Cybersecurity news headlines for November 2020

November’s edition of cybersecurity news headlines reports on a ransomware attack on US’s largest fertility network, more than 300,000 Spotify accounts hacked using credentials stuffing, the most popular passwords of 2020, and a data leak that exposed personal information of 16 million COVID-19 patients in Brazil. In no particular order, here’s what made the biggest news in cybersecurity in November, 2020.

 

US’s largest fertility network hit by a ransomware attack, patient data stolen

U.S. Fertility (USF), US’s largest network of fertility centers, has reportedly suffered a ransomware attack in September 2020. According to an official statement by the USF, a security incident took place on September 14, 2020 during which access to certain computer systems on the network was not possible because of a malware infection. After the initial investigation, it was determined that a number of servers and workstations connected to USF’s domain were encrypted by ransomware. Immediately after noticing the attack, USF took down the impacted servers and workstations, and third-party forensic experts were contacted. Everything was reconnected to the network on September 20. Federal law enforcement authorities have been also contacted and are currently investigating the incident.

However, after the forensic investigation concluded, it was revealed that the attacker was able to acquire a limited number of files during the period of unauthorized access, which occurred between August 12, 2020 and September 14, 2020. Files accessed during the attack contained personal information, including names, addresses, dates of birth, MPI numbers, as well as Social Security numbers. The ransomware group responsible for the attack is currently unknown. USF’s statement explains that the types of information impacted vary by individual. Furthermore, Social Security number were not impacted for many individuals. There is also no evidence to suggest that the stolen information has been misused as a result on the incident. However, the company warned that the attackers could have also accessed protected health information, which could include health or medical conditions, such as test results and medical records.

The ransomware involved in the attack has not been named, nor has US Fertility explained why it took them two months to make news of the attack public.

More than 300,000 Spotify accounts hacked in credential stuffing attacks

Countless users over the years have had their Spotify accounts hacked, with users reporting unknown playlists added, unfamiliar users added to family accounts, changed passwords, etc. A recently discovered database containing 380 million records with login credentials and personal information may shed some light on how accounts could have been hacked. It is very likely that the information in the database was being used to perform credential stuffing attacks on Spotify accounts. Credential stuffing is a hacking method during which stolen login credentials are automatically typed in to try and login to various accounts.

A research team from vpnMentor has recently discovered a 72 GB Elasticsearch database that contains over 380 million records. The origins of the database are unknown but vpnMentor and Spotify were able to confirm that the database belonged to a group that used it to defraud Spotify and its users.

It is important to note that the incident did not originate from Spotify, it merely contained Spotify login credentials stolen from other sources. The credentials were likely obtained using credential stuffing attacks during which information leaked from other services was used to try and access Spotify accounts. Because Spotify does not support two-factor-authentication and users often reuse passwords, more than 300,000 Spotify accounts have been hacked this way.

According to vpnMentor, they contacted Spotify on July 9th, 2020 and received a response the same day with action taken soon after.

“Early in our investigation, we contacted Spotify to present our initial findings. Together, we concluded that whoever owned the database had probably obtained the login credentials from an external site and used them on Spotify accounts,” vpnMentor’s report says.

To avoid getting their accounts hacked via credential stuffing, users are advised against reusing passwords. Password reuse is a dangerous habit to have, as it can lead to accessed accounts and stolen data.

“123456” revealed to be the most popular password of 2020

Password manager NordPass has released its annual list of the year’s most popular passwords, and it’s not looking good. The list, which contains passwords like “password”, “111111”, “qwerty”, “abc123”, shows that many users still cannot shake the habit of using basic passwords. The list of the top 200 most common passwords also includes the number of users using it, the time it takes to crack it, and the number of times it has been exposed.

At the top of the list this year is “123456”, which takes less than a second to crack and has been exposed over 23 million times. It takes first place, after coming in second last year. Moving up from third place last year, “123456789” now comes in second, with third place taken by a new password “picture1”. The infamous “password” is forth place this year, and seemingly complicated but incredibly easy-to-guess “qwerty” taking up 12th place. Other passwords on the list include “sunshine”, “dragon”, “1q2w3e4r”, “pokemon”, “superman”, “iloveyou1”, “cookie”, “ashley”, etc.

The list is made up of more than 275 million passwords that have been part of various data breaches that occurred in 2020. Because it’s usually basic accounts for games, apps and sites that are breached, one cannot say that users are using these incredibly easy-to-guess passwords for important accounts. Nonetheless, users are encouraged to ditch the basic passwords and start using ones made up of a mix of random numbers, symbols, upper and lower case letters. However, remembering all the difficult passwords can be difficult, which is why users are recommended to use reliable password managers that will not only store passwords in a safe way but also generate good ones.

Data leak exposes personal information of 16 million Brazilian Covid-19 patients

Personal information of more than 16 million Brazilian COVID-19 patients, including President Jair Bolsonaro, has been leaked online after a spreadsheet containing usernames, passwords and government system access key was uploaded onto GitHub by a hospital employee. Government databases, E-SUS-VE and Sivep-Gripe, containing information on Covid-19 patients were among the exposed systems. Sensitive data like names, addresses, ID information, and healthcare records were stored in the two databases.

According to various news reports, the leak was noticed when a GitHub user discovered the spreadsheet in question on a GitHub account that belongs to an employee of the Albert Einstein Hospital. The user notified Brazilian newspaper Estadao which informed the hospital in question and the Brazilian Ministry of Health. The spreadsheet was removed soon after, passwords were changed and exposed accesses keys were revoked by the government.

Among those whose data was included in the spreadsheets were high profile government figures, including Brazil’s President Jair Bolsonaro and his family, seven government ministers, and the governors of 17 Brazilian states.

References

1. Report: Spotify Targeted in Potential Fraud Scheme. vpnMentor.
2. Top 200 most common passwords of the year 2020. NordPass.
3. Catalin Cimpanu. Personal data of 16 million Brazilian COVID-19 patients exposed online. ZDNet.