© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Weekly recap: covering your webcam is smart move, not paranoia


Here's this week's recap – a brief summary of leaks, hacks, and threats Cybernews observed between December 12 – December 16, 2022.

While you watch, you are being watched

Despite the increasing backlash from governments, Chinese tech companies seem to reign within Western industries. This time, we analyzed the internet-facing camera market. Our research team found 3.5 million IP cameras exposed to the internet, signifying an eightfold increase since April 2021.

Over 3.3 million of those cameras are manufactured by Hikvision – one of many Chinese brands pushed out of government and other sensitive sites.

At least Hikvision has enforced a strong password policy, while many popular brands either come with default passwords or have no authentication set up at all.

Threat actors can easily peek into an unsecured camera owner's life and even hack into their networks. The first thing you should do to secure your camera is set up a strong password. It is also a good idea to connect it to the network via a VPN tunnel and, of course, avoid cameras in sensitive areas.

Year of breaches

Not a week comes by this year when we don’t report another breach or hack. Many big brands, including Marriott, Holiday Inn, Starbucks, GTA, Optus, Revolut, and LastPass, among many others, have made headlines this year.

This week, we learned that Uber was breached yet again. This time, a threat actor stole employee mail addresses, IT asset information, and corporate reports and leaked that data online.

In October, Uber said it was investigating a cybersecurity incident. A hacker compromised an Uber employee’s account and left messages on corporate Slack channels and Uber’s HackerOne account, claiming that “Uber underpays drivers.”

Hackers also hit a popular data analytics tool used for YouTube and other major social media platform tracking. Social Blade, with seven million unique monthly visitors, was notified of a potential data breach whereby an individual acquired our user database, attempting to sell it on a hacker forum.

Leak that can’t be more sensitive

Data leaks are our newsroom’s bread and butter – in an attempt to make the internet a safer place and protect users, we notify dozens of companies each month about their leaky databases and cover the story once they fix the issue.

Some leaks are less sensitive than others. However, this week we broke the story about a leak that can’t get any more sensitive. The Global Pravasi Rishta Portal, India’s government platform connecting 30 million Indian expats, leaked usernames, surnames, country of residence, and email addresses in plaintext, as well as occupation status, phone, and passport numbers.

Unfortunately, this was not the only leak exposing passport numbers this week. It turns out that the International Table Tennis Federation (ITTF) had its cloud storage open for three years. Hundreds of players’ passports and vaccination records were available for anyone to download.


Editor’s choice:

Musk’s Twitter takeover shifted who’s controlling malware there

Research showcases untapped potential of ear biometrics

Life lessons learned from 25 years of GTA controversy

India’s foreign ministry leaks expat passport details

California says it is responding to Lockbit’s attack on Department of Finance

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked