By Deeba Ahmed
The attack was successful as hackers sent SMS phishing links to several employees at Activision, and one of them fell prey to it.
This is a post from HackRead.com Read the original post: Employees at Gaming Giant Activision Hit by SMS Phishing Attack

Activision acknowledged the breach only after researchers discussed it on Twitter, revealing that hackers had managed to steal the gaming giant’s sensitive documents.

Researchers have disclosed details of a data breach due to SMS phishing attack targeting the world’s prominent game publisher, Activision. According to VX-Underground researchers on Twitter, unidentified hackers managed to breach Activision’s security and steal internal company data.

There has been a recent rise in SMS phishing, also known as smishing, which is a form of social engineering attack in which an attacker sends a text message to a victim with the goal of tricking them into revealing sensitive information or downloading malware onto their device.

For example, Reddit, Coinbase, Zendesk, Twilio, DoorDash, and Namecheap, among several others, suffered SMS phishing attacks directed toward employees of these companies.

**Incident Details**

As for the cyber attack on Activision, threat actors accessed the game giant’s game release calendar and corporate Slack environment. The attackers stole sensitive workplace documents and content to be released in November 2023.

Activision had detected the breach, but they didn’t disclose it right away. VX-Underground was the first to break the news.

**Activision Confirmed Data Breach**

Activision has now confirmed that a data breach occurred in December of 2022 with the following statement:

“On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed.”

Activision’s spokesperson stated that the company considers its data’s safety paramount and has “comprehensive information security protocols” in place to maintain data confidentiality.

**How Did the Breach Occur?**

The company revealed that threat actors had tried to phish several of its employees through an SMS-based phishing campaign. They received a message designed to be sent by the Activision Automated SMS Dispatcher. The email was titled “Employment Status: Under Review,” and they were urged to respond with a 2FA code.

One of the employees fell for the trap, while the others did not. The employee responded with the code, and the attackers gained access to their account. The other employees responded with curses, but they didn’t report the incident to Activision’s information security team, which is why the attackers could continue with the breach.

**What was Data Stolen?**

Attackers posted an objectionable message in the general Slack channel by exploiting a compromised account of a privileged user. On Sunday, VX-Underground published screenshots of the supposedly stolen from the game publisher.

According to the images, the attacker most likely accessed a schedule for the company’s content release dates for its popular game Call of Duty. Moreover, it is also claimed that the breached data includes plans for the release of Call of Duty 2023 and Call of Duty 2024.

In addition, sensitive employee data such as full names, phone numbers, email IDs, workplaces, and salaries were also compromised.

**Recent Rise in SMS Phishing**

Smishing attacks have increased in recent years as more people rely on their mobile phones for communication and daily activities. These attacks often appear to be from a legitimate source, such as a bank or a trusted service provider, and may include a link that, when clicked, leads the victim to a fake website designed to steal their login credentials or personal information.

To avoid falling victim to smishing attacks, employees must be trained, it is important to be cautious when receiving text messages from unknown or unexpected sources, and to never provide sensitive information in response to a text message.

Additionally, it is important to verify the authenticity of any links before clicking on them, and to install and maintain up-to-date anti-malware software on your device to help detect and prevent smishing attacks.

1.  How to Teach Your Employees About Cybersecurity
2.  Geo Targetly URL Shortener Abused in Phishing Scam
3.  4 Ways For Employees To Distinguish Phishing Attacks
4.  PayPal Scammers Abusing Invoices for Phishing Attacks
5.  Cybersecurity Training in Companies: The Only Way Out!

Employees at Gaming Giant Activision Hit by SMS Phishing Attack

By Habiba Rashid
The voice chat app under discussion is OyeTalk, which is available for Android and iOS devices and is operated from Pakistan.
This is a post from HackRead.com Read the original post: Android voice chat app with 5m installs leaked user chats

OyeTalk was leaking unencrypted data through unprotected access to Firebase, Google’s mobile application development platform that provides cloud-hosted database services.

A popular Android voice chat app, OyeTalk, has leaked private user data, including their unencrypted chats, usernames, and cellphone International Mobile Equipment Identity (IMEI) numbers.

With over five million downloads on **Google Play**, the app has compromised the privacy of all its users while simultaneously exposing them to malicious threats.

OyeTalk on Android

OyeTalk was leaking data through unprotected access to **Firebase**, Google’s mobile application development platform that provides cloud-hosted database services.

The researchers warned that malicious actors could have deleted the dataset, resulting in a permanent loss of users’ private messages, if the leaked data had not been backed up. 

According to the Cyber News **blog post**, Despite being informed of the data spill, the app developers failed to close off public access to the database. Google’s security measures had to step in, since the spill got too big, to close off the database.

This isn’t all. The developers also carelessly left sensitive information hardcoded in the application’s client-side, including a Google API (application programming interface) key and links to Google storage buckets. The exploitation of this security practice in the past has resulted in data loss or a complete takeover of user data stored on open Firebase or other storage systems.

It turns out, this was not the first occurrence of a data leak affecting OyeTalk. The researchers found that the database had been discovered and marked as vulnerable by unknown actors, likely with no malicious intent. The database contained specific fingerprints used to mark open Firebases, known as “**Proof of Compromise**” (PoC) and Evidence of Compromise (EoC) or Indicator of Compromise (IOC).

**Repercussions**

The repercussions of a data leak like the one that occurred with the OyeTalk voice chat app can be severe and far-reaching. First and foremost, the personal information of users can be compromised, leaving them vulnerable to scams.

Furthermore, the leak of personal data can also have a negative impact on the reputation of the app and the company behind it. Users may lose trust in the app and its ability to protect their data, leading to a decline in its user base and revenue. This can also result in legal consequences for the company, as they may face lawsuits and fines for violating data privacy laws.

Overall, the OyeTalk data leak can have significant and lasting consequences for users, the app and its company, and society at large. It underscores the importance of robust data protection measures and responsible handling of personal information and highlights the need for ongoing vigilance in the face of ever-evolving **cybersecurity threats**.

1.  **23 Android apps leaked sensitive data of 100m users**
2.  **GoKeyboard App Spying on Millions of Android Users**
3.  **Dune! game app leaked personal data of Android users**
4.  **Login Details of Tech Giants Leaked in Data Center Hacks**
5.  **Iranian hackers drop RatMilad Android spyware in VPN app**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Android voice chat app with 5m installs leaked user chats

By Deeba Ahmed
The bugs allowed cybercriminals to bypass the iOS system's security protections and execute unauthorized code. 
This is a post from HackRead.com Read the original post: Apple Bug Could Allow Attackers Access to Photos and Messages

The findings are based on previous research from Google and Citizen Lab conducted in 2021 which discovered a zero-click, zero-day iOS exploit dubbed “ForcedEntry,” linked to the Israeli NSO Group.

Apple devices and products are known for their advanced security mechanisms, particularly the iPhone and Macbook. However, the latest research reveals that even Apple products aren’t safe from the prying eyes of threat actors.

Researchers at the cybersecurity firm Trellix Advanced Research Center have disclosed details of a newly discovered privilege escalation bug class that, if exploited, could allow an attacker to sweep up call history, messages, and photos from the device.

According to researchers, the bugs allowed cybercriminals to bypass the iOS system’s security protections and execute unauthorized code. The security flaws were ranked as medium to high in terms of security.

Trellix’s vulnerability research director, Doug McKee, stated that although Apple has addressed the issue, the concern is that these vulnerabilities allow bypassing of Apple’s security model at a “fundamental level.”

Apple said the bugs weren’t exploited in the wild before being fixed.

**How Was the Bug Discovered?**

The findings are based on previous research from Google and Citizen Lab conducted in 2021. The organizations discovered a zero-click, zero-day iOS exploit dubbed “ForcedEntry,” linked to NSO Group.

This was a highly sophisticated exploit found on a Saudi activist’s iPhone and was used for installing Pegasus malware developed by the NSO Group. The same spyware was also found on the iPhones of nine State Department officials in the United States.

This exploit had two key features: first, it tricked the iPhone into opening a malicious PDF disguised as a GIF file. Secondly, it enabled attackers to evade the sandbox that Apple introduced to prevent apps from accessing data from other apps or other parts of the device.

This second feature of ForcedEntry was the basis of Trellix’s research from senior vulnerability researcher Austin Emmitt. A proof-of-concept was released to demonstrate how the bugs could be exploited.

**Vulnerabilities**

Emmitt discovered a new class of vulnerabilities revolving around the NSPredicate tool that filters code within Apple’s systems. This tool was first exploited in ForcedEntry, as the 2021 research revealed, and Apple introduced new measures to prevent this abuse.

However, the mitigation methods were insufficient, as Trellix researchers found that these methods could also be bypassed since bugs in the NSPredicate class were found in multiple places in macOS and iOS systems.

This includes the Springboard app, which manages the home screen on an iPhone and can access photos, location data, and the camera. After exploiting the bugs, the attacker could access places they could not otherwise invade. Attackers trying to exploit it need to gain an initial foothold into the device.

Vulnerabilities in NSPredicate were discovered in macOS 13.2 and iOS 16.3, and Apple patched them with software updates in January. The company also issued CVEs for these flaws—CVE-2023-23530 and CVE-2023-23531—and released new versions of macOS and iOS.

1.  Apple AirTags used as trojan for credential hacking
2.  iOS Devices Receive Vital Security Updates from Apple
3.  Charging cable remotely steals data from Apple devices
4.  55 Apple bugs risked iCloud account takeover, data theft
5.  Study: Android sends more data to Google than iOS to Apple

Apple Bug Could Allow Attackers Access to Photos and Messages

By Waqas
Threat actors have hacked two data centers in Asia and accessed login credentials of top technology giants, including Apple, Uber, Microsoft, Samsung, Alibaba, etc., and leaked them on a hacker forum.
This is a post from HackRead.com Read the original post: Login Details of Tech Giants Leaked in Two Data Center Hacks

The leaked data includes email addresses, password hashes, names, phone numbers, and more.

Hackers obtained login credentials for several mainstream corporate giants, including Microsoft, Samsung, Uber and Apple, etc. and gained remote access to the entities’ surveillance cameras after attacking two data centers in Asia.

A screenshot from the leaked data shows login credentials for Samsung, Amazon, Uber, Alibaba and more. (Credit: Hackread.com)

This was **revealed** by the cyber security firm Resecurity. The company originally identified the data breach in September 2021; however, details of it were only revealed to the media now as on February 20th, 2023, hackers leaked the stolen login credentials online.

It is worth noting that these credentials were leaked on Breachforums by a threat actor going by the handle of “Minimalman.” For your information, Breachforums is a hacker and cybercrime forum that surfaced as an alternative to the popular and **now-seized Raidforums**.

According to Resecurity, hackers accessed two of the largest data center operators in Asia that were being used by several mainstream companies and technology giants. From there, the hackers could obtain customer support logins for high-profile companies, including Amazon and Apple, BMW, Microsoft, Alibaba, Walmart, Goldman Sachs, etc.

As seen by Hackread.com on the hacker forum, the threat actors managed to obtain and leak credentials from over 2,000 firms and a Chinese foreign-exchange platform.

The data centers have been identified as Shanghai-based GDS Holdings and Singapore-based ST Telemedia Global. Both data centers reportedly forced all customers to change their passwords in January 2023.

**Dangers**

The dangers of hackers obtaining login credentials of tech giants such as Apple, Amazon, Microsoft, Samsung and others are numerous and severe. Firstly, such credentials allow hackers to access sensitive customer data, including payment information and personal details, which can lead to **identity theft and financial fraud**.

Secondly, hackers can use these credentials to gain access to the company’s networks, potentially compromising intellectual property and trade secrets. Additionally, with access to company accounts, hackers can launch cyber attacks against other organizations, amplifying the damage caused by their actions.

Furthermore, a breach of a tech giant’s login credentials can have far-reaching consequences, impacting not only the company and its customers but the wider economy and society as a whole. For instance, if a company like Amazon were to suffer a significant data breach, it could lead to a loss of consumer trust, which could in turn affect the confidence of investors and the stock market.

Moreover, a successful hack of a tech giant’s credentials could inspire copycat attacks, leading to an escalation in cybercrime and potentially destabilizing the digital infrastructure that underpins much of our daily lives.

To mitigate these risks, tech giants must remain vigilant in their cybersecurity measures, ensuring that their systems are regularly updated and that their employees are trained to detect and prevent security breaches.

Companies must also invest in advanced technologies such as machine learning and artificial intelligence to detect and respond to cyber threats in real time. Finally, companies must ensure that they comply with industry standards and regulations related to cybersecurity, such as the General Data Protection Regulation (**GDPR**), to protect the privacy and security of their customers.

1.  **Sydney Data Center Targeted By FinFisher Spyware**
2.  **Hackers attack National Data Center with watering hole attack**
3.  **Hyperconverged Infrastructure (HCI) is Changing Data Centers**
4.  **Top sites affected after OVH data center catches disastrous fire**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Login Details of Tech Giants Leaked in Two Data Center Hacks

By Waqas
The SMS phishing attack (smishing) was followed by a phone call from a scammer to one of the employees who fell for the scam.
This is a post from HackRead.com Read the original post: Coinbase Employees Targeted by SMS Phishing Attack

Don’t let smishing get you down! Learn how Coinbase employees were targeted by a persistent social engineering attack and how the company’s quick defence protected it from disaster.

Coinbase, one of the largest cryptocurrency exchanges in the world, has reported a cybersecurity incident that targeted its employees with an SMS phishing attack (**Smishing**) using persistent **social engineering tactics**.

Coinbase has over 1,200 employees worldwide, and as of 2022, the exchange was home to more than 103 million verified users. This makes the company a lucrative target for small-time crooks and state-based hacking groups such as **Lazarus** and others alike.

**The Text Message**

It all started on Sunday, February 5, 2023, when several **Coinbase** employees received text messages asking them to use the link sent by the attacker for an urgent login. While all recipients ignored the text, one employee logged in with his/her username and password.

With the help of the employee’s login credentials, the attacker attempted to access Coinbase’s internal network. However, since the company had enabled multi-factor authentication (**MFA**) for employees, the attacker could not bypass the security feature and was unable to proceed further even after several attempts.

While the attacker was unsuccessful in accessing Coinbase’s system, a limited amount of data from the company’s directory was exposed, including names, email addresses, and phone numbers of a limited number of employees.

**The Call**

The second phase of the attack began with a phone call to the employee’s mobile phone, with the attacker claiming to be a member of Coinbase’s corporate Information Technology (IT) team.

Trusting that the caller was a legitimate **Coinbase** IT staff member, the employee logged into their workstation and began following the attacker’s instructions. However, as the conversation progressed, the employee began to grow increasingly suspicious of the requests being made.

Thankfully, the employee’s suspicions were enough to prevent any damage from occurring. No funds were taken, and no customer information was accessed or viewed during the incident.

Based on the attacker’s modus operandi, Coinbase believes the incident was not an isolated one and is linked to a series of cyberattacks that have taken place recently, including **Twilio**, **DoorDash**, **Zendesk**, **Namecheap** and others.

Coinbase has since released a **statement** urging all employees to remain vigilant against phishing attempts and other forms of cyber attacks. The company has emphasized the importance of verifying the identity of anyone who requests access to sensitive information or systems and has offered resources and training to help employees recognize and respond to potential threats.

This incident serves as a stark reminder of the ongoing threat posed by cybercriminals, and the need for individuals and organizations alike to remain vigilant against these attacks.

By staying informed and taking proactive measures to protect themselves and their information, individuals and businesses can help to minimize the risk of **falling victim to phishing scams** and other forms of cybercrime.

Coinbase’s swift response to the incident demonstrates the company’s commitment to the security and protection of its employees and customers. As the **use of cryptocurrency continues** to grow and evolve, it is crucial that companies in the industry prioritize cybersecurity and take steps to ensure the safety and security of their operations.

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **WallStreetBets loses 2 million to crypto scam**
3.  **Scammers Netted $7.7B of Cryptocurrency in 2021**
4.  **Crooks Leverage MS Team GIFs in Phishing Attacks**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Coinbase Employees Targeted by SMS Phishing Attack

By Habiba Rashid
Europol searched 8 houses in Israel and France, with the main culprit arrested in Israel along with seven others.
This is a post from HackRead.com Read the original post: Franco-Israeli Gang Linked to $40 Million CEO Scam Busted

Europol has dismantled a gang linked to a $40 million CEO scam. Find out more about how this international criminal syndicate was uncovered and who was involved.

The email scam gang behind France’s largest-ever CEO scam has been dismantled after a coordinated police operation across multiple countries was successful in arresting six people in France and two in Israel. 

The Europe-wide operation to track down the Franco-Israeli criminal organization involved the Croatian National Police, the Croatian Anti Money Laundering Office, the French National Police, the French Gendarmerie, the Hungarian Budapest Metropolitan Police, the Israel Police, the Portuguese Judicial Police, and the Spanish National Police.

Law enforcement authorities involved in the operation (Image: Europol)

In early December 2021, one of the gang members, now arrested as a suspect, impersonated the CEO of a metallurgy company in northeastern France and tricked the accountant into making an urgent and confidential transfer of €500,000 ($530,000) which was subsequently spotted and blocked. 

In late December 2021, according to Europol’s press release, Sefri-Cime, a real-estate developer, fell victim to the same group after its members impersonated lawyers working for a well-known French accounting firm. According to Europol, they persuaded the Chief Financial Officer (CFO) to transfer almost €38 million ($40 million) altogether.

The criminal network, consisting of French and Israeli nationals, used a pre-existing money laundering scheme that laundered the funds via European countries, China, and then Israel. An investigation that followed revealed the money mules working for the gang in Croatia, Portugal, and Hungary.

The police were able to seize electronic equipment and vehicles, €3 million from Portuguese bank accounts, €1.1 million from Hungarian bank accounts, €600,000 from Croatian bank accounts, €EUR 400,000 from Spanish bank accounts and €350,000 in virtual currencies. 

The operation continued for five days between January 2022 and 2023 in France and Israel, leading to eight house searches and eight arrests, including the alleged Israeli gang leader, according to Europol.

1.  Leader of BEC Scams Arrested in Nigeria
2.  Firm loses $44m due to an online email scam
3.  US Judge falls for email scam; loses $1 million
4.  74 arrested – FBI disrupts gang of BEC scammers
5.  BEC attack: Nikkei employee transfers $29m to crooks

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Franco-Israeli Gang Linked to $40 Million CEO Scam Busted

By Deeba Ahmed
Samsung Message Guard is a new feature that protects users against zero-click attacks, including those appearing from messaging apps.
This is a post from HackRead.com Read the original post: New Samsung Message Guard protects users against Zero-Click attacks

Samsung Message Guard will inspect the file bit by bit and process it in a controlled environment, thus neutralizing the threat to ensure the malicious file doesn’t infect the device.

Zero-Click attacks have become very powerful and widespread, mainly due to their ease of deployment. With the evolution of zero-click attacks, mobile phone manufacturers, such as Samsung, are also improving their defence mechanisms against such threats. Samsung Message Guard is one such step that prevents users from zero-click exploits on Samsung Galaxy S23 smartphones.

**What are Zero-Click Attacks?**

Zero-click exploits can install malware on a device using just a JPEG or PNG image file. They are pretty dangerous, as the user doesn’t need to interact with the file, such as clicking or tapping on it, to get their device infected. Users cannot detect these exploits while the malicious code steals their private data and transmits it to hackers.

As previously reported, state-sponsored cybercriminals used zero-click attacks to install NSO Group’s spyware Pegasus onto the mobile phones of dissidents, government officials, activists, politicians, and journalists.

**Samsung Message Guard Will Protect Against Zero-Click Attacks**

Samsung Galaxy smartphones are already equipped with advanced safety measures and a powerful Samsung Knox platform that thwart attacks exploiting audio and video formats. With Samsung Message Guard, the company has taken another step to safeguard its devices and restrict their exposure to malicious codes hidden in image attachments.

According to Samsung’s press release, this feature will work on Samsung Messages and Messages by Google. The company will also release an update to make this feature compatible with third-party messaging apps.

> Simply put, Samsung Message Guard automatically neutralizes any potential threat hiding in image files before they have a chance to do you any harm. It also runs silently and largely invisibly in the background and does not need to be activated by the user.
> 
> Samsung

**How Does Message Guard Prevent Zero-Click Attacks?**

You can consider it an advanced sandbox or a virtual quarantine; it will run in the background with the Messages app. As soon as any image file is received, it will be isolated from the rest of the data to prevent any hidden malicious code from accessing the device data or interacting with the OS.

Samsung Message Guard will inspect the file bit by bit and process it in a controlled environment, thus neutralizing the threat to ensure the malicious file doesn’t infect the device.

Message Guard will look for malware in PNG, JPG, JPEG, GIF, ICO, WEBP, BMP, and WBMP formats. The feature will be rolled out to different versions of Galaxy smartphones and tablets running One UI 5.1 or above versions.

New Samsung Message Guard protects users against Zero-Click attacks

By Deeba Ahmed
The web hosting giant GoDaddy has been rattled by an almost two-year-long data breach that went undetected from 2020 to 2022.
This is a post from HackRead.com Read the original post: Hackers Stole GoDaddy Source Code in a Multi-Year Data Breach

In a filing with the Securities and Exchange Commission (SEC), GoDaddy revealed that three serious security breaches had impacted the company, boasting 21 million customers and almost $4 billion in revenue.

On Friday, **GoDaddy**, the world’s leading web hosting firm, confirmed that its network had been impacted by a data breach that started in 2020 and continued until 2022. As a result of this compromise, unidentified hackers stole the company’s source code.

Additionally, part of the stolen data included employees’ and customers’ login credentials. Moreover, the flaw allowed attackers to install malware, which would redirect customers’ websites to malicious domains.

This should not come as a surprise, since GoDaddy has a history of security-related incidents. For instance, **in November 2021**, hackers accessed 1.2 million GoDaddy customers’ accounts.

**In November 2020**, GoDaddy revealed that its employees had been tricked by hackers into modifying the DNS settings of at least two cryptocurrency websites. **In April 2020**, Escrow.com was defaced by hackers after they managed to hack one of GoDaddy’s employees.

As for the recent incident, in a **filing** with the Securities and Exchange Commission, GoDaddy revealed that three serious security breaches had impacted the company, boasting 21 million customers and almost $4 billion in revenue.

The incident started in 2020, and the latest was recorded in 2022. The company noted that a sophisticated hacker group was responsible for all the incidents. This means the same group has repeatedly invaded its networks and may or may not have left, despite the company’s extensive security measures.

The first incident occurred in March 2020, when the attackers obtained login credentials and accessed a limited number of employee accounts and hosting accounts belonging to approximately 28,000 customers. But they couldn’t access the main accounts of GoDaddy customers.

The most recent invasion was noticed in December of 2022. At that time, the attacker accessed the cPanel hosting servers. The company explained that it has responded to subpoenas about the incident that the Federal Trade Commission (FTC) issued in July 2020 and October 2021.

In November 2021, GoDaddy discovered another security breach in which the attacker obtained a password that provided access to GoDaddy’s Managed WordPress service source code.

The attackers gained access in September 2021 and obtained login credentials of WordPress admin accounts, email addresses, and FTP accounts of 1.2 million inactive currently Managed WordPress users. GoDaddy formally disclosed the breach in November 2021.

> “We believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy.”
> 
> GoDaddy

GoDaddy has claimed that it has evidence, and law enforcement authorities have also confirmed that a security breach occurred, performed by an organized and sophisticated group.

Furthermore, the company added that the hackers’ primary targets are hosting services such as GoDaddy, infecting websites with malware, and launching phishing campaigns.

1.  **GoDaddy customers targeted by clever phishing scam**
2.  **Sensitive data on 31,000 GoDaddy servers exposed online**
3.  **Ransomware attack hits SmarterASP.NET hosting’s network**
4.  **Dark web hosting firm quits after hackers delete its database**

Hackers Stole GoDaddy Source Code in a Multi-Year Data Breach

By Waqas
The RailYatri hack took place in December 2022, but the stolen data has only been leaked earlier today on a prominent hacker forum.
This is a post from HackRead.com Read the original post: Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted

Among personal information, the RailYatri hack has also exposed the location details of millions of travellers across India.

RailYatri, a popular **Indian** train ticket booking platform, has suffered a massive data breach that has exposed the personal information of over 31 million (31,062,673) users/travellers. The breach is believed to have occurred in late December 2022, with the database of sensitive information now being leaked online.

The compromised data includes email addresses, full names, genders, phone numbers, and locations, which could put millions of users at risk of identity theft, phishing attacks, and other cyber crimes.

Hackread.com can confirm that the database has been leaked on Breachforums, a hacker and cybercrime forum that surfaced as an alternative to the popular and **now-seized Raidforums**.

Image credit: Hackread.com

**RailYatri and its Data Breach Yatra**

RailYatri means train passenger, while Yatra stands for the journey. The RailYatri data breach is not a typical case of hackers exploiting vulnerabilities, stealing, and leaking data. In fact, it began in **February 2020** when cybersecurity researcher Anurag Sen identified a misconfigured Elasticsearch server exposed to the public without any password or security authentication.

Sen noted that the server belonged to RailYatri and informed the company about the issue, which initially denied that it belonged to them. Later, the company claimed that it was merely test data. At that time, the server contained over 700,000 logs with over 37 million entries in total including internal production logs.

In 2020, Railyatri managed to secure its data only when Indian Computer Emergency Response Team (CERT-In) got involved; however, two years later, on February 16th, 2023, hackers rattled the company with yet another security breach due to a new leak.

Screenshot from RailYatri’s data exposure in 2020 (Image credit: Anurag Sen)

“Back in 2020, when I reached out to Railyatri, they never replied or reached out to me, but after I contacted Cert-In, the server got closed,” Anurag told Hackread.com. “I have reported various data leaks in India; the most common issue I saw is that these companies are not getting fined due to India not having any GDPR-like law,” added Anurag.

**Anurag** believes that the latest data breach could have been avoided “if the company had implemented proper cybersecurity measures from the outset.”

Hackread.com advises all users to change their passwords and enable two-factor authentication on their accounts as a precautionary measure. They have also advised users to monitor their bank accounts and credit card statements for any suspicious activity.

This breach serves as a stark reminder of the increasing frequency and severity of cyber attacks, particularly in the wake of the **COVID-19 pandemic**, which has forced millions of people to rely on online platforms for their daily needs. It highlights the need for companies to prioritize cybersecurity measures and take all necessary steps to protect their customers’ personal information.

1.  **Hackers selling 13TB of Domino’s India data**
2.  **Hackers leak millions of Airtel India user data**
3.  **Hackers leak 9 million Indian job seekers’ data**
4.  **Hacker claims to steal 8.2TB of MobiKwik data**
5.  **India’s COVID-19 surveillance tool leaked user data**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Indian Ticketing Platform RailYatri Hacked – 31 Million Impacted

By Waqas
My QR Code was informed about the leak almost two weeks ago, yet it failed to respond or secure its server.
This is a post from HackRead.com Read the original post: QR code generator My QR Code leaks users’ login data and addresses

At the time of writing, the total number of impacted customers was 65,000; however, at the time of publishing this article, the number had increased to 67,000, meaning the leak is ongoing.

MyQRcode, a popular Sofia, Bulgaria-based QR code generator website, is leaking the personal data of its users. The security breach or data leak has resulted in the leakage of over 128 GB of data, including the personal information of 66,000 customers.

The leak was caused by misconfiguration, making the server publicly accessible to the public without any security authentication or password. What’s worse, it was also noted that the data was being actively updated with new records each day, indicating that the leak was still ongoing.

On the other hand, the leaked data includes personal and login credentials of My QR Code customers, including the following information:

*   Full names
*   Job title
*   Email addresses
*   Password hashes
*   URLs to QR codes
*   Phone numbers
*   Physical addresses
*   Alternative phone numbers
*   Links to social media profiles
*   States, postcodes and country
*   Links to users’ personal, business, or company websites

Security researcher **Anurag Sen** exclusively reported the leak to Hackread.com. Sen discovered the server on Shodan while searching for misconfigured cloud databases.

For your information, **Shodan is an OSINT tool** and a specialized search engine used by cybersecurity researchers to locate vulnerable Internet of Things (IoT) devices, including servers and misconfigured databases on the internet.

Upon further investigation with **CloudDefenseAI**, it was discovered that new records were being actively added to the data each day. For instance, at the time of writing, the total number of impacted customers was 65,000 however at the time of publishing this article, the number increased to 67,000.

This leak can have serious consequences for the affected customers. Cybercriminals and scammers can potentially use the leaked data to carry out identity theft, **phishing attacks**, or physical crimes since the addresses of users are part of the leak.

Here, it is worth noting that the server has been misconfigured since February 4th, 2023. MyQRcode was informed about the leak last week, but the company has not responded or released a statement on the matter. It is also unclear how long the server has been left unprotected, or if it has been accessed by a third party with malicious intent.

In the meantime, Hackread.com can advise customers who have used MyQRcode to generate QR codes to be vigilant about any suspicious activity on their accounts and to monitor their personal information closely. It is also recommended that they change their passwords and enable two-factor authentication wherever possible.

**MyQRcode and GDPR**

The General Data Protection Regulation in Europe (GDPR) applies to Bulgaria, as the country is one of the **27 member states** of the European Union. The GDPR is implemented in Bulgaria through the Personal Data Protection Act (PDPA).

Under the GDPR, the fines for data breaches and other violations of the regulation can be up to 20 million EUR or 4% of a company’s global annual revenue, whichever is higher. In 2019, Commission for Personal Data Protection **issued** a BGN 5.1 million ($2,790,392) fine to the country’s National Revenue Agency for violations of the GDPR.

Nevertheless, the incident once again highlights the importance of proper cybersecurity measures, particularly in a digital world where more and more personal data is being stored online.

Companies must take every possible step to ensure the safety and security of their customer’s data, and failure to do so could result in serious consequences for everyone involved.

1.  **AWS bucket exposed 421GB of Artwork Archive data**
2.  **Misconfigured baby monitors expose video stream online**
3.  **S3 buckets exposed US military social media spying plans**
4.  **ElasticSearch server leaked 579GB of users’ website activity**
5.  **350m email addresses exposed in S3 bucket** **misconfiguration**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism