Tag: Identity Theft

  • 2.1 Million Photo IDs Stolen in 1.5TB Discord Data Breach

    2.1 Million Photo IDs Stolen in 1.5TB Discord Data Breach

    Key Takeaways

    1. Hackers claim to have breached Discord, holding 1.5 terabytes of age-verification photos, including over 2 million government-issued IDs and selfies.
    2. The breach has led to extortion attempts against Discord, raising concerns about identity theft and phishing threats for its 250 million monthly users.
    3. The incident originated from a compromise of Discord’s third-party customer service provider, Zendesk, rather than a direct breach of Discord’s main system.
    4. Compromised data includes user names, email addresses, partial billing details, IP addresses, and limited internal documents, but does not include full credit card numbers, CVV codes, private messages, or passwords.
    5. Discord is notifying affected users and urging them to remain vigilant for suspicious communications following the breach.

    Hackers claiming to have executed a significant breach on Discord have intensified their threats by asserting they hold 1.5 terabytes of age-verification photos. This includes 2,185,151 images of government-issued identification, such as passports and driver’s licenses, along with selfies that users submitted during automated age verification appeals.

    Extortion and Risks

    The hackers are utilizing the stolen data to blackmail Discord for ransom. This security incident has raised serious concerns about identity theft and phishing threats, especially since Discord has over 250 million active users each month. The breach has sparked widespread worry as users ponder the safety of their personal information.

    Background of the Breach

    The incident was initially brought to light by cybersecurity monitors such as Hackmanac and Discord Previews. The age-verification system in place raises additional issues regarding data retention practices and increasing regulatory demands for age verification in places like the UK and Australia. This breach traces back to September 20, when an unauthorized user compromised Discord’s third-party customer service provider, Zendesk, granting them access to ticket systems without directly breaching Discord’s main framework.

    Discord identified the issue shortly after it occurred and made a public announcement on October 3, clarifying that only a small group of users who had reached out to customer support or trust and safety teams were at risk.

    Details of the Compromise

    In its official communication, Discord described the extent of the breach, noting that the attacker specifically targeted data to use for extortion. This calculated strategy has sent shockwaves through other industries, including cryptocurrency, where Zendesk has provided services to exchanges like BtcTurk and HTX, both of which have experienced multimillion-dollar hacks in the past.

    According to Discord’s press release, the compromised data includes names, usernames, email addresses, and other contact information shared with support, such as partial billing details like payment types, the last four digits of credit cards, and purchase histories. It also involves IP addresses, discussions with customer support agents, and some limited internal documents like training materials and presentations.

    What Wasn’t Compromised

    However, the leaks do not include full credit card numbers, CVV codes, private messages, or passwords. While Discord did confirm that hackers accessed “a small number of government-ID images” from age-verification requests, the hackers claim to possess over two million such files, possibly gathered before automated deletions could take place.

    Discord has commenced sending notifications to those affected and is advising users to stay vigilant for any suspicious messages.

    Source:
    Link

     

    Tags: ,
  • Windows Laptops and Desktops Have Security Flaw for Unauthorized Login

    Windows Laptops and Desktops Have Security Flaw for Unauthorized Login

    Key Takeaways

    1. Vulnerability found in Windows Hello for Business, allowing identity theft by attackers with device access.
    2. “The Face Swap” attack exploits biometric data processing, enabling unauthorized access.
    3. Attackers with administrative rights can alter user biometric identifiers, fooling the system.
    4. Proof-of-concept demonstrated that attackers can impersonate other users on the same device.
    5. Microsoft has been informed, but a comprehensive fix may require a complete system redesign.

    A recent investigation by ERNW, a security research company based in Germany, has uncovered a vulnerability in Windows Hello for Business, which is Microsoft’s system for password-free authentication. This study was part of a project supported by Germany’s Federal Office for Information Security (BSI). The findings reveal that attackers who already have access to a device can take advantage of the system’s design to carry out identity theft.

    The Face Swap Attack

    The attack, called “The Face Swap,” exploits how Windows Hello processes biometric information. Rather than using a person’s biometric data for direct verification, the system unlocks a cryptographic key that is kept on the device. ERNW’s researchers discovered that someone who has administrative rights can reach and alter the database that connects a user’s identity to their biometric template.

    Proof-of-Concept Demonstration

    During their testing, the researchers managed to interchange the identifiers of two users who were registered in the system. This swap completely fooled the system; an attacker could simply sit in front of the camera, and Windows Hello would recognize their face, granting them access to the victim’s account, which includes all corporate network resources, files, and sensitive data.

    In simpler words, on any Windows computer equipped with Windows Hello that has more than one user profile, this security flaw enables anyone with admin rights to impersonate other users within that system.

    Disclosure and Future Implications

    ERNW has informed Microsoft about these vulnerabilities, but they believe that a comprehensive fix is improbable since it would necessitate a complete redesign of the system’s architecture. In another incident, ERNW also reported a significant flaw in Linux systems two weeks ago that allowed attackers unrestricted access to those systems.

    Source:
    link

    Tags: , ,
  • First 48 Hours After Identity Theft: Key Steps to Take

    First 48 Hours After Identity Theft: Key Steps to Take

    Key Takeaways

    1. Act quickly within the first 48 hours after discovering identity theft to minimize damage.
    2. Change passwords to stronger ones, enable two-factor authentication, and monitor unusual activity on accounts.
    3. Freeze credit with major credit bureaus to prevent further identity theft.
    4. Keep detailed documentation of fraudulent charges and communications related to the breach.
    5. Consider using services like Aura to help remove personal data from broker databases and enhance online safety.

    There are countless products and solutions that people often recommend for safeguarding personal data on the internet. Nevertheless, the issue of what steps to take after data has been misused tends to receive less focus.

    Immediate Steps After Identity Theft

    When identity theft occurs, it’s essential to act quickly and decisively to reduce damage and stop any additional fraud from happening. This may include seeking legal advice, such as what Console & Associates, P.C. offers, a law firm noted for its experience in handling class action lawsuits related to data breaches.

    The founder and leading attorney, Richard P. Console, Jr., emphasizes that acting within “the first 48 hours after discovering identity theft” is crucial for minimizing the negative consequences for the victim.

    Recommended Precautions

    During this critical time, the firm advises taking several precautionary measures, including changing passwords—preferably to stronger ones—for any financial or sensitive accounts. Additionally, enabling two-factor authentication and notifications for unusual activity whenever possible, and transferring any automatic payments to new accounts can help prevent missed payments and damage to one’s credit score.

    This advice also applies to those wanting to prevent identity theft. Console & Associates suggests that victims should freeze their credit with all major credit bureaus and ensure that they receive replacement cards, statements, or credentials through their physical mail to prevent further theft.

    Documentation and Next Steps

    Finally, individuals facing this situation should keep a record of everything related to the theft, including fraudulent charges, all communications linked to the breach, and the time spent addressing these issues.

    People may then need to look into different options to recover their lost resources, time, and peace of mind due to the breach of their personal information.

    This could involve using a service that removes personal data from broker databases, with Aura being identified as the top choice for those worried about identity theft in 2025.

    Source:
    Link

    Tags:
  • boAt’s Big Data Breach: 7.5M Customer Records Exposed on Dark Web

    boAt’s Big Data Breach: 7.5M Customer Records Exposed on Dark Web

    Indian electronics brand boAt recently experienced a serious security breach which compromised personal details belonging to approximately 7.5 million customers, as reported by Forbes India. Specifically, personal information including names, addresses, phone numbers, emails addresses and customer IDs had been exposed in this incident.

    On April 5, 2024, hackers under the moniker "ShopifyGUY" published over two gigabytes (GB) of compromised customer information onto dark web platforms for public consumption. Security specialists warn that affected individuals are now exposed to increased risks related to identity theft, financial scams, phishing endeavors and threat actors may exploit stolen data to access bank accounts, conduct illegal transactions or execute targeted fraudulent activity.

    Cybersecurity threat researcher Saumay Srivastava warns that boAt may suffer serious repercussions as a result of this breach, including decreased customer trust and even legal action from third parties. He emphasizes the urgency of implementing robust security protocols given its substantial implications; according to Rakesh Krishnan of NetEnrich Security Services a senior threat analyst it’s probable the hacker accessed and released this data before it hit dark web markets suggesting this breach may help solidify his status within cybercrime networks.

    Security Brigade founder Yash Kadaki notes that data theft has been traded at minimal costs on certain forums, suggesting it could soon spread freely through platforms like Telegram. She warns of scammers taking advantage of such stolen information for deceptive phone and email schemes based on this stolen data – however boAt has yet to publicly acknowledge or provide guidance related to their security breach incident.

    boAt’s Big Data Breach: 7.5M Customer Records Exposed on Dark Web
    Tags: , ,