It was an exceptionally hot July in many parts of the world, and cyberspace was no exception. High profile hacks in July affected people in all walks of life, from casual gamers and social media posters to air travelers and medical patients.
Still, we hate to be the bearers of exclusively bad news, so we’ve included one silver lining amongst our usual bank of dark clouds. (We’re still going to make you wait until the end to get the good news, though.)
Let’s look deeper into a few of the cybercrimes that caught our attention this July.
July’s Biggest Cyber Attacks
Twitter and Neopets User Data Gets Scraped
Navigating the always-rocky landscape of social media got even trickier for users of two hugely popular platforms in July.
In one particularly high-profile attack, a bad actor took advantage of a Twitter vulnerability first identified back in January and used it to scrape the site’s data for personally identifiable information. That data turned up on a dark web marketplace in July, with the seller advertising access to private phone numbers and email addresses for around 5.4 million users, including “celebrities, companies, and randoms.”
As disturbing as that attack was, it pales in comparison to a similar breach of Neopets. The high-profile virtual pet and social site reported in mid-July that a cyberattack had stolen the personal data of more than 69 million of its members.
A message posted to a dark web forum claimed that the hacker had stolen Neopets’ “complete database and source code,” with personal data including birth dates, countries, IPs, genders, names, and email addresses. This theft is made even more troubling by the fact that many Neopets users are teens and children.
Records Exposed: Email addresses and personally identifiable user information
Type of Attack: Vulnerability exploits, data scraping
Industry: Social media, gaming
Date of Attack: July 22, 2022
Location: San Francisco (Twitter), New York City (Neopets)
Key takeaway: It’s not like they weren’t warned. In the case of Neopets, this is the latest in an ongoing series of large-scale data breaches that the company seems unable to avoid. In the case of Twitter, which has their own extensive history of breaches, the company paid a reward to a white hat hacker who pointed out this vulnerability months ago. That advance notice seems to have been for naught, emphasizing the importance of acting quickly to close security gaps as soon as they are identified.
Indian Travelers Get Grounded by Walmart-Affiliated Breach
In mid-July, users of the Indian air travel booking site Cleartrip, which is majority-owned by Walmart, began receiving vaguely worded notifications about a data breach that may have exposed “some details which are part of your profile.” The notifications contained no information about when the breach took place or what data was impacted, apart from an assurance that it did not include “sensitive information pertaining to your Cleartrip account.”
Concerned citizens quickly found evidence that Cleartrip user data was being sold on the dark web. That research also indicates that the breach likely occurred in April or May and involved “customer entries info as well as internal company files.” Cleartrip’s response has remained cloudy, other than acknowledging an “anomaly” and suggesting that concerned users change their passwords. Less-than-comforting guidance for thousands of air travelers.
Records Exposed: Unknown personal and business information
Type of Attack: Unverified
Industry: Air travel
Date of Attack: Likely late April or early May, 2022
Location: Mumbai, India
Key takeaway: Even though it’s been demonstrated time and again that transparency is a must for any business hoping to protect its reputation following a data breach, that seems to be a difficult lesson for many organizations to learn. By remaining vague in its response to this attack, Cleartrip is creating unnecessary confusion and inviting speculation from its customers.
Baton Rouge Hospital Ransomware Attack Sows Confusion
Attacks on healthcare facilities are rightly one of the most dreaded aspects of modern cybercrime, and last month showed the chaos that these breaches can create, both online and off. Baton Rouge General Medical Center in Louisiana was hit with a ransomware attack in late June, around the same time hospitals in Georgia and Wisconsin fell victim to similar but apparently unrelated intrusions.
According to the hospital, the ransomware situation took its email, phone, and recordkeeping systems offline, forcing staff to revert to paper records. Statements from the hospital claim that no patient care functions were impacted. At the same time, one prominent online cybersecurity blog claimed to have evidence that patient services had been disrupted and re-routed, and that the attack was the work of the Hive cybercrime collective. That account has been rejected by both Baton Rouge General and a Hive spokesperson, but the claim is still easily findable online, adding to the uncertainty and confusion around attacks like these.
Records Exposed: IT and communications systems
Type of Attack: Ransomware
Date of Attack: June 28, 2022
Location: Baton Rouge, Louisiana
Key takeaway: No matter which account of the incident turns out to be accurate, there are now at least two narratives of the same incident circulating on the internet. That kind of confusion only hurts public confidence, adding a layer of difficulty to an already complicated situation and exposing yet another subtle but damaging side effect of unchecked cybercrime.
FBI Gets a Refund from North Korean Hackers
The world of cybercrime can be overwhelming and depressing, so it’s nice every now and then to close these reports with a glimmer of good news. With that in mind, let’s look at a rare case in which the bad actors didn’t get away with their ill-gotten gains. In 2021, a group of hackers based in North Korea hit a healthcare facility in Kansas with a ransomware attack, shutting down their systems until they received a bitcoin payout.
The administrators in this case made the right move by immediately contacting the FBI. That quick action got federal cybersecurity experts working to retrieve the ransom, which they were most likely able to do in July while the thieves attempted to convert their bitcoin haul into standard currency. Not only did the feds recover the ransom paid by the Kansas hospital, but also those paid by several other healthcare businesses — for a grand total of around $500,000 in recovered funds.
Records Exposed: Unknown
Type of Attack: Ransomware
Date of Attack: May 2021
Key takeaway: While $500,000 is only a small drop in the overall bucket of cash cybercriminal purloin from US businesses each year, it’s encouraging to see that presence of mind and a strong contingency plan can lead to a happy ending. A cybersecurity system that helps you to follow best practices while also planning for the worst can go a long way toward keeping your business functional — even in times of crisis.