AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/17/2021

T-Mobile Investigating Claims of Massive Customer Data Breach

T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers. The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers. “T-Mobile USA. Full customer info,” the seller told Motherboard in an online chat. The seller said they compromised multiple servers related to T-Mobile.


Colonial Pipeline reports data breach after May ransomware attack

Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. The company says that it “recently learned” that DarkSide operators were also able to collect and exfiltrate documents containing personal information of a total of 5,810 individuals during their attack. Impacted personal info for the affected individuals ranges from names and contact details to health and ID information. “The affected records contained certain personal information, such as name, contact information, date of birth, government-issued ID (such as Social Security, military ID, tax ID, and driver’s license numbers), and health-related information (including health insurance information),” Colonial Pipeline reveals in the data breach notification letters.


New Anti Anti-Money Laundering Services for Crooks

A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed “Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people. “Worried about dirty funds in your BTC address? Come check out Antinalysis, the new address risk analyzer,” reads the service’s announcement, pointing to a link only accessible via Tor. “This service is dedicated to individuals that have the need to possess complete privacy on the blockchain, offering a perspective from the opponent’s point of view in order for the user to comprehend the possibility of his/her funds getting flagged down under autocratic illegal charges.”


BBB Scam Alert: This pet sitting job is too good to be true

Scammers have been using employment scams to trick people out of their personal information and money for years. These scams often target students or others looking for part time jobs. Recently, BBB Scam Tracker has seen multiple reports of a tempting scam that appears to be a friendly family looking for a pet sitter. A very polite-seeming person contacts you through social media, a legitimate job website, or your student email with what sounds like an excellent job offer. First, the person tries to earn your trust by sharing a lot of personal information, such as their name, age, pets’ names, and job. Then, they give you a long story about how they are moving to your area and will need a pet sitter immediately. They offer you a generous hourly rate or ask you to name your price. Because you are such a good fit, they don’t even need to interview you in person. Once you accept the job, the scammers get down to business. They may ask you for sensitive personal information, such as your full name, address, phone number, social security number, and banking information, claiming they need it to set up direct deposit or pay you in advance. 


Rise of biometrics and contactless signal demise of the magnetic stripe

Mastercard plans to begin phasing out the magnetic stripe on its payment cards from 2024 as chip-based and contactless payments continue to rise. According to the credit card giant, removal of the magnetic strip will happen across most markets, with Europe taking the lead. Meanwhile, newly-issued Mastercard credit and debit cards in the US will no longer need to feature the familiar magnetic stripe from 2027. By 2029, it’s anticipated the magnetic stripe will disappear from Mastercard credit and debit cards altogether, although prepaid cards in the US and Canada will retain the imprint. However, Mastercard predicts that all of its cards will see the feature disappear completely by 2033. The distinctive dark-coloured stripe running along the back of plastic cards has been a regular feature since the 1960s, developed initially by IBM. In its time the feature has proved to be a practical solution for encoding card information details and also verifying cards during transactions. However, the advent and growing dominance of chip technology has seen less reliance on the magnetic stripe.

Related Posts