Major data leaks in October 2024

October was marked by several high-profile data leaks, underscoring the continued urgency of decisive cyber security measures. From tech giants to healthcare providers, many sectors have experienced critical security incidents that have exposed sensitive data. In this blog, we explore the biggest data breaches of October 2024, exploring their causes and implications for businesses and users. Here’s a breakdown of the key incidents.

1. Fidelity data leak exposes 77,000 customer records

In a recent security incident, Fidelity Investments, a large financial services firm, exposed the data breach of approximately 77,000 customers. The breach resulted from unauthorized access to a limited set of customer information, including names, addresses, social security numbers and account numbers.

Fidelity discovered the breach in August 2023 and immediately began an investigation to determine the extent of the compromise. The company has taken steps to protect its systems and is working closely with law enforcement to identify criminals.

Affected customers were notified individually and offered identity theft protection services. Fidelity encourages customers to remain vigilant and monitor their accounts for any unusual activity.

2. The Cisco data breach puts sensitive data at risk

In a recent cyberattack, Cisco, a major technology company, reportedly suffered a data breach that could have compromised sensitive information belonging to several prominent organizations. Developer data from Microsoft, Barclays and SAP are believed to have been exposed as a result of the incident.

Although Cisco has yet to officially confirm the breach, reports suggest that the hackers may have accessed a vault containing private keys, tokens, and other sensitive credentials. If verified, this breach could have far-reaching consequences, potentially leading to unauthorized access and data theft for affected companies.

As investigations continue, it is imperative that organizations remain vigilant and take robust security measures to protect their sensitive data.

3. The Internet Archive was subjected to two hacks in October

The Internet Archive, a nonprofit digital library, has had a rough October with not one, but two security breaches.

The first attack on October 9 exposed the usernames, email addresses and password hashes of 31 million users. This coincided with a DDoS attack that took the website down.

The second violation occurred on October 20. Hackers used outdated access tokens to gain access to the Archive Zendesk support platform. This potentially exposed thousands of customer support requests containing user data dating back to 2018.

These incidents raise concerns about archive security practices and the potential impact on user privacy.

4. Opera browser users have been hit by a “CrossBarking” attack targeting secret APIs

A recent CrossBarking attack exposed vulnerabilities in the Opera browser, including its secret APIs. This attack allows malicious extensions to access sensitive user data, including browsing history and personal information. The exploit takes advantage of the way Opera handles API requests, allowing attackers to bypass security measures by injecting malicious code through seemingly legitimate extensions.

Opera has acknowledged the issue and is working on fixes to strengthen security measures against such attacks.

5. HeptaX exposes cyber espionage through unauthorized RDP connections

The HeptaX cyberespionage campaign, exposed through unauthorized Remote Desktop Protocol (RDP) connections, highlights a sophisticated threat that uses compromised systems to gain unauthorized access to sensitive networks. The campaign involved exploiting vulnerable systems, often with weak or standard credentials, to install persistent backdoors. Once inside, attackers employ a variety of tools and techniques, including custom malware, to steal sensitive information, conduct reconnaissance, and maintain constant access. The broad impact of this campaign underscores the critical importance of robust security measures, such as robust password policies, regular security updates, and network segmentation, to protect against such sophisticated threats.

6. EigenLayer hack: Phishing attack leads to $5.7 million in losses

In late October 2024, EigenLayer, an Ethereum-based protocol, suffered a major security breach that led to the theft of approximately $5.7 million worth of EIGEN tokens.

The incident occurred as a result of a phishing attack targeting one of Eigen Labs’ investors. The attacker, posing as a custodian, tricked the employee into approving a transaction that drained the wallet of the stolen funds. The stolen EIGEN tokens were subsequently exchanged for stablecoins and transferred to centralized exchanges.

EigenLayer, along with law enforcement and blockchain security firms, took swift action to investigate the incident and froze some of the stolen funds. While the exact vulnerabilities exploited by the attacker remain undisclosed, the incident highlights the current challenges in securing decentralized finance (DeFi) protocols and underscores the importance of robust security measures.

Amen

October’s data breaches underscore the importance of robust cybersecurity for every organization. Protect your business by partnering with Strobes. our comprehensive security solutions covering application, cloud and network security, as well as hacking and attack simulations, all designed to protect your business and maintain customer trust.

Post Major data leaks in October 2024 first appeared on Security gates.

*** This is a Security Bloggers Network syndicated blog by Security gates by authorship Lihil Chekuri. Read the original post at: