Tag Archives: Data Breach

Gaming, Lifestyle, News

Twitch Has Been Breached – Here’s What You Need to Know

1 Comment

Big tech and data breaches are becoming inseparable. We’ve been getting news of breach after breach since early this year. Nearly every tech space from Facebook to Neopets has been breached in the recent past. The latest platform added to that list is the popular streaming platform – Twitch.

Twitch’s data breach could be one of the largest to date. A whopping 125GB of data was uploaded to a (now removed) thread on 4Chan by an anonymous user. The data contained within the files date back to the early beginnings of Twitch. Everything from the platforms source code to their most recent Git commits has been uploaded. Together with this, payout information to the platform’s largest creators since 2019 have also been uploaded.

caspar camille rubin DrL cwqD6tM unsplash 1
Photo by Caspar Camille Rubin on Unsplash

In addition to this data, the leak also contains data on Twitch’s network backbone which runs on AWS. It apparently contains some proprietary SDKs (Software Development Kits) and also information on “Every other property that Twitch owns” including IGDB and CurseForge. It seems like an unannounced competitor to Steam called Vapor for Amazon Game Studios is also contained within the files. Basically, it seems like everything and anything related to Twitch is within the 125GB.

Some users who have been looking through the data have also found that encrypted passwords and user information. So, it goes without saying that you should change your Twitch password if you have an account and activate two-factor authentication. You can do this in the privacy settings on Twitch itself.

Screenshot 2021 10 06 at 17.43.13
Source: Ars Technica

The leaker made their motives crystal clear in their post. Noting, “Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them.” The hackers also ended the post with #DoBetterTwitch. More worryingly, the 125GB of data was labelled as “part one” which indicates there could be more incoming.

It’s probably apt to mention that the leak comes in the wake of the #ADayOffTwitch protest by creators who are trying to get the platform to take hate raids more seriously. The platform has been plagued by users who have used the Raid and tags features to actively harass others. While Twitch has been trying to be proactive, the most it has done is provide streamers with tools to try to control raids and even sue perpetrators.

The breach has since been confirmed by Twitch itself on Twitter.

A cybersecurity firm, Acronis, has chimed in calling the breach “one of the most severe data breaches of late”. In fact, they say that there is, “a lot more damage now in store for Twitch”. Candid Wuest, Vice President of Cybersecurity Research at Acronis, also noted that “While [it is] yet unclear how the breach happened, it’s already harming Twitch on all the fronts that count – revenue, operations, users, influencers, market positioning.” He also noted that Twitch could be at greater risk as the availability of the source code will make it easier for malicious actors to attack the site. More importantly, the company is advising that users be wary and change their passwords as well as activate two-factor authentication on their accounts.

Candid Wuest Acronis
Candid Wuest, Vice President of Cybersecurity Research, Acronis

“Leaked data could contain nearly the full digital footprint of Twitch, making it one of the most severe data breaches of late. The 125 GB of data leaked so far might just be the start, according to the comments of the attacker. Internal network plans and marketing plans for future products could now be misused by attackers or sold to competitors. If the source code is exposed, we will see a spike in vulnerabilities discovered in related software. Having access to the source code makes it easy to find weak spots.

Candid Wuest, Vice President of Cybersecurity Research, Acronis

News, Social Media

LinkedIn Breached! 500 million Accounts Compromised

Leave a comment

It seems like this week is becoming a very worrying week for social media. Earlier this week, news broke of 533 million Facebook users having their data compromised after a data breach. The latest social media network to join the club? LinkedIn.

It looks like LinkedIn has suffered a breach similar to that of Facebook with the data of over 500 million users being compromised. The breach was first reported by CyberNews who has apparently verified the data. However, it is unclear if the data is fresh or aggregated from a breach that occurred back in 2016.

While the date of the data may be uncertain, the leaked data is a cause for concern as, similar to the Facebook data breach, the phone numbers, emails and full names were leaked. It also looks like LinkedIn IDs, links to the social media profiles, work related data and gender information was leaked.

LinkedIn has acknowledged the data leak. In a public statement, the company has said, “We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”

The news of the data breach is surfacing after a warning of possible scams involving job hunters on the social media was issued by cybersecurity experts. The scam involved fraudsters posing as potential employers who would send .ZIP files to victims purportedly containing application files. Instead, the archive contains a fileless backdoor which allowed bad actors to stealthily install malware into the PC.

LinkedIn has not indicated whether they will be contacting individuals who have been affected. However, keep in mind, that Facebook has opted not to do this. It is very likely that LinkedIn will do the same to avoid a potentially messy situation. We’ve outlined how you can check if you’ve been affected by the breach. We also advise some prudence in dealing with your data online.

News, Social Media

Are You One of the 533 million in the Facebook Data Leak? Here’s How to Find Out & What You Can Do

Leave a comment

Facebook has suffered one of the largest data breaches in recent years. A total of about 533 million users across 106 countries have had their private data which includes emails and phone numbers compromised. In recent reports, it seems like Mark Zuckerberg himself is affected by the breach.

However, in a statement to Reuters, Facebook has clarified that it has no plans to inform the users affected by the breach. In fact, the company states that it isn’t confident that it has complete visibility of the data that has been leaked. The spokesperson also noted that users will still be unable to take action even if they are informed.

So what can you do to check if you’ve been affected by the breach? The easiest way to check is to use the website haveibeenpwned.com. The website is able to check whether your information has been involved in breaches across the internet. Sites as old as myspace and Neopets have had breaches to their data. U.S. Residents also have the option of using The News Each Day.

Once on the website, enter the data you want to check – it can be your email, password or even phone number. If you’re checking for a phone number, be sure to include your country code. So, if you’re checking for a Malaysian mobile number, type in the “6” before your operator prefix. Then simply click the “pwned?” button. It will check all the available breaches for the data and return an answer. You’ll get one of two possible results: “Oh no – pwned!” or “Good news – no pwnage found”.

So what should you do if your data has been involved in a breach? The first thing you should do is to change your passwords – particularly if you are fond of using the same password for multiple services. The next thing you should do is activate 2-factor authentication (2FA) for all your services. It may be a little bit inconvenient but it will save you a lot of hassle in the long run. Be sure that you have a secure password moving forward and make sure to keep your passwords for every service unique.

Beyond this, you really don’t have much that you can do. Moving forward you just have to be a little bit more prudent about the information you share online. Where possible, try not to link sensitive data such as your phone number to online accounts. Since there was a significant number of phone numbers in this breach, you may want to be alert when it comes to dealing with unknown callers.

However, it’s no reason to be panicky. Once you’ve secured your accounts, your data should be secured for the foreseeable future.

News

533 Million Facebook Users’ Data Resurfaces Online from 106 Countries

2 Comments

Facebook seems to be having a row of things recently. The company initially faced humongous backlash on their implementation of data sharing policies between popular messaging app, WhatsApp, and the larger company. Now, it looks like old wounds are reopening for the company as data from a breach that happened in 2019 has surfaced on forums in hacking forums.

The breach involves over half a million users from over 100 countries with data such as their phone number, emails and even birth date. Malaysia is listed in the countries affected with over 11 million users having been compromised. The breach was first reported by Business Insider. Business Insider has also verified the data in the leak by testing password reset requests. A spokesperson for Facebook has confirmed the data breach. The person also confirmed that the data breach occurred due to vulnerability which was identified and patched back in 2019.

https://twitter.com/UnderTheBreach/status/1378314424239460352

While the data is 2 years old, the fact that it is readily available online at this point is a worrying fact. Data like birthdates, phone numbers and emails can be used to socially engineer scams. In fact, due to the phone numbers being leaked and made readily available, the likelihood in getting scams over SMS and phone calls are heightened.

Acronis Vice President of Cyber Protetction research, Candid Wuest, advises that, in light of the leak, “There is now a higher risk of SMS spam, but also password reset attacks and attacks against other services that use SMS for MFA are now more likely. Users should therefore change from SMS-based MFA service where possible for critical accounts.”

The fact that the leaker has readily made the data available for free can be puzzling. However, according Wuest, “As the leaked data does not contain any passwords or payment card details it is of less value to attackers. Furthermore, at least two third of the data was already available from previous leaks. It is not uncommon to see such data sets being made available for free, as they would not yield much profits on underground site. Such large data sets tend to not stay private for very long anyway.”

The new leak brings into the spotlight the amount of personal data we have available online and especially on social media. It also brings into question Facebook’s privacy policies which govern and protect data stored on their service. What’s even more worrying is the fact that Facebook wasn’t the notifying users, instead, the leak was reported by twitter user Alon Gal who has since been looking at and verifying the data leak. Facebook has only confirmed the occurrence of the breach and has not even notified users that were affected.

Android, Mobile, News

Samsung Find My Mobile Notification was a Data Breach

Leave a comment

Update (26 February 2020): Samsung has reached out to SamMobile to clarify that the data breach wasn’t related to the Find My Mobile notification. Instead, the data breach was an isolated incident which occurred on the UK Samsung website. According to the report, only 150 customers were affected in the data leak.

Last week, tech news was rife with news of a number of Samsung users getting a strange unexplained prompt from their Find My Mobile app. If you’re still 1dering why you got it, it appears that the issue may be a lot bigger than Samsung initially admitted to.

Here’s a little recap of what exactly happened. Samsung devices across the world started receiving a strange notification from their Find my Phone app. The notification simply said 1,1. There was no explanation nor reason behind the notification.

Reports also surfaced that Samsung’s non-Galaxy devices such as the Galaxy XCover. What’s even more alarming is that users who have already deactivated the “Find My Mobile” application were still receiving the notification. Deactivated applications are applications which have essentially been turned off as they cannot be uninstalled without altering the phone’s software. This and the fact that the notification appeared on devices spanning the whole range of Android enabled Galaxy devices including the new Galaxy Z Flip as reported by renown tech journalist, Michael Fisher; makes things very worrying.

Having received the notification, some users promptly decided to reset their passwords. However, when they tried to access their Samsung account pages, they were either greeted by information that wasn’t theirs or a blank screen. Keep in mind, a Samsung account is tied to every Galaxy device. In fact, on Android enabled devices, setting up a Samsung account is also part of the phone’s setup. The account is also tied to the SamsungPay service. Samsung’s payment gateway stores credit card and debit card information to use when paying at merchants.

Samsung initially owned up to the issue saying that the it was an internal test and that the notification was sent out unintentionally during an internal test. However, the company recently owned up to a data breach. In a statement to UK based news portal, The Register, Samsung’s spokesperson said,

“A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed. We will be contacting those affected by the issue with further details.”

While the company has yet to reveal what “a small number” means. We can expect that the number is large enough. In my own experience, 4 out of 5 friends using Samsung devices received the notification. So, it would be safe to assume that the issue is relatively widespread.

Of greater concern is how the app was able to send out a notification. This indicates that the app was still running in the background and points to the app having more functionality than it should. It also raises the question on what functionality Android allows disabled built-in apps.