Weekly Cybersecurity Recap October 21
Table of Contents
- By Steven
- Oct 21, 2022
Throughout 2022, there have been more breaches than we ever thought. From worldwide companies like SHEIN and Intel to smaller, less heard-of companies like iDealwine, there have been tons of hacks and leaks over the year. Let’s take a look at some of this week’s most notable.
Zoetop is best known as the parent company to SHEIN and Romwe, international clothing retailers known for their exceptionally low prices. They were hacked in 2018, resulting in millions of customers’ data theft. While Zoetop did not release the attack method, we have a pretty good idea of what was affected by the hack. The hack impacted over 46 million individuals, many of them minors. These people had their payment information and other personally identifying information disclosed to the hacker(s). Four years after the breach, Zoetop was hit with a 39 million dollar fine for failing to reveal the magnitude of the violation.
Intel is one of the world's largest and most well-known technology companies. At the beginning of October 2022, an unauthorized actor posted a piece of source code onto GitHub and 4Chan, a chat forum. This code resulted in the leak of almost six gigabytes falling into the hands of malicious actors. Like Zoetop, Intel did not release the nature of the attack. On the other hand, 4Chan users have hacked into company systems before and shared the information with other site users. The main problem with this leak is how bad actors can use the stolen code; while the hackers stole no personal information, the code contained some pieces necessary to create updates for the software. Intel warns users to be on guard regarding suspicious or strangely timed updates.
FamilySearch is a genealogy website run by The Church of Jesus Christ of Latter-day Saints. The company disclosed that it had experienced a data breach in March 2022. The leaked information included names, the genders the users signed up with, the shipping and email addresses of the victims, the account holder’s preferred language, full name, username, and phone number. The company alerted customers via email, telling them of the breach and their involvement, and what information was impacted.
iDealwine is a French company that sells and auctions fine wines– all online. iDealwine has not released the cause of the breach but has taken its website down. The message is first in French, then English, which is unsurprising considering the headquarters of the company is in Colombes, Ile-de-France, France. The breach included the names, phone numbers, emails, and home addresses of the affected customers.
Microsoft is a Washington State-based company specializing in manufacturing and distributing technology and related services. The leak resulted from a server mishap; a misconfigured server was mistakenly posted online. The server contained company names, phone numbers, emails, and their contents and "may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner." There were 65,000 entities affected globally.