Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 7/24/2020

First American Title Accused Of Exposing Millions Of Customers’ Personal Data

First American Title, one of the largest providers of title insurance in the U.S., is facing allegations that it exposed the personal data of millions of its customers. The New York State Department of Financial Services (DFS) filed charges on Wednesday (July 22) against the Santa Ana, California-based company, which wrote more than 50,000 policies in New York last year. Regulators allege violations of the state’s cybersecurity regulation. DFS said that millions of documents – many containing bank account numbers, mortgage and tax records, Social Security numbers, wire transaction receipts and drivers’ license images – were compromised. The complaint alleges that a breach of First American’s information systems resulted in the exposure of consumers’ sensitive personal information over several years. DFS claimed that First American has known about the vulnerability for nearly two years, but failed to fix it.

 

Steve Wozniak sues YouTube over ongoing bitcoin scams

Steve Wozniak is suing YouTube for allowing scammers to use his name and likeness in phony bitcoin giveaways. According to the lawsuit, filed in the Superior Court of the State of California, crooks have been posting videos on the platform claiming that Wozniak is hosting a bitcoin promotion. They convince users that if they send bitcoin to a provided address, “Wozniak” will return double the amount. “YouTube has featured a steady stream of scam videos and promotions that falsely use images and videos of Plaintiff Steve Wozniak, and other famous tech entrepreneurs, and that have defrauded YouTube users out of millions of dollars,” the complaint reads.

 

Hundreds Of Thousands Of Instacart Customers’ Personal Data Is Being Sold Online

The personal information of what could be hundreds of thousands of Instacart customers is being sold on the dark web. This data includes names, the last four digits of credit card numbers, and order histories, and appears to have affected customers who used the grocery delivery service as recently as yesterday. As of Wednesday, sellers in two dark web stores were offering information from what appeared to be 278,531 accounts, although some of those may be duplicates or not genuine. As of April, Instacart had “millions of customers across the US and Canada,” according to a company spokesperson. The company denied there had been a breach of its data. “We are not aware of any data breach at this time. We take data protection and privacy very seriously,” an Instacart spokesperson told BuzzFeed News.

 

CouchSurfing investigates data breach after 17m user records appear on hacking forum

CouchSurfing, an online service that lets users find free lodgings, is investigating a security breach after hackers began selling the details of 17 million users on Telegram channels and hacking forums. The CouchSurfing data is currently being sold for $700, ZDNet has learned from a data broker, a person who buys and sells hacked data for profit on the hacking underground. The data broker, who requested anonymity for this article, was not able to identify the hacker but said the CouchSurfing data, which first appeared in private Telegram channels last week, has been advertised as being taken from CouchSurfing’s servers earlier this month, in July 2020.

 

Smartwatch maker Garmin hit by outages after ransomware attack

Garmin has been forced to shut down its call centres, website and some other online services after a ransomware attack encrypted the smartwatch maker’s internal network and some production systems. The US company shut down services including the official Garmin website and all customer services, including phone lines, online chat and email. The attack had a significant impact on Garmin watch owners as it also shut down the Garmin Connect service, which they rely on to synchronise their sporting activities, such as running, swimming and cycling, with a smartphone app to monitor performance.

Related Posts