Following the lawsuit that Star Health had filed against Telegram and an unknown hacker two weeks ago and amidst the arrest of Telegram Founder and CEO Pavel Durov, a massive data breach has taken place in the country. The name of Star Health and Allied Insurance Co. Ltd. has again made the news and this time, the hacker who is responsible claims that the data was allegedly sold by a senior executive of the company.

Read more about the news below.

Star Health Data Breach – One of India’s Massive Data Breaches

While it is still unclear whether the hacker responsible for this current data breach is the same hacker that Star Health sued two weeks back or not, via the website that has been created now, over 31 million personal data of Star Health customers is at risk. The hacker who has been identified as ‘xenZen’ has listed the entire data set on the website for $150,000 and as smaller batches of 100,000 entries for $10,000 each. 500 data samples have also been provided on the website.

Identity thefts, phishing attempts, targeted scams, financial fraud, account takeover, extortion, and hacking of other related accounts are all some serious consequences that can happen due to such a data leak.

What is more shocking is that, this time, the name of a Senior Star Health Executive has also been linked to the data breach as the hacker claims that the data was sold to him by this person. The hacker also adds that more money was later demanded for backdoor access to information.

An ongoing investigation is currently taking place and the company acknowledged that it was the victim of this cyber attack. The investigation being led by independent cyber security experts, closely working with government and regulatory authority, is duly being reported to the insurance and cyber security regulatory authorities of the country. The company has also approached the Madras High Court regarding the matter as well.

Star Health also adds that Amarjeet Khanuja, the Senior Vice President and Chief Information Security Officer of Star Health, and the accused senior executive, has been cooperating well with the investigation and so far nothing has been found to prove his involvement in the matter. It should also be noted that the operations of the company will not be affected and all services will be provided to customers without any disruptions.

The post Star Health Massive Data Breach Shocks the Country: Over 31 Million Customer Data Leaked appeared first on The Tech Outlook.

Data breach is not an unusual event in the world of the internet though it still does not lessen the seriousness of such incidents. Recently AT&T an American telecommunication company acknowledged the 2019 data leak. As per the report Customer names, home addresses, phone numbers, dates of birth, and social security numbers were part of the leaked data. Similar events have been reported and some are still waiting to be acknowledged. One such largest dataset of leaked credentials named COMB(Combination of Many Breaches) was leaked to the public in 2021. It contains over 3.2 billion credentials combined from various other breaches over the years.

Now you might be asking why the credentials have been made public? This tool makes it easy to search for leaked usernames and passwords, so if you find your credentials, it was leaked and exposed to hackers. This means you need to change the password immediately and enable two-factor identification. This tool is available on proxynova.com.  Apart from this Google can also be helpful to find if your info is found in breaches.  Google’s “dark web report” scans to check if a user’s Gmail address is appearing on the dark web and also recommends steps that the user can take to ensure its security. It is exclusive to selected regions though.

The post If You Find Your Password Here, Its Time To Change It Immediately appeared first on The Tech Outlook.

What if someone whom you trust the most starts revealing your truth to everybody? We know it will be no less than a nightmare. The same is happening with GenDigital and NortonLifeLock which is sending data breach notifications to customers. Basically, this notification notifies them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.

A letter sample has been shared with the Office of the Vermont Attorney General that says the breach is not the reason attack but account compromise is the reason for the attack. Despite this attack, NortonLifeLock has not accepted the compromise of its own system but unauthorized third-party access.

One of the shocking things that came out of the letter is that usernames and passwords are available to be bought on the dark web when a user committed to accessing an account. The firm is trying very hard to cope with this situation by deleting the failed login attempt for a few days.

According to Bleeping Computer, Their internal investigation has revealed that a credentials-stuffing attack has led to the disclosure of users’ account details.

The post NortonLifeLock is sending data breach notifications, get to know more about it appeared first on The Tech Outlook.

Wireless service provider T-Mobile has agreed to pay $350 million to settle complaints resulting from a significant data breach that happened last year. The plaintiffs claim that the theft exposed data on millions of customers.
The settlement was initially made public by the Securities and Exchange Commission (SEC) in a filing in July.

Payments to present and past T-Mobile customers may be a part of the settlement. Naturally, not the entire $350 million will be given to customers. Lawyers need to be paid. In addition, $150 million will be used to enhance T-Mobile security, which the hacker referred to as “awful” in a Wall Street Journal confession.

Users of T-Mobile at the time of the attack may receive $25 if the settlement is approved, according to Reuters. Residents in California could get up to $100. The final amount will presumably depend on how many clients submit claims. The number of customers who were hacked is actually unknown. T-Mobile contests the assertion made by the plaintiffs’ lawyers that there are more than 76 million of them.

What sort of payment should I anticipate from the settlement?

Reuters reports that California residents who are members of the class — in this case, individuals who used T-Mobile in August 2021 — may be entitled to a cash payment of $25 or $100.

It might be far less, depending on how many people respond. Along with settling claims, the $350 million must also be used to resolve outstanding legal fees and administrative expenses. The plaintiffs’ attorneys have the right to ask for up to 30% of the award, per court records.
To compensate them for losses they suffered as a direct result of the breach, some victims may also be qualified to receive payments of up to $25,000.

T-Mobile is also offering two free years of McAfee’s ID Theft Protection Service to anyone who believes they may have been a victim of the breach.

How can I determine whether T-Mobile will pay me?

The full details of T-payment Mobile’s strategy are not yet available to the public. An eligibility notice is normally mailed to the class members.
After being informed, consumers have 90 days to file claim forms or choose to opt out of the settlement and reserve the right to pursue their own independent legal claims, according to court filings.

It could take several months before people find out whether they will get compensation from the settlement.

When are payments distributed?

Members of the qualified class may get paid as early as 2023. T-Mobile shall deliver to the court within 30 days a list of the members of the Class, including, “to the extent available,” their names, addresses, telephone numbers, and email addresses.

Following notification of the qualified parties, claims may be filed. After legal fees are deducted, the funds are distributed to the class members who made claim submissions. That might take months.

The post T-Mobile has agreed to pay $350 million to settle complaints from last year’s data breach appeared first on The Tech Outlook.

Over 1 billion Chinese phone numbers and IMEI numbers have allegedly been leaked, according to CyberKnow. IMEI stands for “International Mobile Equipment Identity.” It’s a unique number for identifying a device on a mobile network. A user named ‘papito’ leaked the phone numbers and IMEI numbers on Breach Forums on Wednesday, 21st September 2022.

A similar case came in July where hackers claimed to have obtained a trove of data on 1 billion Chinese people from a Shanghai police database in a leak that, if confirmed, could be one of the largest data breaches in history.

In a post on the online hacking forum Breach Forums, someone going by the handle “ChinaDan” offered to sell nearly 24 terabytes (24 TB) of data, including “information on 1 billion people” and “several billion case records,” for 10 Bitcoins, or about $200,000. The data leak sparked debate on Chinese social media platforms such as Weibo at first, but censors have since blocked keyword searches for “Shanghai data leak.”

The post Over 1 billion Chinese phone numbers and IMEI numbers are said to have been leaked appeared first on The Tech Outlook.

According to a recent post by Cyber Know and We Leak Database An AWS misconfiguration has led to the leak of around 3.5 TB data of from the Indian university and local government. The claims further state that institutions like Banaras Hindu University, Board of Practical Training (ER) under Ministry of Education, Govt. of India, Jamia Millia Islamia (Central University), Aliah University, Tamil Nadu Public Service Commission ( TNPSC) Government of Tamil Nadu and Hemchand Yadav Vishwavidyalaya Durg CG.

The Twitter handle also published a list of documents and the list of students. They also published the database username and password on their social media platform. We tried to reach out to BHU but weren’t able to receive any reply at the time of framing the article.

Allegedly a misconfigured AWS has exposed a large amount of #Indian university and local government data.#cybersecurity #infosec #databreach #aws #India https://t.co/gqwY1Qluxe

— CyberKnow (@Cyberknow20) September 18, 2022

According to the claims, sensitive documents, emails, env, source code, and many more were exposed publicly. The targeted organizations include Bhupro, Board of Practical Training ( BOPTkolkata), Tamil Nadu Public Service Commission, JMI University, Hemchand Yadav Vishwavidyalaya University, and the Aliah University which is the university in West Bengal.

Misconfigurations are one of the most crucial risks to cloud environments, causing around 65 to 70 percent of all the security challenges in the cloud. Accordingly, the cloud comprises a lot of settings, policies, assets, and services which makes it a worldly environment to fully understand and properly set up. This is very true for those organizations that urgently migrated to the cloud to execute remote work. Unfortunately, when organizations start using any new technology too quickly without fully understanding it causes misconfigurations. Eventually, this led to the data breach of such organizations.

The post AWS misconfiguration exposes the data of Indian government and universities including Banaras Hindu University appeared first on The Tech Outlook.

The Korea Global Forum for Peace (KGFP) has suffered a data breach on Saturday and has exposed the names, affiliations and contact information of event participants.

The ministry’s a high-level email account was compromised and the sensitive information was leaked. After recognizing the attack, the mail account was examined immediately and the required measures were taken.

However, the entity behind this attack is still unknown. However, this attack was initiated because of the high profile participants were there in the event. Accordingly, this year’s event was organized to talk on the North Korea’s nuclear weapons program and ways to lessen the military tensions.

Initially, in the year 2018 too, the North Korean hackers stole the names and addresses of almost 1,000 North Koreans living in the South from the ministry computer systems. However, later it was found that a ministry employee opened a source for the hackers to evade. Consequently, the North Korean hackers distributed a stealthy email to steal through the spear-phishing attacks.

The post The Korea Global Forum for Peace (KGFP) suffers data breach! appeared first on The Tech Outlook.

Neopets, a virtual pet website has issued the details about it’s recent data breach incident which has disclosed the website’s confidential information of more than 69 million members of it. The hackers attacked Neopets IT systems on January 3, 2021 until July 19, 2022.

Accordingly, the data provided by the members while registering or playing the Neopets, included their name, email address, username, date of birth, IP address, Neopets PIN, password, as well as other information. These entire database got hacked by the attacker during this cyberattack.

Hence, Neopets has taken a some of the measures for the betterment of their system’s security and to lessen the cyberattacks in the future. The company has claimed that it has enhanced it’s network monitoring to detect the threats and has also boosted the authentication schemes for strong account access protection. Also, the company has reset the passwords of it’s members and is now working on introducing multi-factor authentication as an added defense layer to it’s users.

The post Neopets reveals about it’s recent cyberattack that continued for 18 months appeared first on The Tech Outlook.

‘START’ (start.ru), a Russian media streaming platform, has confirmed rumors of a data breach affecting millions of users. Network intruders stole a 2021 database from the platform’s infrastructure and are currently sharing samples online, according to the platform’s administrators.

Email addresses, phone numbers, and usernames were all stolen from the database. START considers it uninteresting to most cybercriminals because it cannot be utilized to take over accounts. Financial information, bank card information, browsing history, or user passwords were not affected because they were not stored in the database. START does not require a global reset, although it is suggested that all users change their passwords.

The first reports of a START data breach surfaced on Sunday, August 28, when a 72GB MongoDB JSON dump containing information from around 44 million members began to circulate on a social network.

Many of these entries are related to test accounts. The dump, on the other hand, comprises 7,455,926 unique email addresses, which is most likely close to the actual number of exposed people. Because the records are as recent as September 22, 2021, this occurrence has no bearing on anyone who enrolled with the site after that date.

The difference between START’s announcement and the leaked dump is that the latter contains md5crypt-hashed passwords, IP addresses, login logs, and subscription details that are not contained in the platform’s official statement.

The post A data breach involving 7.5 million subscribers has been confirmed by a Russian streaming provider ‘START’ appeared first on The Tech Outlook.

The biggest natural gas supplier in Greece, DESFA, stated on Saturday that a hack had resulted in a limited range data breach and also an IT system outage.

DESFA revealed that hackers tried to access its network but were blocked by the prompt response of its IT department in a statement sent to the public and distributed to regional news sources on Saturday.

Even if the network breach was minor, some documents and information were accessed and may have “leaked.”

To protect the data of its customers, DESFA turned off some of its online services. However, as professionals strive to carefully restore these services, they will gradually resume their regular activities.

The gas supply won’t be impacted by this mishap, and DESFA guarantees its customers that all input and output points are functioning at their full capacity.

The corporation claims it has notified the national data protection office, the ministry of energy and environment, the national defense department, and the police’s cybercrime unit in order to handle the issue with the least amount of delay and loss.

Finally, DESFA claims that it will never negotiate a ransom payment and that it has a strong policy against doing so.

Ragnar Locker takes responsibility

The ransomware operation Ragnar Locker, a threat actor that started operations more than 2 years ago and has had multiple high-profile cyberattacks in 2021, revealed data on Friday, which led to the verification of the attack.

Even though its volume has decreased from previous years, Ragnar Locker is still operational in 2022. As of January 2022, a recent FBI study connected Ragnar Locker to 52 network intrusions in crucial U.S. infrastructure entities.

On their data leak portal, the threat actors published a list of supposedly stolen material along with a limited collection of stolen documents that don’t seem to contain any classified information.

Ragnar Locker also claims that as part of their extortion attempt, they discovered numerous security flaws on DESFA’s systems and alerted them of them. The threat actors allegedly ignored them, though.

If the victimized firm doesn’t comply with the ransomware perpetrators’ demands, they’ll publish every file associated with the file tree.

This strike comes at a difficult time for European gas suppliers as all of the continent’s nations opted to abruptly reduce their reliance on Russian natural gas, which unavoidably led to issues.

Energy shortages, power outages, rationing, and skyrocketing energy costs are predicted for the forthcoming winter, making consumers even more susceptible to ransomware cyberattacks on gas suppliers.

The post Ransomware-related data intrusion affects a Greek natural gas utility appeared first on The Tech Outlook.