We round up the week’s most important cybersecurity news.
- PayPal customers were affected by a data breach.
- The Kraken darknet marketplace seized Solaris, a competing platform.
- KFC and Taco Bell restaurants were hit by a ransomware attack.
- Hackers stole personal data of 37 million T-Mobile customers.
\n
\n\n\n
PayPal customers were affected by a data breach
\n\n\n
The payments company PayPal sent data-breach notices to several users following a bot-driven attack using previously stolen login credentials.
\n\n\n
The incident occurred from December 6 to 8, 2022, and affected 34,942 customers who had not enabled two-factor authentication in their accounts. Over two days the attackers had access to full account names, dates of birth, mailing addresses, Social Security numbers, and Taxpayer Identification Numbers.
\n\n\n
PayPal said it promptly limited access to the platform and reset compromised passwords.
\n\n\n
Potential attackers could have accessed transaction histories, PayPal invoices, and data on linked bank cards. However, the company stressed that the attackers did not attempt or were unable to complete any transactions.
\n\n\n
The payments platform believes its systems were not breached and is conducting an internal investigation. Affected users will be able to use Equifax’s identity-verification service for free for two years.
\n\n\n
The Kraken darknet marketplace seized Solaris, a rival platform
\n\n\n
Representatives of the Kraken darknet marketplace said they had hacked their major competitor Solaris.
\n\n\n
📢2023’s first “Friday the 13th” proved to be unlucky for some in the dark web ecosystem. Solaris, one of the leading dark web drug markets, was taken over by a rival market named Kraken. https://t.co/c86dZftQuW#solaris #crypto #darkweb
— elliptic (@elliptic) January 19, 2023
According to them, within three days they managed to seize the marketplace’s infrastructure, its GitLab repository and all source code of the project, thanks to \”massive coding errors\”. Kraken also shut down Solaris’s Bitcoin server, which Elliptic researchers confirm.
\n\n\n
\n\n\n
As of writing, Solaris’s Tor site redirects users to Kraken. Analysts attribute the move to Kraken’s bid to lure a broader audience away from its rival.
\n\n\n
Solaris’s administration has not yet issued any statements about the platform’s status or the justification for Kraken’s claims.
\n\n\n
Ransomware attack hits KFC and Taco Bell restaurants
\n\n\n
Yum Brands, the parent company of KFC, Pizza Hut and Taco Bell, confirmed a theft of corporate data as a result of a ransomware attack.
\n\n\n
The incident led to the outage of some IT systems. About 300 restaurants in the UK were forced to suspend operations for 24 hours.
\n\n\n
Yum Brands stressed that there is no evidence of customer data theft.
\n\n\n
It is not yet known when the ransomware attack began or how the company’s systems were compromised. An internal investigation is underway.
\n\n\n
Hackers stole personal data of 37 million T-Mobile customers
\n\n\n
The operator T-Mobile confirmed the breach of data from 37 million customer accounts via one of its APIs. The company did not specify how the vulnerable interface was used.
\n\n\n
The first breach dates to around November 25, 2022, but T-Mobile detected malicious activity on January 5, 2023 and, the next day, cut the attacker off from the API.
\n\n\n
Among the compromised data were name, billing address, email, phone number, date of birth, T-Mobile account number, and plan details.
\n\n\n
The company clarified that the hacker did not gain access to driver’s licenses, government IDs, Social Security numbers, tax identifiers, passwords, PINs, payment card information, or other financial information on customer accounts.
\n\n\n
T-Mobile has notified US federal agencies and is investigating the breach with law enforcement.
\n\n\n
Experts observed an attack via blank images in emails
\n\n\n
Hackers learned to bypass VirusTotal by embedding malware in blank images in emails. Researchers at Avanan flagged this.
\n\n\n
The attack is carried out via an embedded blank SVG image encoded using Base64. The file contains JavaScript that redirects the victim to a malicious URL for further infection.
\n\n\n
Users are advised to exercise caution with any emails containing HTML or HTM attachments.
\n\n\n
Also on ForkLog:
\n\n\n
- In Chainalysis, a significant drop in ransomware earnings of bitcoins.
- The 1774 ETH stolen from the Raydium protocol passed through Tornado Cash.
- The Ukrainian State Financial Monitoring Service reported the blocking of Bitcoin exchangers in the Russian Federation.
- Waves DEX users reported issues with withdrawing USDT and USDC.
- The Bitzlato crypto platform reported a hack. Its founder was arrested in Miami.
- Four Britons were jailed for money laundering of $26 million in cryptocurrencies.
- Binance and Huobi froze funds linked to Harmony One hack with $2.5m in BTC.
- A user blamed malware from Google advertising for losses of digital assets.
- Experts described a new scheme for stealing Telegram channels.
\n\n
What to read this weekend?
\n\n
We examine the 3Commas API key leak incident with HAPI analysts.
\n\n\n
Read ForkLog’s Bitcoin news in our Telegram — cryptocurrency news, prices and analysis.
“