Security Breach – 13th May 2022

dark web large

Security Breach – 13th May 2022

User credentials are the key that unlocks the door to an organization’s systems and data. Unfortunately, it’s far too easy for bad actors to get a copy of that key on the dark web.

An estimated 15 billion unique logins are circulating on the dark web right now.
The average organisation is now likely to have 17 sets of login details exposed on the dark web.
The credentials of 133,927 C-level Fortune 1000 executives are accessible in dark web markets.
There has been a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web since 2020.

The number of credential compromises that we discover just keeps getting bigger as time goes on, and the likelihood of a nasty credential compromise-related surprise is constantly increasing for companies of every size in every sector.

Recent Breaches

 
Australia – Naru Police Force – Law Enforcement Agency

Exploit: Hacking

Risk to Business: Moderate: The Anonymous collective released 82GB worth of emails apparently belonging to the Nauru Police Force on May 2 as a protest against the alleged ill-treatment of asylum seekers and refugees carried out by the Naru Police Force on behalf of the Australian government. The total number of leaked emails is reported to be 285,635 and the data is available for direct and torrent download. Anonymous claims that the stolen emails contain details of a cover-up of abuses against prisoners in refugee camps on the island by the Nauru Police Force and the Australian government.   

Risk to Exploited Individuals: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted: Hacktivisim isn’t only a factor in nation-state cybercrime and could impact all kinds of businesses and institutions.

Canada – Ikea – Home Goods Retailer

Exploit: Insider threat

Risk to Business: Moderate: Furniture and home goods giant IKEA announced that it had experienced a data breach in its Canadian operations that impacted an estimated 95,000 customers. The company said that sensitive customer information was mistakenly provided to an employee in an internal search between March 1 and March 3, 2022. No specifics about the compromise data were offered beyond confirmation that no financial or banking information was accessed. IKEA says that it has notified any customers that were impacted by the breach and the Office of the Privacy Commissioner of Canada.

Risk to Exploited Individuals: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted:  Unknown

Germany – Sixt – Car Rental Company

Exploit: Hacking

Risk to Business: Severe: Major car rental company Sixt has suffered IT disruptions at some locations in the wake of a cyberattack. The company says that the attack on April 29 forced them to restrict access to all their internal IT systems, snarling operations for clients and agents. The nature of the attack was not disclosed, and the incident remains under investigation. Sixt rents out cars from over two thousand locations in more than 100 countries. 

Risk to Exploited Individuals: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted:  Unknown

Talk to a TCT team member today about implementing cyber security and phishing training plan for your staff.

Robert Brown
13/05/2022

Follow us on LinkedIn: 

Related Articles:
What type of hacker is endangering your business data?
The Escalating Cyber Threat