Hacks of the Month —November

These are the hacks and attacks that happened during last month. A short recap and rundown of what you might have missed in regards to consumer personal  data exposed. Hacks of the Month —November!

November timeline:

Week 1 (Nov. 1st -10th):


hotel radisson
Radisson Hotel hack

On Nov. 2nd Radisson rewards members personal information has been compromised from the breach on September 11th. Names, physical addresses, email addresses, company names, telephone numbers, and reward numbers were all exposed

 

Week 2 ( Nov. 11th -17th)

twitter-bit

 Google & Target’s Official Twitters Hacked

Nov. 15th Official Google and Target Twitter accounts hacked in bitcoin scam. Managing to compromise Google’s G Suite account claiming that G Suite was now accepting cryptocurrency payments in an effort to promote the crypto currency. A similar attack happen on Targets big box store Twitter account.

 

Week 3: (Nov. 18th – 24th):

ig-hack

Instagram Passwords Exposed 

Nov. 18th The company notified affected users of a security bug that resides in a new feature called “Download Your Data” that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts and other information they have shared on the platform. The issue was “discovered internally and affected a very small number of people” according to a spokesperson for the company.

amazon email logs

Amazon customers emails leaked

Did you get an email from Amazon on Nov. 21st? A few customers reported and asked on social media, Twitter, if the email sent to them was a fake one. The leak mentions only names and email addresses were disclosed “due to a technical error” but Amazon refused to comment further. The big concern here is the brevity of the emails from Amazon other than to say the issue was fixed and not related to a breach.

Week 4: (Nov. 25th – 30th):

informed delivery

USPS exposes 60M users

60 million names, home addresses, phone numbers, emails, and  were exposed over a year ago. We are now (Nov. 23rd) hearing about it during the holidays, the new USPS service called InformedDelivery allows users to view their mail before it arrives. According to Brian Krebs from Krebs on Security identity thieves are using the service to see what mail is arriving at users homes on what days. This would allow them to target checks and important documents containing personal information.

account members breach

Dunkin’ Donuts customer data hacked

On Oct. 31st attackers gained accessed to customers’  DD Perks and Dunkin’ Donuts rewards account information. The company said that it believes the hacker obtained usernames and passwords from other companies —third parties. Gaining information access, they used it to log into some Dunkin’ DD Perks accounts. The company also forced a password reset for all potentially impacted DD Perks account holders to log out and back in using new password.