Here's this week's recap – a brief summary of leaks, hacks, and threats Cybernews observed between December 12 – December 16, 2022.
While you watch, you are being watched
Despite the increasing backlash from governments, Chinese tech companies seem to reign within Western industries. This time, we analyzed the internet-facing camera market. Our research team found 3.5 million IP cameras exposed to the internet, signifying an eightfold increase since April 2021.
Over 3.3 million of those cameras are manufactured by Hikvision – one of many Chinese brands pushed out of government and other sensitive sites.
At least Hikvision has enforced a strong password policy, while many popular brands either come with default passwords or have no authentication set up at all.
Threat actors can easily peek into an unsecured camera owner's life and even hack into their networks. The first thing you should do to secure your camera is set up a strong password. It is also a good idea to connect it to the network via a VPN tunnel and, of course, avoid cameras in sensitive areas.
Year of breaches
Not a week comes by this year when we don’t report another breach or hack. Many big brands, including Marriott, Holiday Inn, Starbucks, GTA, Optus, Revolut, and LastPass, among many others, have made headlines this year.
This week, we learned that Uber was breached yet again. This time, a threat actor stole employee mail addresses, IT asset information, and corporate reports and leaked that data online.
In October, Uber said it was investigating a cybersecurity incident. A hacker compromised an Uber employee’s account and left messages on corporate Slack channels and Uber’s HackerOne account, claiming that “Uber underpays drivers.”
Hackers also hit a popular data analytics tool used for YouTube and other major social media platform tracking. Social Blade, with seven million unique monthly visitors, was notified of a potential data breach whereby an individual acquired our user database, attempting to sell it on a hacker forum.
Leak that can’t be more sensitive
Data leaks are our newsroom’s bread and butter – in an attempt to make the internet a safer place and protect users, we notify dozens of companies each month about their leaky databases and cover the story once they fix the issue.
Some leaks are less sensitive than others. However, this week we broke the story about a leak that can’t get any more sensitive. The Global Pravasi Rishta Portal, India’s government platform connecting 30 million Indian expats, leaked usernames, surnames, country of residence, and email addresses in plaintext, as well as occupation status, phone, and passport numbers.
Unfortunately, this was not the only leak exposing passport numbers this week. It turns out that the International Table Tennis Federation (ITTF) had its cloud storage open for three years. Hundreds of players’ passports and vaccination records were available for anyone to download.
Subscribe to our newsletter