Facebook Says Previously Undisclosed Theft of 533 Million Users' Data Was Scraping, Not Breach

Signal will handle cryptocurrency payments, New Android malware distributed by faux Netflix tool, EU orgs targeted with intrusions, $38M worth of stolen gift, payment cards sold on forum, more

Don’t miss out on breaking infosec news. Follow us on Twitter for updates.

Follow Us on Twitter

A massive trove of around 533 million Facebook users’ data that is circulating on hacker forums came from a 2019 breach that Facebook did not disclose in any significant detail at the time and only fully acknowledged Tuesday evening. Facebook makes a fine distinction regarding this breach, saying that the data was stolen via scraping and not technically an intrusion into protected systems.

The records stolen by the hackers come from an entirely different data set than any of the other numerous data breaches Facebook has experienced in recent years. The attackers accomplished the data theft by abusing a flaw in a Facebook address book contacts import feature, which Facebook said it patched in August 2019. Facebook says it did not notify users about this exploitation because there are so many troves of semipublic user data taken from Facebook and other companies out in the world

Users can check whether their phone numbers or email addresses were exposed in the leak by checking the breach tracking site HaveIBeenPwned.  (Lily Hay Newman / Wired)

Related: News.com.auPerthNowNews.com.auSilicon RepublicSilicon RepublicTechnology | International Business TimesReddit - cybersecurityMemeburn, MashableTechDatorxda-developersExplicaWiredBleeping ComputerAppleInsiderBlog | Avast ENThe Financial ExpressNDTV Gadgets360.comSecurityWeekDigital JournalTelecomlive.comTech XploreRaw StorySecurityWeekTech ObserverAl BawabaBusiness Insider, SecureReading, Facebook

To extend its privacy protections to payments, encrypted communications app Signal says it's rolling out the ability for some of its users to send money to one another within its fast-growing communications network by integrating support for the cryptocurrency MobileCoin.

The payment feature is currently available only to users in the UK and only on iOS and Android, not the desktop. (Andy Greenberg / Wired)

Related: Gizmodo9to5MacThe VergePocket-lintSlashdotxda-developers, SlashGearTechCrunchAndroid Central, The Mac Observer

Researchers at Check Point found new Android malware on Google’s Play Store disguised as a Netflix tool called FlixOnline, which is designed to auto-spread to other devices using WhatsApp auto-replies to incoming messages.

The FlixOnline app was downloaded about 500 times throughout the two months it was available for download on the store. (Sergiu Gatlan / Bleeping Computer)

Related: Tech Advisor - SecurityZDNet SecurityThe Hacker News, Infosecurity MagazineThe Next Web

Get 50% off for 1 year

According to officials, the European Commission and other EU institutions were the targets of multiple intrusions last month, although no major information breach took place.

The EU has set up a 24/7 monitoring arm and is actively taking mitigation measures, a Commission spokesperson says. (Alberto Nardelli and Natalia Drozdiak / Bloomberg)

Related: SlashdotCyberscoopPYMNTS.comBleeping ComputerSlashdotReutersCyware NewsEU ObserverSecurity AffairsIT ProSecureReading

On April 2, hackers compromised at least one update server of German smartphone maker Gigaset. According to reports from German bloggers, Twitter users, and the Google support forums, they deployed malware to some of the company's customers.

Device owners also reported that their devices sent unsolicited SMS and WhatsApp spam, with some users having WhatsApp accounts suspended for suspicious activity. Moreover, some users also reported losing control over their entire Facebook accounts. Gigaset said it’s working“on a short-term solution for the affected users.” (Catalin Cimpanu / The Record)

Related: Security AffairsThe Hacker News

Senate Homeland Security Committee Chairman Gary Peters (D-MI) and ranking member Rob Portman (R-OH) are pressing the Biden administration for more information on the massive SolarWinds and Microsoft exchange hacks.

The lawmakers sent letters expressing their concerns over the lack of information on the events to Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), and to Federal CISO Christopher DeRusha, who works within the White House’s Office of Management and Budget (OMB).  (Maggie Miller / The Hill)

Related: Courthouse News ServiceThe Seattle TimesThe IndependentNextGovDefense DailyInsideCyberSecurity.com

Researchers at Intel471 say hackers are using a new document builder called EtterSilent to run their criminal schemes.

In one version of EtterSilent, the hackers imitate the digital signature product DocuSign that prompts users to enable macros, which allows the attackers to deliver malware to victims. (Shannon Vavra / Cyberscoop)

Related: SC Media, Intel471

The National College of Ireland and Technological University of Dublin, via its Tallaght campus, were the victims of a “significant” ransomware attack last week.

The schools said there is no evidence that any data, including personal data, has been “ex-filtrated, downloaded, copied or edited.” (TheJournal.ie)

Related: DataBreaches.net, Bleeping Computer, National College of Ireland

A hacker has sold on an underground forum a stash of nearly 330,000 stolen payment cards and 895,000 stolen gift cards with an estimated value of $38 million.

The 895,000 gift cards were from 3,010 companies, including Airbnb, Amazon, American Airlines, Chipotle, Dunkin Donuts, Marriott, Nike, Subway, Target, and Walmart. (Ionut Ilascu / Bleeping Computer)

Related: BiometricUpdateThe SunDataBreachToday.comDataBreaches.net, Gemini Advisory

Give a gift subscription

Security firm Onapsis and German software giant SAP said that hackers are actively targeting unsecured SAP applications in an attempt to steal information and sabotage critical processes.

Onapsis said it detected over 300 successful exploitations out of a total of 1,500 attempts targeting previously known vulnerabilities and insecure configurations specific to SAP systems between mid-2020 to March 2021. (Ravie Lakshmanan / The Hacker News)

Related: CISA.gov, Bleeping ComputerOnapsis

A group of bipartisan lawmakers has asked ad networks such as Google and Twitter what foreign companies they provide user data to over concerns that foreign intelligence agencies could be leveraging the data to harvest sensitive information on U.S. users.

In a letter sent to AT&T, Verizon, Google, Twitter, and several other companies, the lawmakers expressed their concerns that any data provided to foreign intelligence agencies could be used to “inform and supercharge hacking, blackmail, and influence campaigns." (Joseph Cox / Motherboard)

Related: DataBreachToday

Belgian authorities say that decryption of half a billion messages sent using Sky ECC, a now-shuttered encrypted phone company and network popular among drug traffickers, allowed them to seize 27.64 tons of cocaine with a street value of 1.4 billion euros ($1.7 billion) in the industrial port of Antwerp over the past two months.

Sky ECC disputed that their service had actually been hacked or cracked. The company said that a fake version of the app had been illegally distributed and subsequently used to phish users. (Gabriel Geiger / Motherboard)

Related: CNN.comABC.net.au

U.S. phishing-oriented cybersecurity firm Cofense announced it had acquired Cyberfish Security, which claims it provides next-generation phishing protection.

Although the companies didn’t disclose the acquisition price, sources say it was around $100 million. (Meir Orbach / Calcalist)

Related: The Times of IsraelPhishMeIT Web

Photo by Solen Feyissa on Unsplash