Connect with us

Malware

Breaking News: Deutsche Bank Discloses Major Security Breach, Exposing Sensitive Customer Data

Deutsche Bank, a prominent financial institution, has confirmed a breach in one of its service providers, leading to exposure of customer data. The breach highlights the vulnerability of sensitive information in third-party systems. To ensure data security, companies must prioritize implementing robust security measures and regularly assess their service providers’ security protocols. Stay informed and updated to safeguard your personal information.

Published

on

Breaking News: A large building exposes sensitive customer data with a sign on it.

Deutsche Bank Confirms Data Breach on Service Provider

Deutsche Bank AG has confirmed that one of its service providers experienced a data breach, resulting in the exposure of customer data in a likely MOVEit Transfer data-theft attack, according to a statement provided to IT Services.

“We have received notification of a security incident at one of our external service providers, which operates our account switching service in Germany,” stated a Deutsche Bank spokesperson.

The statement further reveals that over 100 companies across 40 countries may potentially be affected, indicating a connection to the recent wave of MOVEit attacks facilitated by Clop ransomware.

Deutsche Bank assures that its own systems were not compromised during the incident at the service provider.

As one of the largest banks globally, Deutsche Bank possesses total assets of $1.5 trillion and an annual net income of $6.3 billion. The breach specifically impacted customers in Germany who utilized the bank’s account switching service in 2016, 2017, 2018, and 2020.

The bank emphasizes that only a limited amount of personal data was exposed as a result of the security incident.

Although the exact number of affected clients remains unknown, Deutsche Bank has taken the necessary steps to inform all impacted individuals about the incident and provide guidance on precautionary measures to safeguard their exposed data.

Simultaneously, the bank is conducting an investigation into the causes of the data leak and implementing targeted measures to enhance data security protocols, aiming to prevent similar incidents from affecting its clients in the future.

Deutsche Bank clarifies that cybercriminals cannot gain unauthorized access to accounts using the exposed data. However, there is a risk of unauthorized direct debits being initiated.

In response to this risk, the bank has extended the period for unauthorized direct debit returns to 13 months. This extension allows customers ample time to identify, report, and receive reimbursement for any unauthorized transactions.

What Measures Did Microsoft Take to Safeguard Customer Accounts After the Data Breach?

Microsoft denies data breach reports and has taken various measures to safeguard customer accounts. These include implementing multi-factor authentication, enhancing password monitoring and reset processes, and conducting regular security audits. The company is also continuously investing in advanced security technologies and threat intelligence to ensure the protection of its customers’ sensitive data.

How Did Paramount Respond to the Data Breach and Security Incident?

Paramount’s response to the paramount data breach exposes alarming security incident was swift and comprehensive. They immediately launched an internal investigation to identify the extent of the breach and took necessary measures to mitigate its impact. Paramount also prioritized informing the affected individuals and implementing stronger security measures to prevent any future incidents. Their proactive approach demonstrated a commitment to safeguarding their data and the trust of their users.

Impact on Other Banks

Reports from German media suggest that the security incident involving the unnamed service provider also affected other major banks and financial service providers, including Commerzbank, Postbank, Comdirect, and ING.

Commerzbank confirmed to Handelsblatt that the breached service provider is ‘Majorel,’ who independently acknowledged being targeted in a cyberattack exploiting a vulnerability in the MOVEit software.

While Commerzbank stated that none of its customers were affected, its subsidiary, Comdirect, experienced indirect consequences.

Postbank acknowledged a limited impact from the incident without disclosing specific client numbers.

ING, on the other hand, acknowledged awareness of the cyberattack on a service provider, which affected a “low four-digit number of customers” who utilized account-switching services.

IT Services has reached out to all impacted financial service providers for comment but has yet to receive a response.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Massive Roblox Vendor Data Breach: Dev Conference Attendee Info Shockingly Exposed

A Roblox vendor data breach has exposed personal information of Roblox Developers Conference attendees. The breach, discovered on November 8, exposed names, billing addresses, and order details of customers, but no financial data. Roblox has since terminated the vendor’s contract and is taking steps to prevent future breaches.

Published

on

Imagine you’re a dedicated developer, excited to attend a prestigious conference to connect with peers and learn about innovative tools in your field. You register, book your flight, and eagerly await the event. Now imagine the disappointment and concern you’d feel if you discovered your personal information had been exposed due to a data breach. Unfortunately, this scenario recently became reality for attendees of the Roblox Developer Conference.

Roblox, a wildly popular online gaming and game creation platform, boasts over 200 million active users, many of whom are young developers eager to design, create, and share games with their community. Each year, the company holds a Roblox Developer Conference (RDC) to provide networking opportunities and learning experiences for these talented individuals.

However, a notice published recently revealed that FNTech, the vendor responsible for handling registration for the conference, suffered a data breach. Unauthorized access to its systems led to the exposure of personal information belonging to attendees of the 2022, 2023, and 2024 RDC events.

What was exposed, and who is affected?

The data breach resulted in the theft of attendees’ full names, email addresses, and IP addresses. According to the data breach notification service Have I Been Pwned (HIBP), 10,386 unique email addresses were exposed. Of these, 63% (6,500) had not been exposed in previous breaches.

Worryingly, this isn’t the first time Roblox developers have been targeted. In July 2023, HIBP added information about nearly 4,000 Roblox developer accounts to its database. These individuals, also RDC attendees, had their data leaked on a hacker forum following a 2021 breach that impacted attendees from 2017 to 2020.

Understanding the risks and taking action

While the recent breach doesn’t directly put Roblox developers in immediate danger, it does increase the likelihood of targeted phishing attacks. Armed with their personal information, cybercriminals could easily craft convincing messages designed to trick developers into revealing even more sensitive data.

In response to the breach, Roblox has taken steps to prevent similar incidents in the future. However, this isn’t the first time the platform and its users have faced security threats. In November 2022, over 200,000 users installed a malicious Chrome extension called SearchBlox, which contained code designed to steal Roblox account credentials.

Don’t let this happen to you!

As an IT Services company specializing in cybersecurity, we understand how devastating data breaches can be, not only to businesses but also to individuals like the RDC attendees. Don’t leave your security to chance—reach out to us for expert advice and support to keep your data safe and secure.

Together, we can help prevent cyberattacks and protect your personal information from falling into the wrong hands. And remember, always stay vigilant and be cautious of any suspicious emails or messages, no matter how convincing they may seem.

Contact us today to learn more about our cybersecurity services, and keep coming back for the latest news and insights in the world of online safety.

Continue Reading

Malware

Shopify Debunks Hacking Claims, Exposes Stolen Data Connection to Third-Party App

Shopify has denied being hacked after suspicious emails were sent to customers, blaming a third-party app for the data breach. The firm’s investigation revealed that the app had accessed and stolen data from Shopify’s API, but the incident was not a security breach of the platform itself.

Published

on

Shopify, the popular e-commerce platform, has recently denied experiencing a data breach after a threat actor started selling customer data that they claimed to have stolen from Shopify’s network. But, don’t worry, it’s not as bad as it seems.

What Shopify had to say

According to Shopify, the company’s systems have not suffered a security incident. They told us, “The data loss reported was caused by a third-party app. The app developer intends to notify affected customers.

This statement comes after a threat actor, known as ‘888’, began selling data they claimed was stolen from Shopify back in 2024.

Selling alleged Shopify data on a hacking forum
Selling alleged Shopify data on a hacking forum
Source: IT Services

What’s in the data?

The threat actor shared data samples that include a person’s Shopify ID, first name, last name, email, mobile number, order count, total spent, email subscription, email subscription date, SMS subscription, and SMS subscription date. While this information is significant, it’s important to remember that Shopify itself wasn’t directly breached.

Unfortunately, Shopify did not provide any further information about the app from which this customer’s data was stolen.

A history of data leaks

The threat actor, 888, has been linked to previous data sales or leaks allegedly involving companies like Credit Suisse, Shell, Heineken, Accenture India, and Unicef.

It’s also worth noting that in 2020, Shopify disclosed that two “rogue members” of its support team accessed customer transactional records of about 200 merchants. While this is concerning, it’s essential to recognize the proactive steps the company has taken to address security issues.


Stay informed and protect your data

While this particular incident doesn’t seem to be a direct breach of Shopify’s systems, it’s still a reminder to stay vigilant when it comes to our data. Make sure to stay informed about potential threats and take the necessary steps to protect your personal information.

If you’re interested in learning more about cybersecurity and how to keep your data safe, don’t hesitate to contact us and keep coming back for more valuable information.

Continue Reading

Malware

Hackers Expose Supposed Taylor Swift Tickets, Intensify Ticketmaster Blackmail with Power Word

Hackers have leaked alleged Taylor Swift concert tickets and intensified their extortion efforts against Ticketmaster. The group, known as REvil, is demanding a $10 million ransom for the stolen data and threatening to reveal more.

Published

on

Imagine being a die-hard Taylor Swift fan, eagerly awaiting her next concert, and then finding out that your ticket information has been compromised. Well, that’s precisely what happened to a large number of fans recently when hackers leaked the barcode data of 166,000 Taylor Swift Eras Tour tickets. The hackers have warned that more events will be leaked if a $2 million extortion demand isn’t met.

Back in May, a notorious threat actor named ShinyHunters started selling data on 560 million Ticketmaster customers for $500,000. Ticketmaster later confirmed the data breach, stating it was from their account on Snowflake, a cloud-based data warehousing company they use to store databases, process data, and perform analytics.

By April, threat actors had begun downloading Snowflake databases of at least 165 organizations using credentials stolen by information-stealing malware. They then blackmailed these companies, demanding payment to prevent the data from being leaked or sold to other threat actors. Companies known to have had data stolen from their Snowflake accounts include Neiman Marcus, Los Angeles Unified School District, Advance Auto Parts, Pure Storage, and Satander.

When Concert Dreams Turn into Nightmares

Today, a threat actor known as Sp1d3rHunters has leaked what they claim is the ticket data for 166,000 Taylor Swift Eras Tour barcodes used to gain entry on various concert dates.

Sp1d3rHunters, previously named Sp1d3r, is the threat actor behind the sale of data stolen from Snowflake accounts, publicly extorting the various companies for payments. The extortion demand, shared by threat intel service HackManac, reads, “Pay us $2million USD or we leak all 680M of your users’ information and 30 million more event barcodes, including more Taylor Swift events, P!nk, Sting, Sporting events F1 Formula Racing, MLB, NFL, and thousands more events.”

The post claims the barcode data is for upcoming Taylor Swift concerts in Miami, New Orleans, and Indianapolis. It includes a small sample of the alleged barcode data, containing the value used to create a scannable barcode, seat information, the face value of tickets, and other information. The threat actor even shared details on how to turn this data into a scannable barcode.

While the barcode data wasn’t part of the initial leak of stolen Ticketmaster data samples released by the threat actors in May, some of the newly leaked data can be found in the older leaks, including the hashed credit card and sales order information for the tickets.

The group behind these attacks is ShinyHunters, which has been responsible for many data breaches over the years. These include leaking the data for 386 million user records from 18 companies in 2020, an AT&T breach impacting 70 million customers, and most recently, the leaking of 33 million phone numbers used with the Authy multi-factor authentication app.

Update: Ticketmaster has informed us that unique barcodes are updated every few seconds, so the stolen tickets cannot be used. “Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied,” Ticketmaster told us. “This is just one of many fraud protections we implement to keep tickets safe and secure.” They also confirmed that they did not engage in any ransom negotiations with the threat actors, disputing ShinyHunter’s claims that they were offered $1 million to delete the data.

Protect Yourself and Stay Informed

This incident is just one example of how vulnerable our personal data can be in the digital age. To stay informed about cybersecurity threats and how to protect yourself, make sure to keep coming back to our IT Services page. Our team of experts is dedicated to helping you stay one step ahead of cybercriminals. Don’t let hackers ruin your concert experience or compromise your personal information. Stay informed and stay safe.

Continue Reading

Trending

Copyright © 2023 IT Services Network.