Major Cyberattacks in Review: March 2023

Cybersecurity remains a major concern for organizations of all sizes as cyberattacks become more sophisticated and frequent. Despite efforts to enhance security measures, cybercriminals continue to find new ways to breach networks and systems. Organizations must stay vigilant and proactive in addressing potential cybersecurity threats, including regular security assessments and employee training.

In March 2023, several significant data breaches impacted millions of individuals worldwide. These incidents have resulted in the loss of sensitive personal and financial information, disruption of services, and financial losses.

TMX Data Breach Affects 4.8M Customers

TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have suffered a data breach that affected 4,822,580 customers. The breach occurred in early December 2022, but the company only detected it on February 13, 2023. After an investigation, the company found that hackers had stolen client data between February 3 and 14, 2023. 

The exposed data includes customers’ full name, date of birth, passport number, driver’s license number, federal/state identification card number, tax identification number, social security number, financial account information, phone number, physical address, and email address.

Nebu Data Breach Hits Multiple Dutch Companies, Affecting Millions

A software company called Nebu, based in Wormerveer, Netherlands, specializes in software used for conducting customer surveys. It has been the source of a data leak that affected various Dutch companies that used its services. It is unclear whether the breach was caused by a targeted attack or a mistake by an employee. The affected companies include Nederlandse Spoorwegen, VodafoneZiggo, ArboNed, Heineken, International Film Festival Rotterdam, Dutch Golf Federation, CZ, Trevvel, and Dutch Rental Commission. It is estimated that at least 2 million people in the Netherlands have been affected. The Dutch government has reported that it was not affected by the breach.

SafeMoon Liquidity Pool Hacked, Losing $8.9 Million Due to Exploited ‘Burn’ Function

SafeMoon token liquidity pool recently lost $8.9 million due to a hack. The attacker exploited a newly created “burn” smart contract function that artificially inflated the token’s price, allowing them to sell SafeMoon at a much higher price. The function was mistakenly set public without restrictions, allowing anyone to execute it as they wished. This function was intended to be used only during emergencies. However, an individual claiming to have accidentally performed a front run after the price was artificially inflated has offered to return the stolen funds to SafeMoon. It is unclear if this individual is the same person who exploited the bug in the first place.

Latitude Financial Suffers Data Breach, 14 Million Customer Records Stolen

Latitude Financial, an Australian financial services company, experienced a data breach in March 2023. The hackers were able to steal 14 million customer records, including sensitive personal and financial information such as names, addresses, dates of birth, credit card details, driver’s license numbers, passport numbers, and financial statements. The company works with law enforcement and cybersecurity experts to investigate the breach and prevent further damage. Customers have been advised to monitor their accounts for suspicious activity and to change their passwords as a precautionary measure.

Lionsgate’s Video-Streaming Platform Leaked Users’ IP Addresses and Watch History

According to research conducted by Cybernews, Lionsgate, a major video-streaming platform, has leaked user data through an open ElasticSearch instance. The leak involved:

• A massive 20GB of server logs.
• Dating back to May 2022 and containing nearly 30 million entries that exposed subscribers’ IP addresses and user data related to their devices.
• Operating systems.
• Web browsers.

In addition, the logs revealed usage data typically used for analytics and performance tracking, including URLs containing the titles and IDs of content that users watched on the platform and their search queries. 

Independent Living Systems Data Breach Affects 4.2 Million Individuals

Florida-based Independent Living Systems reported a data breach that affected 4.2 million individuals. The breach was caused by unauthorized access to the company’s network between June 30 and July 5, 2022. The data exposed may include name, address, birth date, government identifiers, financial account information, treatment for mental or physical ailments, and diagnosis codes.

Crypto Lending Platform Euler Finance Hacked for $197 Million in Crypto

PeckShield, a blockchain monitoring firm, notified crypto lending platform Euler Finance about an ongoing hack through a series of transactions that indicated a theft of around $197 million in crypto. BlockSec, a crypto-security firm, also reported the attack. The attackers used an exploit to manipulate the price of a token or asset on the platform during the few seconds they held the lent amount, leading to significant profits. Euler could not prevent the hack, which caused a considerable drop in the price of its crypto token.

Record-Breaking DDoS Attack Peaking at 900 Gbps Mitigated by Akamai

Akamai has reported that it successfully mitigated the largest distributed denial-of-service (DDoS) attack on February 23, 2023. The attack peaked at 900.1 Gbps and 158.2 million packets per second and was targeted at a Prolexic customer in the Asia-Pacific region. Although the attack was intense, it was also short-lived, lasting only a few minutes, with most of the attack traffic occurring during the peak minute of the attack. Akamai redirected the malicious traffic through its scrubbing network to mitigate the attack, with 48% of the malicious traffic managed by scrubbing centers in the APAC region. Akamai’s 26 centers were loaded during the attack, with one center in HKG handling 14.6% of the total traffic.

AT&T Data Breach Compromises Personal Information of 9 Million Customers

AT&T has announced that approximately 9 million customers were affected by a data breach in January caused by a hack of one of their marketing vendors. The compromised data includes Customer Proprietary Network Information (CPNI), such as first names, wireless account numbers, wireless phone numbers, and email addresses. However, no credit card information, social security numbers (SSN), account passwords, or other sensitive personal information was exposed. AT&T has confirmed that some affected customers had their personal information exposed, which pertains to a few years back, including rate plan names, past due amounts, monthly payment amounts, various monthly charges, and minutes used.

BidenCash Carding Marketplace Leaks Two Million Credit Card Details 

As part of its first-anniversary promotion, the BidenCash carding marketplace leaked over two million valid credit card details. The leaked dataset, which is one year old, includes full names, card numbers, bank details, expiration dates, CVV numbers, home addresses, and over 500,000 email addresses from different countries, including the US, China, Mexico, India, Canada, and the UK. It is unclear how the marketplace operates, as it is giving away this data for free on its alleged birthday (despite being launched in June 2022), whereas hackers would usually sell this information.

Protecting Your Business from Cyber Threats with SOCRadar

Cyber threat intelligence is crucial in identifying and mitigating cyber threats. It provides organizations with actionable insights into potential threats, allowing them to make informed decisions and take proactive measures to protect their assets. 

SOCRadar is an advanced threat intelligence platform that helps organizations identify and mitigate cyber threats in real time. It combines data from multiple sources to provide a comprehensive view of the threat landscape, enabling organizations to quickly detect potential threats. Its advanced capabilities and automation make it an essential tool for organizations looking to improve their cyber threat intelligence capabilities.

By utilizing SOCRadar’s platform, organizations can comprehensively understand the threat landscape, proactively address potential risks, and improve their overall cybersecurity posture.