We’ve added SEC 8-K Filings as a New Data Collection Source! Read More

Download: The 6 Most Dangerous Security Concerns for 2023 Learn More

Noble hacker steals $24million, returns $2.5million

By Published On: November 4th, 20204 min read

Summary

Every industry is fair game for hackers. One mistake with any account information like reusing or sharing passwords and your […]

Every industry is fair game for hackers. One mistake with any account information like reusing or sharing passwords and your organization can be shaken down for millions. So remember to practice good cybersecurity: do not reuse passwords, always confirm whom you are sharing sensitive information with, and be careful when clicking on suspicious links.

Share this post with your friends as a reminder to why “password” should not be their password

 

Photo by Greyson Joralemon on Unsplash

Hundreds of emailed order confirmations for random strangers were sent to Canadian customers, each containing personal information. Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement giant, each containing an order confirmation for a stranger, the company confirmed the issue. One affected customer posted a screenshot of his inbox on Twitter, filled with random people’s order confirmations, tweeting: “Hey um… I’m pretty sure I received a reminder email for literally every online order that is currently ready for pick up at literally every Home Depot store in Canada. There are 660+ emails. Something has gone wrong.”

 

Photo by Markus Spiske on Unsplash

GPI is a global force in casino gaming equipment, supplying the vast majority of the world’s casino currency. According to a recent interview with a Russian tech blog, REvil hacked and encrypted “absolutely all servers and working computers” at GPI. The hackers also extracted more than 500 gigabytes of data during the breach. Among the files were casino contracts, banking information and technical documents related to GPI products. REvil gave the company 72 hours to respond. Previous victims who failed to open negotiations before the deadline saw sensitive files posted online or sold in underground forums. It’s a tactic that has proven much more effective than simply encrypting a victim’s data. REvil claims that 1 in 3 victims are willing to pay to prevent private data from being exposed.

 

Think sensitive information about you or your business has landed into the hands of hackers? If you suspect your information has been part of a data leak, use HackNotice Instant Check for free and see if your data is being shared by hackers. Simply click HERE and enter the information you want checked.

 

Photo by maxime caron on Unsplash

 

A malicious hacker that attacked Montreal’s transit agency with malware has demanded a ransom of US $2.8m to restore normal network operations. The Société de transport de Montréal (STM) was targeted with ransomware on October 19. The attack knocked the agency’s reservation system for adapted transit offline and caused an outage that affected around 1,000 of STM’s 1,600 servers, 624 of which are considered operationally sensitive.  

 

Photo by Austin Distel on Unsplash

 

Hacker returned $2.5 million while Harvest Finance authors put out a $100,000 reward for anyone who can return the rest of the funds. A hacker has stolen roughly $24 million worth of cryptocurrency assets from decentralized finance (DeFi) service Harvest Finance, a web portal that lets users invest cryptocurrencies and then farm the price variations for small profit yields. In total, the hacker stole $13 million worth of USD Coin (USDC) and $11 million worth of Tether (USDT), according to a transaction ID singled out by Harvest Finance administrators in a subsequent post-mortem investigation. Two minutes after the attack, the hacker also returned $2.5 million back to the platform, but the reasoning behind this operation remains unclear.

Photo by GRAS GRÜN on Unsplash

GrowDiaries, an online community where marijuana growers can blog about their plants and interact with other farmers, has suffered a security breach in September this year. The breach occurred after the company left two Kibana apps exposed on the internet without administrative passwords. Kibana apps are normally used by a company’s IT and development staff, as the app allows programmers to manage Elasticsearch databases via a simple web-based visual interface.

 


That’s this week’s roundup, showing that every industry benefits when good cybersecurity habits are followed. So wash your hands and keep your passwords secure. Thanks for reading, stay safe and we’ll see you next week!

Exclusive offer for Weekly Roundup readers. Get 30% off your first 3 months of HackNotice Premium with coupon code: fall30. Enter that code in the Premium Upgrade page before it expires quick!

Explore other blog posts!