Connect with us

Malware

Breaking: Dymocks Booksellers Hit by Massive Data Breach, Exposing 836k Customer Records

Dymocks Booksellers, a leading Australian bookstore chain, has fallen victim to a massive data breach, impacting a staggering 836,000 customers. The breach exposed personal information, including names, email addresses, and order details. This unfortunate incident highlights the urgent need for businesses to prioritize robust cybersecurity measures to protect customer data from falling into the wrong hands.

Published

on

A man and woman sitting in a book store.

Dymocks Booksellers Data Breach Exposes Customer Information

Dymocks Booksellers, a popular bookstore chain operating 65 stores in Australia, New Zealand, and Hong Kong, has issued a warning to its customers regarding a data breach. The company’s database was shared on hacking forums, leading to the exposure of personal information.

As an online shop that sells printed books, e-books, stationery supplies, games, and digital media, Dymocks is committed to ensuring the security of its customers’ data. However, on September 6th, 2023, it was informed by Troy Hunt, the creator of the data breach notification service ‘Have I Been Pwned’ (HIBP), that its customer data had been stolen and released on a hacking forum.

In a notice posted on Dymocks’ website, the bookstore assures customers that there is no evidence of penetration on its computer systems. Nevertheless, the company is currently investigating a potential security breach on third-party partners.

The investigation conducted by Dymocks and its contracted experts has revealed that certain customer information has been compromised. This includes full names, dates of birth, email addresses, postal addresses, gender, and membership details such as gold expiry date, account status, account creation date, and card ranking. It is important to note that Dymocks does not store customer financial information, so no financial details have been exposed.

The data leaked online consists of 1.2 million user records for 836,120 unique Dymocks accounts, as confirmed by ‘Have I Been Pwned’. Dymocks has already notified the relevant authorities about the incident and is taking steps to complete its investigation and implement additional security measures to prevent similar incidents in the future.

Despite the data breach, Dymocks reassures its clients that it is still safe to make purchases on its online shop. However, it strongly recommends that users change their account password as a precautionary measure.

Data Already Widely Circulated

Troy Hunt reports that Dymocks customer data has been circulating in various Telegram channels and hacking forums since at least June 2023. This means that cybercriminals have had ample opportunity to exploit the leaked dataset in phishing and scamming attacks targeting Dymocks’ clients.

Recent findings by BleepingComputer indicate that the stolen database was offered for sale on the BreachForums hacking forum. This highlights the potential risks associated with the data breach.

How Were the 7 Million Users Affected in the Freecycle Data Breach?

The freecycle data breach affects millions as the personal information of 7 million users was compromised. This breach has serious implications for these individuals, exposing them to potential identity theft and other cybercrimes. Measures need to be taken to address the aftermath and ensure the affected users’ safety and security.

What Dymocks Customers Should Do

While passwords do not appear to have been exposed in the data breach, it is strongly advised that Dymocks customers change their passwords on the site as a precautionary measure. Additionally, if the same password was used on other sites, it should be changed there as well.

When changing passwords, it is crucial to use unique and strong passwords for each site to minimize the impact of data breaches on other accounts. To simplify this process, it is highly recommended to use a password manager.

Lastly, Dymocks customers should remain vigilant for any suspicious emails requesting credit card or login information. These could be targeted phishing scams resulting from the data breach.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Exclusive: New York Times Source Code Hacked – Cybercriminals Exploit Vulnerable GitHub Token

An exposed GitHub token led to hackers stealing the New York Times’ source code. The attackers exploited the misconfigured token to gain access to the newspaper’s private repositories, highlighting the importance of securing GitHub tokens and the risks of leaving sensitive information exposed online.

Published

on

Imagine waking up one day, sipping your coffee, and scrolling through your social media feed only to find out that your company’s sensitive data and source code have been leaked on an online message board. That’s precisely what happened to The New York Times when its internal data was stolen from the company’s GitHub repositories in January 2024 and later leaked on the 4chan message board. And we, at IT Services, are here to tell you all about it.

What Exactly Was Stolen?

As first reported by VX-Underground, an anonymous user posted a torrent containing a whopping 273GB of stolen data from The New York Times Company. This data included “basically all source code,” with around 5,000 repositories and 3.6 million files in total.

From what we can tell, the data stolen spans a wide variety of information, including IT documentation, infrastructure tools, and even source code for the popular Wordle game. The fact that such a diverse range of information was taken highlights the need for robust cybersecurity measures.

How Did This Happen?

According to a ‘readme’ file in the stolen data archive, the threat actor responsible for this breach managed to access the company’s repositories using an exposed GitHub token. In a statement provided to us, The Times confirmed that the breach occurred in January 2024 after credentials for a cloud-based third-party code platform (which was later revealed to be GitHub) were exposed.

“The underlying event related to yesterday’s posting occurred in January 2024 when a credential to a cloud-based third-party code platform was inadvertently made available. The issue was quickly identified and we took appropriate measures in response at the time. There is no indication of unauthorized access to Times-owned systems nor impact to our operations related to this event. Our security measures include continuous monitoring for anomalous activity.”

❖ The New York Times

It’s important to note that The Times stated that the breach of its GitHub account didn’t affect its internal corporate systems and had no impact on its operations, which is a small silver lining in this story.

Not the Only One

Interestingly, The Times’ leak wasn’t the only one that happened on 4chan that week. The first leak involved 415MB of stolen internal documents for Disney’s Club Penguin game. We were told by sources that this leak was part of a more significant breach of Disney’s Confluence server, where threat actors stole 2.5 GB of internal corporate data. At this time, it’s unclear if the same person conducted both the New York Times and Disney breaches.

What Can We Learn From This?

The breaches of The New York Times and Disney serve as stark reminders of the importance of robust cybersecurity measures. Companies, big and small, need to invest in their cybersecurity infrastructure and adopt best practices to protect their sensitive data and intellectual property. Remember, it only takes one weak link in the security chain for threat actors to exploit and gain unauthorized access.

If you’re looking for guidance on how to strengthen your cybersecurity defenses or simply want to learn more about the latest threats and trends, don’t hesitate to reach out to us. We’re always here to help you stay one step ahead of the hackers. Keep coming back to learn more!

Continue Reading

Malware

Wake-Up Call: The RansomHub Data Breach Impacting Christie’s Clients

Why You Should Be Concerned About the RansomHub Data Breach



It’s a brisk morning, and just like that, you receive a notification email from a prestigious auction house, Christie’s. You’re a valued client, and they’re letting you know that your sensitive personal information has been compromised in a recent data breach. You’re not alone – countless other clients have received similar notifications. The culprit? A cybercriminal group called RansomHub. This is a wake-up call, my friend, and it’s time to talk about cybersecurity.



Inside the RansomHub Data Breach



Imagine a thief breaking into your home and holding your valuable possessions ransom. RansomHub operates similarly, but in the digital world. They infiltrate a company’s network, steal sensitive data, and demand a hefty ransom in exchange for not leaking the information. In Christie’s case, they couldn’t prevent the breach. Their clients’ data, including names, addresses, and financial information, is now at risk. The question isn’t whether or not you should be worried—it’s how worried you should be.



Why This Matters to You



It’s not just about Christie’s clients. The fact is, data breaches are becoming more and more common. In 2021 alone, there were over 1,200 reported data breaches, impacting over 300 million individuals in the U.S. It’s clear that no one is immune, and everyone needs to take cybersecurity more seriously. Even if you haven’t been directly affected by the RansomHub breach, it’s a stark reminder that your personal information could be at risk at any moment.



What You Can Do to Protect Yourself



Feel like you’re being followed in a dark alley? It’s time to take action. Here are some simple steps you can take to safeguard your sensitive data:




  1. Regularly update your passwords: Use different, complex passwords for each of your accounts and change them periodically.

  2. Enable multi-factor authentication: Add an extra layer of security by requiring a unique code or fingerprint to access your accounts.

  3. Monitor your accounts closely: Keep an eye out for any suspicious activity or unauthorized access to your accounts.

  4. Stay informed about the latest cybersecurity threats: Knowledge is power, so keep up-to-date with the latest news on data breaches and cybersecurity trends.



Together, We Can Combat Cybersecurity Threats



It’s time to step up and protect ourselves, our businesses, and our personal information from cybercriminals like RansomHub. By staying informed, taking proactive steps to safeguard our data, and encouraging others to do the same, we can make a difference in the fight against cybercrime.



Don’t let this wake-up call go unanswered. Contact us today to learn more about how you can protect yourself from data breaches and keep coming back for the latest cybersecurity updates.

Why Cybersecurity Matters: A Personal Insight

Picture this: You’re sitting in your favorite coffee shop, sipping on a latte, and catching up on your emails. You click on a seemingly harmless message, and suddenly, you’re locked out of your account. Your passwords have been compromised, and your personal information is at risk. Sounds terrifying, right? Well, it’s time we talk about cybersecurity and why it’s essential in today’s digital world.

Understanding the Threat Landscape

Think of cybersecurity like a game of chess. To win, you need to understand the board and anticipate your opponent’s moves. In the digital realm, your opponents are cybercriminals, and their moves are constantly changing. According to Cybersecurity Ventures, cybercrime is predicted to cost the world $10.5 trillion annually by 2025, a staggering figure that highlights the importance of staying ahead of these threats.

So, Who’s At Risk?

The short answer? Everyone. From individuals to large corporations, no one is immune to cyberattacks. A recent high-profile example is the Christie’s Ransomhub data breach, where the esteemed auction house’s clients had their personal information exposed. It just goes to show that even well-established organizations can fall victim to cybercrime.

Protecting Your Digital Kingdom

Imagine your digital life as a castle. You need to fortify it with strong walls, a moat, and guards to keep intruders at bay. Here are some simple steps to help protect your online identity:

  1. Use strong, unique passwords for all your accounts, and consider using a password manager to keep track of them.
  2. Enable two-factor authentication wherever possible, adding an extra layer of security.
  3. Keep your software up to date, as outdated software can be vulnerable to attacks.
  4. Be cautious with public Wi-Fi, and consider using a VPN to encrypt your data while connected to unsecured networks.
  5. Stay informed about the latest threats and how to protect yourself from them.

A Call to Action

Now that you know the importance of cybersecurity and how to defend your digital castle, it’s time for action. Stay vigilant, and don’t let your guard down. And remember, we’re here to help you navigate the ever-evolving world of cybersecurity. So reach out to us with any questions, concerns, or if you just want to learn more. Let’s work together to protect your digital kingdom!

Published

on

Imagine having your sensitive personal information exposed to the world. That’s the reality for many individuals who’ve fallen victim to the RansomHub ransomware gang, and one of their recent targets was the British auction house Christie’s.

Christie’s Suffers Security Breach

On May 9, 2024, Christie’s discovered a security breach that affected some of its systems. They immediately took measures to secure their network and called in external cybersecurity experts to help investigate the incident’s impact. The auction house also notified law enforcement and is now working to support their investigation.

During the analysis of the breach, Christie’s found that a threat actor accessed and extracted customer files between May 8 and May 9. Following the investigation, Christie’s reviewed the accessed files to identify individuals whose information may have been affected, obtain their contact information, and alert them of the incident after completing the review on May 30.

In the data breach notification letters sent to affected individuals, Christie’s stated that they are “not aware of any attempts to misuse your information as a result of this incident.” They also mentioned taking additional steps to secure their systems and continue evaluating technical and organizational measures to avoid a recurrence of a similar incident.

To help impacted people, Christie’s is offering a free twelve-month subscription to the CyEx Identity Defense Total identity theft and fraud monitoring service. This service will alert individuals of changes to their Experian, Equifax, and TransUnion credit files, helping them spot any potentially fraudulent activity on their credit reports.

RansomHub Claims Responsibility

Although Christie’s didn’t name the attackers behind the May breach, the RansomHub gang added the auction house to its dark web leak portal. They claimed to have breached Christie’s systems and stolen sensitive client data, including full names, addresses, ID document details, and other personal information of at least 500,000 clients.

RansomHub has since updated the Christie’s entry, saying that they’ve sold the stolen data on their own auction platform. However, we couldn’t independently verify the threat actors’ claims that they sold the data.

While RansomHub is a relatively new operation, they demand ransom payment from victims in exchange for not leaking files stolen during attacks. If negotiations fail, they often auction the stolen files exclusively to the highest bidder. They’ve recently claimed the breach of leading U.S. telecom provider Frontier Communications, which had to shut down its systems in April to contain a cyberattack. The company warned 750,000 customers this week that their information was exposed in a data breach.

How Can You Protect Yourself?

Unfortunately, data breaches are becoming increasingly common, and even high-profile organizations like Christie’s aren’t immune. It’s more important than ever to stay informed and take steps to protect your personal information. Regularly monitoring your credit reports, using strong, unique passwords, and being cautious about the information you share online are all essential.

Don’t wait until it’s too late. Reach out to IT Services to learn more about how you can protect yourself in this ever-evolving digital landscape. Stay informed, stay protected, and keep coming back for the latest cybersecurity insights.

Continue Reading

Malware

Frontier Alerts 750,000 Customers of Data Breach Following Intense Extortion Threats

US internet service provider Frontier Communications has warned 750,000 customers of a potential data breach after extortion threats were received. The company is investigating the breach and has alerted the FBI, while customers are being offered free identity protection services.

Published

on

Imagine you’re a Frontier Communications customer, and you just found out that your personal information was exposed in a data breach. You’re one of 750,000 customers affected by an April cyberattack carried out by the RansomHub ransomware operation. How would you feel? Your privacy has been invaded, and you’re now at risk for identity theft and other potential harm.

For those of you who may not know, Frontier is a major U.S. communications provider that delivers gigabit Internet speeds over a fiber-optic network to millions of consumers and businesses across 25 states. In mid-April 2024, the company fell victim to a cyberattack, which allowed hackers to access customers’ personal information stored on its systems.

According to the data breach notification sent to impacted customers, the breach exposed the full names and Social Security Numbers (SSNs) of 751,895 customers. Fortunately, no customer financial information was compromised in this incident.

Since discovering the breach, Frontier has informed regulatory authorities and implemented additional measures to strengthen its network security. Investigations on the incident’s impact are currently underway. Impacted clients are also being offered one year of free credit monitoring and identity theft services through Kroll.

Many Frontier customers reported that their Internet connection went down during the attack, and support phone numbers played prerecorded messages instead of connecting to a human operator. This shows the far-reaching effects of a cyberattack on both individuals and businesses.

Who’s Behind the Attack?

RansomHub, an extortion group, claimed responsibility for the attack on Frontier earlier this week. They added Frontier Communications to their extortion portal on the dark web, threatening to leak 5GB of data allegedly stolen during the attack, containing the information of 2 million customers.

The group has given Frontier until June 14 to respond to their demands, or they will sell the data to the highest bidder. This leaves Frontier customers vulnerable to potential scams and identity theft.

RansomHub was recently exposed as a likely buyer of the Knight ransomware source code, but they rarely use encryption in their attacks, typically limiting the scope to data-theft-based extortion. In the case of Frontier Communications, there’s no mention of encryption or reports about service outages apart from those linked to the containment measures in mid-April.

What Can You Do to Protect Yourself?

If you are a Frontier customer, it is essential to take precautions to protect your personal information. Here are some steps you can take:

  • Treat unsolicited communications with caution and avoid sharing information with people you don’t know.
  • Reset your account passwords to prevent unauthorized access.
  • Monitor your bank statements for suspicious activity.

It’s crucial to stay vigilant and proactive in protecting your personal information from cyber criminals. While companies like Frontier are continually working to improve their cybersecurity measures, it’s ultimately up to each of us to take responsibility for our own safety in the digital world.

If you want to learn more about protecting yourself from cyberattacks and staying informed about the latest cybersecurity news, we encourage you to keep coming back to IT Services. We’re here to help you navigate the ever-changing landscape of cybersecurity and provide you with the tools and knowledge you need to stay safe online.

Continue Reading
Advertisement
Malware12 hours ago

Exclusive: New York Times Source Code Hacked – Cybercriminals Exploit Vulnerable GitHub Token

Malware2 days ago

Wake-Up Call: The RansomHub Data Breach Impacting Christie’s Clients

Why You Should Be Concerned About the RansomHub Data Breach



It’s a brisk morning, and just like that, you receive a notification email from a prestigious auction house, Christie’s. You’re a valued client, and they’re letting you know that your sensitive personal information has been compromised in a recent data breach. You’re not alone – countless other clients have received similar notifications. The culprit? A cybercriminal group called RansomHub. This is a wake-up call, my friend, and it’s time to talk about cybersecurity.



Inside the RansomHub Data Breach



Imagine a thief breaking into your home and holding your valuable possessions ransom. RansomHub operates similarly, but in the digital world. They infiltrate a company’s network, steal sensitive data, and demand a hefty ransom in exchange for not leaking the information. In Christie’s case, they couldn’t prevent the breach. Their clients’ data, including names, addresses, and financial information, is now at risk. The question isn’t whether or not you should be worried—it’s how worried you should be.



Why This Matters to You



It’s not just about Christie’s clients. The fact is, data breaches are becoming more and more common. In 2021 alone, there were over 1,200 reported data breaches, impacting over 300 million individuals in the U.S. It’s clear that no one is immune, and everyone needs to take cybersecurity more seriously. Even if you haven’t been directly affected by the RansomHub breach, it’s a stark reminder that your personal information could be at risk at any moment.



What You Can Do to Protect Yourself



Feel like you’re being followed in a dark alley? It’s time to take action. Here are some simple steps you can take to safeguard your sensitive data:




  1. Regularly update your passwords: Use different, complex passwords for each of your accounts and change them periodically.

  2. Enable multi-factor authentication: Add an extra layer of security by requiring a unique code or fingerprint to access your accounts.

  3. Monitor your accounts closely: Keep an eye out for any suspicious activity or unauthorized access to your accounts.

  4. Stay informed about the latest cybersecurity threats: Knowledge is power, so keep up-to-date with the latest news on data breaches and cybersecurity trends.



Together, We Can Combat Cybersecurity Threats



It’s time to step up and protect ourselves, our businesses, and our personal information from cybercriminals like RansomHub. By staying informed, taking proactive steps to safeguard our data, and encouraging others to do the same, we can make a difference in the fight against cybercrime.



Don’t let this wake-up call go unanswered. Contact us today to learn more about how you can protect yourself from data breaches and keep coming back for the latest cybersecurity updates.

Malware3 days ago

Frontier Alerts 750,000 Customers of Data Breach Following Intense Extortion Threats

Trending

Copyright © 2023 IT Services Network.