Cybersecurity news headlines for 15-31 March, 2019

Cybersecurity news headlines for 15-31 March, 2019

In this edition of cybersecurity news headlines, we report on four major stories. Social media Facebook made headlines once again, and this time for storing hundreds of millions of plaintext passwords. Toyota announced a security breach that potentially exposed the personal information of around 3.1 million customers. $19 million worth of cryptocurrency was stolen from a South Korean crypto exchange service. And a Lithuanian man pleads guilty to scamming Google and Facebook out of $123 million.

Toyota announces data breach involving 3.1 million customers

Japan-based car manufacturer Toyota announced a data breach that potentially exposed personal information of around 3.1 million customers. This is the second Toyota security breach in the last five weeks. While the previous one involved the Australian subsidiary, the most recent breach affects the main offices in Japan. IT systems of sales subsidiaries Toyota Tokyo Sales Holdings, Tokyo Tokyo Motor, Tokyo Toyopet, Toyota Tokyo Corolla, Nets Toyota Tokyo, Lexus Koishikawa Sales, Jamil Shoji (Lexus Nerima), and Toyota West Tokyo Corolla are believed to have been breached.

According to the breach notification released by the company, personal information of around 3.1 million customers may have been accessed. While the car manufacturer did not reveal what information has been accessed by attackers, it does note that customers’ financial information was not accessed as it is not stored on the hacked servers. An investigation has been launched to determine whether the data accessed has been actually stolen.

Back in February, Toyota’s Australian branch suffered a cyber attack which resulted in multiple IT systems going down, delaying services at some dealerships. It is believed by some security specialists that both attacks were carried out by APT32 (OceanLotus), a Vietnamese cyber-espionage group, but Toyota has not confirmed any speculations.

Facebook mistakenly stored users’ passwords in plaintext

Social media giant Facebook is involved in yet another controversy after it was revealed that the platform mistakenly kept copies of users’ Facebook and Instagram passwords in plaintext. This essentially means that a number of Facebook engineers could have accessed the passwords.

According to a notification released by Pedro Canahuati, VP Engineering, Security and Privacy, the mistake was noticed during a security review in January. Normally, when someone creates a Facebook account, the password is masked.

“In line with security best practices, Facebook masks people’s passwords when they create an account so that no one at the company can see them. In security terms, we “hash” and “salt” the passwords, including using a function called “scrypt” as well as a cryptographic key that lets us irreversibly replace your actual password with a random set of characters,” Canahuati explains.

However, because of an error, which has not been specified by Facebook, copies of plaintext passwords were stored in the company’s servers.

Facebook notes that the plaintext passwords were not visible to anyone outside of Facebook, and there is no evidence to suggest that anyone in Facebook accessed them. However, as a precaution, users whose passwords were readable will be sent notifications prompting them to change their passwords. Facebook estimates that hundreds of millions of Facebook Lite users, tens of millions of Facebook users, and tens of thousands of Instagram users will be contacted.

While the error has been fixed and there is no evidence that anyone had accessed the passwords, it is recommended that users change their Facebook and Instagram passwords, even if they did not receive a notification about it. It is also a good idea to turn on two-factor-authentication as an extra security measure. This will add an additional layer of security to accounts as users will have to type in a code in addition to a password.

Lithuanian man that scammed Google and Facebook out of $123 million pleads guilty

Lithuanian man, Evaldas Rimasauskas, has pleaded guilty to defrauding Google and Facebook out of $123 million. Rimasauskas, 50, now faces up to 30 years in prison for using fake invoices to trick employees into wiring money into his bank account.

If you’re wondering how it’s possible that he managed to trick both Google and Facebook, it was actually quite simple. According to US officials, Rimasauskas set up a company with a similar name to Quanta, a hardware vendor that has relations to Google and Facebook. He then sent both companies emails in Quanta’s name, asking for payment for alleged services. Once the payments were sent, they were transferred to banks in Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong. In order to avoid suspicion when transferring large funds, Rimasauskas also submitted forged documents to banks.

Rimasauskas managed to run the scam for three years, from 2013 to 2015. Overall, it is alleged that he scammed Google out of $23 million and Facebook out of $100 million. There is little chance that such a scam (now known as CEO fraud) would be successful today as it’s become too known, but it was not widely known 4-5 years ago.

The perpetrator was arrested in Lithuania in 2017 and was extradited to the US to face his charges. He now faces 30 years in prison.

$19 million stolen from Bithumb cryptocurrency exchange

Cryptocurrency exchange Bithumb revealed that nearly $19 million worth of cryptocurrency was stolen from the South Korean exchange service in an attack that is believed to be an inside job. This is the second time the exchange was hacked. Primitive Ventures’ Dovey Wan, who first broke the story, reports that the attacker transferred 3 million EOS ($13 million) and 20 million XRP ($6 million) to his/her accounts. The funds were then transferred to different accounts created on other cryptocurrency exchange services.

According to a statement released by Bithumb, an abnormal withdrawal of the company’s cryptocurrency was noticed on 29 March. Immediately after, asset withdrawals and deposits were suspended. The hack is believed to have been performed with the help of an insider because there is no clear external intrusion path. Security firm Korea Internet and Security Agency (KISA) and the cyber police have been contacted to conduct an intensive investigation.

Bithumb has reassured that the stolen cryptocurrency is owned by the company, and that all members’ assets are “under the protection of a cold wallet”. The last time the cryptocurrency exchange service was hacked was in June, 2018 when attackers stole $30 million, half of which were recovered.