Weekly Cybersecurity Recap October 14
Table of Contents
- By Steven
- Oct 14, 2022
This year keeps hitting us with breaches; Doordash, Rockstar Gaming, Samsung, and American Airlines highlight some of the biggest from the last few months. These hacks affect millions of customers, leaving them in peril, fear, or distrust. Here, we’ll highlight this week’s most prominent breach headlines and explain a bit about each.
Kiwi Farms is a “free speech” forum used to target specifically transgender and neurodivergent people. This platform is known for bullying, harassment, and stalking, both online and in reality. The forum’s administrator and owner, Joshua Moon, wrote in the forum to alert the users of the breach. The message read, “The forum was hacked. You should assume the following. Assume your password for the Kiwi Farms has been stolen. Assume your email has been leaked. Assume any IP you’ve used on your Kiwi Farms account in the last month has been leaked.” The hacker entered the site and delivered links to users, saying they were to a similar chat forum. When users pressed the links, the hacker deleted their data from the site. Kiwi Farms had its information backed up, so no information was lost permanently.
Medical Review Institute of America
The Medical Review Institute of America (MRIoA) "delivers technology-enabled review services that increase member satisfaction." The institute was hacked in November 2021 and claimed to have immediately stopped the intrusion, and it also said that the bad actors immediately deleted the data from the hacker's servers. A situation like this implies that the attack was ransomware and that MRIoA had paid the ransom. The breach affected all of MRIoA's customers, sources say.
Toyota T-Connect is an app that connects Toyota drivers to their cars’ electronic features. The leak affected 296,019 customers. Toyota has promised that none of the leaked information included names, phone numbers, or card information. The leak was a small piece of source code mistakenly posted on GitHub for almost five years. The code included a back door into the T-Connect system, allowing the bad actor access to certain parts of the app. To say no one accessed the code in nearly five years would be foolish. There is no proof that a third party has been in the system, but Toyota said this was “a situation that can not be completely denied.”
Yup, that’s right. Your neighborhood Walgreens may have been the victim of a security breach, but not the kind you’re thinking. All over the country, Walgreens has been getting robbed at an alarming rate. In Chicago in May 2022, three Walgreens pharmacies were robbed within one hour. The robbers are stealing prescription medication, and these prescriptions contain names, birthdays, medical and insurance information, and more personally identifying information. This means that minors can be affected as well.
Lower Llc. is a mortgage lending company headquartered in New Albany, Ohio. Like many others, this leak was described as a security incident. The company did, however, release a statement, saying, “Our commitment to cyber security is a top priority for Lower and we are continuously identifying opportunities to enhance our measures.” The leak resulted in the personal information of 85,958 customers being released to the bad actor.