Well, it’s that time of the year again!
No, I won’t be talking about the Superbowl or Valentine’s Day, or even Groundhog Day for that matter – it’s time for our monthly roundup of data breaches. February 2023 brought us a smorgasbord of security mishaps. It seems like even the big players in the industry can’t catch a break these days. But fear not, dear reader, I’m here to break down what happened so that your company can protect itself along with your supply chain. Grab a cup of coffee and let’s dive in!
Reddit:
Reddit had a bit of a scare recently… On February 5, 2023, Reddit discovered a phishing campaign that targeted its employees. In an update from the company, they write “as we all know, the human is often the weakest part of the security chain.” In an attempt to steal credentials and second-factor tokens, an attacker sent out plausible-sounding prompts pointing Reddit employees to a website that cloned the behavior of Reddit’s intranet gateway. The attacker was then able to obtain an employee’s credentials, and in turn, was able to access internal documents, code, and some internal dashboards and business systems. Limited contact information for company contacts and employees, as well as limited advertiser information, were exposed. In the meantime, they’re urging users to protect themselves by setting up two-factor authentication and using a password manager. Stay safe out there, Redditors!
LastPass:
You’re probably thinking to yourself, “hold on didn’t LastPass JUST announce a breach in December?” They did indeed, which I informed you all about. However, the company disclosed that there was a second incident. In a company notice, LastPass writes, “Despite high confidence in the outcomes of our investigation and actions taken in response to the first incident, the threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack. The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources.” In this second incident, the attacker targeted an employee. The attacker obtained access to a DevOps engineer’s LastPass vault by capturing their master password after the employee had authenticated with MFA. The attacker then exported the contents of shared folders, which contained encrypted secure notes with access and decryption keys to access AWS S3 LastPass production backups, other cloud-based storage resources, and some critical database backups.
Weee!:
I have some not-so-tasty news for you all you foodies out there. Weee!, the U.S. online grocery delivery service specializing in Asian and Hispanic foods, recently informed the public that it experienced a data breach. Unfortunately, the breach resulted in cybercriminals stealing a year’s worth of customer data, including names, addresses, email addresses, phone numbers, order numbers, and order comments (like where to leave groceries). While the company is still investigating who is behind the breach, it’s been reported that 1.1 million customer email addresses were compromised.
GoDaddy:
Uh oh! GoDaddy, the popular web hosting company, suffered a multi-year cyberattack. The company explained, “an unauthorized third party had gained access to servers in our cPanel shared hosting environment and installed malware causing the intermittent redirection of customer websites.” GoDaddy discovered the breach after customers reported that their sites were being redirected to random domains. The company says that previous breaches in November 2021 and March 2020 are linked to this multi-year campaign. Further information about this attack can be found in a 10-K filed by the company.
A10 Networks:
A10 Networks is a California-based company that specializes in producing hardware and software for application delivery, identity management, bandwidth management, and cybersecurity services. The company’s customers include a number of well-known tech companies and organizations, such as Twitter, LinkedIn, Samsung, and Uber, among others. In an 8-K filing, A10 Networks disclosed that on January 23, 2023, they identified a cyber-security incident in its corporate IT infrastructure. A sneaky gang known as Play Ransomware is claiming responsibility for this attack. After investigation, it was determined that the threat actors managed to gain access to shared drives, deployed malware, and ‘compromised’ data related to human resources, finance, and legal functions.
Companies must continue to prioritize cybersecurity and take proactive measures to protect themselves. While data breaches can be scary, being aware of what happened and taking the necessary precautions can help prevent further damage.