Privacy watchdogs in the U.K. and Canada have launched a joint investigation into the data breach at 23andMe last year.
In its data breach notices, the company said it didn’t detect the hackers’ activities for around five months, from April until September 2023.
23andMe said it only became aware of the account breaches in October 2023, when hackers advertised the stolen data on the unofficial 23andMe subreddit and a well-known hacking forum.
Hackers broke into around 14,000 accounts of 23andMe customers by reusing their passwords from previous breaches, a technique known as password spraying.
That’s how the hackers were able to scrape information on 6.9 million users by only hacking 14,000 accounts.
It’s the first time that the number of affected Snowflake customers has been disclosed since the account hacks began in April.
So far, only Ticketmaster and LendingTree have confirmed data thefts where their stolen data was hosted on Snowflake.
Several other Snowflake customers say they are currently investigating possible data thefts from their Snowflake environments.
Mandiant said the threat campaign is “ongoing,” suggesting the number of Snowflake corporate customers reporting data thefts may rise.
Last week, TechCrunch found circulating online hundreds of Snowflake customer credentials stolen by malware that infected the computers of staffers who have access to their employer’s Snowflake environment.
Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist The stolen World-Check database contains 5.3 million recordsA financially motivated hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime.
The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.
A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.
The incident involves a third party’s data set, which includes a copy of the World-Check data file.
Banking giant HSBC shut down bank accounts belonging to several prominent British Muslims after the World-Check database branded them with “terrorism” tags.
Streaming giant Roku has confirmed a second security incident in as many months, with hackers this time able to compromise more than half a million Roku user accounts.
In a statement Friday, the company said about 576,000 user accounts were accessed using a technique known as credential stuffing, where malicious hackers use usernames and passwords stolen from other data breaches and reuse the logins on other sites.
Roku said in fewer than 400 account breaches, the malicious hackers made fraudulent purchases of Roku hardware and streaming subscriptions using the payment data stored in those users’ accounts.
Two-factor authentication prevents credential stuffing attacks by adding an additional layer of security to online accounts.
By prompting a user to enter a time-sensitive code along with their username and password, malicious hackers cannot break into a user’s account with just a stolen password.
Conservative think tank The Heritage Foundation said on Friday that it experienced a cyberattack earlier this week.
A person with knowledge of the cyberattack told TechCrunch that efforts at Heritage were underway to remediate the cyberattack, but said that it wasn’t immediately known what, if any, data was taken.
Politico, which first reported the news of the cyberattack on Friday, cited a Heritage official as saying the organization “shut down its network to prevent any further malicious activity while we investigate the incident.”The news outlet quoted the Heritage official as saying that the cyberattack likely came from nation-state hackers, but did not provide evidence of the claim.
Founded in 1973, Heritage is based in Washington DC, and supports and lobbies on conservative issues.
Heritage was hit by a cyberattack in 2015 in which hackers stole internal emails and the personal information of its donors.
U.S. cybersecurity agency CISA has confirmed that Russian government-backed hackers stole emails from several U.S. federal agencies as a result of an ongoing cyberattack at Microsoft.
“Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” said CISA.
CISA made details of the emergency directive public on Thursday after giving affected federal agencies a week to reset passwords and secure affected systems.
CISA did not name the affected federal agencies that had emails stolen, and a spokesperson for CISA did not immediately comment when reached by TechCrunch.
The emergency directive comes as Microsoft faces increasing scrutiny of its security practices after a spate of intrusions by hackers of adversarial nations.
Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet.
The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems.
Yoleri told TechCrunch that the exposed data could potentially help malicious actors identify or access other places where Microsoft stores its internal files.
The researchers notified Microsoft of the security lapse on February 6, and Microsoft secured the spilling files on March 5.
Microsoft did not say if it had reset or changed any of the exposed internal credentials.
U.S. consulting firm Greylock McKinnon Associates disclosed a data breach in which hackers stole as many as 341,650 Social Security numbers.
The data breach was disclosed on Friday on Maine’s government website, where the state posts data breach notifications.
A spokesperson for the Justice Department did not respond to a request for comment.
We received confirmation of which individuals’ information was affected and obtained their contact addresses on February 7, 2024,” the firm wrote.
GMA told victims that “your personal and Medicare information was likely affected in this incident,” which includes names, dates of birth, home address, some medical information and health insurance information, and Medicare claim numbers, which included Social Security Numbers.
In its previous price list, published in 2019, the highest payouts that Crowdfense was offering were $3 million for Android and iOS zero-days.
In a report last month, Google said it saw hackers use 97 zero-day vulnerabilities in the wild in 2023.
Spyware vendors, which often work with zero-day brokers, were responsible for 75 percent of zero-days targeting Google products and Android, according to the company.
Zero-day brokers, as well as spyware companies like NSO Group and Hacking Team have often been criticized for selling its products to unsavory governments.
“All the companies and governments directly sanctioned by the USA are excluded.”At least one company, spyware consortium Intellexa, is on Crowdfense’s particular blocklist.
Video game giant Activision is investigating a hacking campaign that’s targeting players with the goal of stealing their credentials, TechCrunch has learned.
Somehow, the hackers are getting malware on the victim’s computers and then stealing passwords for their gaming accounts and crypto wallets, among others, according to sources.
Zeebler described the effort as an “infostealer malware campaign,” where malware designed as legitimate-looking software unknowingly installed by the victim surreptitiously steals their usernames and passwords.
Zeebler told TechCrunch that he found out about the hacking campaign when a PhantomOverlay customer had their account for the cheat software stolen.
After that, Zeebler said he contacted Activision Blizzard as well as other cheat makers, whose users appear to be affected.
