AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/26/2024

U-Haul says hacker accessed customer records using stolen creds

U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. The breach exposed customer records that include personal information but payment details have not been impacted. U-Haul is an American company that rents moving equipment and storage space for ‘do-it-yourself’ customer needs. It offers trucks, trailers, and other equipment and services for moving household goods.


Mr. Cooper leak exposes over two million customers

Mr. Cooper, a major US mortgage company, left an open Google Cloud instance exposing details of millions of its customers only two months after the company suffered a severe data breach. America’s third-largest mortgage servicer left details of its customers accessible to anyone willing to look, recent research from the Cybernews research team has revealed. Mr. Cooper’s open Google Cloud storage bucket contained a trove of data, including marketing materials and site assets, but more importantly, names, loan numbers, and other data about its customers. The team discovered the leak in late December 2023, less than two weeks after Mr. Cooper revealed it suffered a significant data breach in October 2023, which exposed the information of 14.6 million of the company’s clients. However, the publicly accessible data discovered by the team does not include data exposed in the October breach, pointing to the incidents being unrelated.


Vending machine error reveals secret face image database of college students

Canada-based University of Waterloo is racing to remove M&M-branded smart vending machines from campus after outraged students discovered the machines were covertly collecting facial-recognition data without their consent. The scandal started when a student using the alias SquidKid47 posted an image on Reddit showing a campus vending machine error message, “Invenda.Vending.FacialRecognitionApp.exe,” displayed after the machine failed to launch a facial recognition application that nobody expected to be part of the process of using a vending machine. “Hey, so why do the stupid M&M machines have facial recognition?” SquidKid47 pondered. The Reddit post sparked an investigation from a fourth-year student named River Stanley, who was writing for a university publication called MathNEWS.



The Royal Canadian Mounted Police (RCMP), the federal and national law enforcement agency of Canada, confirmed that it was the target of a cyber attack. RCMP also notified the Office of the Privacy Commissioner (OPC). The police have launched an investigation into the cyber attack and urged its staff to stay vigilant. “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson for the RCMP said in a statement issued to CBC News. “While a breach of this magnitude is alarming, the quick work and mitigation strategies put in place demonstrate the significant steps the RCMP has taken to detect and prevent these types of threats.”

The RCMP said that it is not aware of any impact on foreign police and intelligence services.


Prescription orders delayed as US pharmacies grapple with “nation-state” cyber attack

Prescription orders across the United States are reportedly being delayed after a cyber attack impacted a healthcare technology firm that supplies services to pharmacies, including CVS Health. Change Healthcare says that it experienced a “cyber security issue” on Wednesday 21 February, that caused it to experience “enterprise-wide connectivity issues” and forced it to shut down systems. It later confirmed that the “network interruption” it was experiencing was related to a “cyber security issue.” That would be bad news for any business, but when your company’s service is used by pharmacies nationwide to. amongst other things, process medication orders and check patients’ eligibility for treatment then it’s a whole new world of pain for a much wider number of people.

Related Posts