthorized attacks. For two days, hackers had access to the account holders’ full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers. 

As a result, threat actors had access to transaction histories, relevant credit or debit card information, and PayPal invoice details. 

Additionally, PayPal’s notification states that despite gaining access to the users’ accounts, the attackers have not yet tried to complete any transactions. 

Hackers Took CircleCI’s Encryption Keys and Customer Information

CircleCI confirmed that some of its customers’ sensitive information was stolen due to a data breach in December. 

The breach happened when data-stealing malware infected a worker’s computer and gained access to the business’s internal systems. An employee’s 2FA-backed SSO session cookies could be taken by an attacker, who could then proceed. 

CircleCI claims that the sophisticated attack occurred on December 16, and the malware passed its antivirus program.

Investigation revealed that the unauthorized attacker had obtained information by abusing the elevated permissions granted to the targeted employee and stealing information from a part of its databases. The variables, tokens, and keys related to the customer’s environment were included in the stolen data. 

Hackers Stole Slack’s Private Source Code Repositories

A security breach over the holidays impacted several of Slack’s private GitHub code repositories. 

In the incident, threat actors gained access to the company’s externally hosted GitHub repositories using a small number of stolen Slack employee tokens. 

Slack claims that its main codebase and customer data were unaffected despite some of its private code repositories being compromised. 

820,000 Clients Impacted by a Data Breach at Zacks Investment Research

Hackers broke into the Zacks Investment Research (Zacks) business and obtained access to 820,000 customers’ private and sensitive information. 

Zacks learned that threat actors had accessed customer records without permission at the end of the previous year. A threat actor entered the network sometime between November 2021 and August 2022, according to an internal investigation into the incident.

Although it is unknown if attackers stole any data, the breach exposed user passwords for the Zacks.com website as well as full names, addresses, phone numbers, and email addresses. 

Hive Ransomware Targets Consulate Health Care 

The Hive Ransomware gang stole 550GB of Consulate Health Care data (CHC). The attack occurred in December but was revealed on January 6. The gang stole social security numbers, contact information, payment information, budgets, plans, medical records, and credit cards, as well as employee, customer, and corporate information. 

The Hive Ransomware gang leaked the data on their Tor leak site after negotiation because the CHC explained that their insurance could not cover the ransom demand, even when it was reduced. 

Hackers Stole 1.7TB of Information from Cellebrite

Cellebrite, an Israeli mobile forensics company, was subject to a data breach, and attackers stole 1.7 TB of its data. Cellebrite’s services are frequently used by law enforcement and government agencies. The hackers also claim to have stolen 103 GB of data from MSAB, a Swedish forensics firm. Threat actors leaked the information from both companies online for anyone to download. 

The information allegedly came from an anonymous informer and included forensics software used by the firms as well as other documentation.