Cybersecurity News Update: January 2023

A number of businesses and public organizations fell victim to cyberattacks in January of 2023. Twitter, T-Mobile, US police departments, and more experienced data breaches that led to many customer complaints.

If you’d like to check how strong your cybersecurity is, download DOT Security’s Cybersecurity Checklist: How Covered is Your Business? and begin improving your security standing today.

Hackers Obtain 235 Million Twitter Users’ Emails

An Israeli cybersecurity expert, Alan Gal, found a database of about 235 million emails belonging to Twitter users in an online hacking forum. Gal posted about his discovery on LinkedIn, warning users that malicious hackers, hacktivists, and even governments could use these email addresses to harm users’ privacy.

The emails could be used by hackers to attempt password resets to their Twitter accounts. Additionally, phishing campaigns, which are already on the rise could be sent to the leaked addresses.

Data breaches are often more problematic for people of color and lower income communities, Forbes reported. These demographics reported receiving less notifications about data breaches than average. The news site concludes that it is imperative for sites such as Twitter to mitigate the damage caused by leaks.

As for phishing, it causes 90% of business data breaches. Therefore, organizations should implement cybersecurity training for their whole staff so that they are aware of common phishing techniques.

Related Infographic: Avoiding Phishing Scams: 6 Things to Look Out For!

Confidential Police Data Exposed in Leak

ODIN Intelligence, a tech company that provides apps and services to US police departments, was victim of a hack that stole police reports, confidential data, and tactical plans. The malicious hackers also vandalized ODIN’s website, leaving text that claimed “all data and backups have been shredded.”

The hacker group not only claimed to have “shredded” the company’s confidential data, they also alleged to have exfiltrated it from ODIN’s cloud server, Amazon Web Services.

The message the hackers left asserted the motivation for the data breach was ODIN’s disregard for a previous news article reporting that one of their apps had a cybersecurity vulnerability. SweepWizard, the app in question, is used by police departments to coordinate raids.

Website, app, and network vulnerabilities should always be taken seriously by the organization’s leadership. Cybersecurity experts report new weaknesses whenever these are discovered. Additionally, a risk assessment performed by cybersecurity experts will help companies find and patch any network vulnerabilities.

T-Mobile Loses the Data of 37 Million Customers

T-Mobile, the mobile telephone services provider, was hacked for the eighth time since 2018, according to TechDirt. In a report submitted by the mobile carrier to the US Securities and Exchange Commission, bad actors accessed customers’ data such as their name, billing address, email, phone numbers, date of birth, and T-Mobile account number.

The company states in the report that they believe hackers accessed the data through an API—a software used to share and extract data between networks. They also claim to continue investigations and to continue to invest in their cybersecurity initiatives.

However, many customers express concern and a lack of trust in the company, especially since T-Mobile has suffered multiple attacks in recent years. Some users discussed on social media the possibility of the attack being caused internally.

Other customers claim to be tired of T-Mobile leaving their data vulnerable. “Worst carrier ever,” a Twitter user wrote. Competitor Verizon took advantage of the situation and assured users online that they “strive to provide the great service our customers deserve, and that includes keeping their best interests at heart.”

This case is the perfect example of losing customer trust due to a data breach. We encourage organizations concerned about data breaches to consult a cybersecurity expert to ensure their security strategy is thorough and covers all aspects of their network.

Cybercrime Gang LockBit Hacks Los Angeles Housing Authority

The Housing Authority of the City of Los Angeles (HACLA) lost 15 terabytes of data in a cyberattack. The stolen data included personal information of individuals that received housing assistance, as well as HACLA’s payroll, human resources, and accounting files, according to TechCrunch.

LockBit, a cybercriminal group involved in numerous ransomware attacks, added the HACLA data breach to their dark web listing, claiming responsibility for the attack. While the housing agency has not reported the event as “ransomware,” this is LockBit’s usual form of attack.

Ransomware is a cyberattack in which bad actors exfiltrate an organization’s data, encrypt it, and ask for ransom payment in exchange for a decryption key. Cybersecurity professionals recommend companies do not pay the ransom, since on average, only 4% of organizations get full restoration of their information.

Data encryption and decryption can also be used by companies to protect sensitive data. When private or proprietary data get shared over the internet, this is one tool that can help your business protect its valuable information.

Proactive organizations can benefit from network security monitoring, a cybersecurity service that ensures a secure environment with continuous surveillance of their network.

Video Game Company Experiences Security Breach

Riot Games, a video game company based in Los Angeles, fell victim to a hack that affected its game development environment. The company took to social media site Twitter to announce the breach and to let their followers know that multiple game patches would be delayed.

The cybersecurity incident originated “via a social engineering attack,” Riot Games wrote. Social engineering attacks focus on tricking people into sharing personal information that can be used as a phishing lure in future emails. They can also be used to extract account credentials from unsuspecting users.

For all organizations, people can be the strongest line of defense or the weakest link. Taking advantage of cybersecurity training for employees can aid in increasing cybersecurity literacy among your workforce so that people are more wary of this type of attack. In turn, this will enhance your business’ cybersecurity culture.

Riot Games took the initiative to inform their customers of the breach in social media. Although a few people expressed concern for the projected game delays, many others thanked the company for sharing these updates. “Really appreciate the transparency on this,” one follower said.

Related Blog: Grand Theft Data: Cybersecurity Takeaways from the GTA 6 Leak

Bottom Line 

While avoiding 100% of cyberattacks would be impossible, prevention in the form of the right technology, expert guidance, and awareness training creates a stronghold around most networks that few cybercriminals would be able to penetrate.

Business leaders should consider implementing a cybersecurity strategy in order to proactively defend their networks and prevent cyberattacks like the ones mentioned above.

Are you doing enough to keep your organization’s network secure? Download DOT Security’s Cybersecurity Checklist: How Covered is Your Business? to review your security standing.