Avast Blog_Security News: 419M Facebook user records leaked in data breach

[harlan4096]

Plus, ransomware hits yet another NY school district, a phishing scheme uses hacked SharePoint accounts, and a unique RAT targets Brazilian Android users.

A security researcher discovered an exposed server that contained several databases of information on over 419 million Facebook accounts, Tech Crunch reported. Predominantly listing users’ phone numbers and Facebook IDs, the server also exposed other bits of data such as gender, country, and full name for certain users. Sources say 133 million of the breached records pertain to U.S.-based Facebook users, while the rest expose accounts in the U.K. and Vietnam. Facebook made a policy change last year that disabled the feature allowing users to find each other using phone numbers, leading a Facebook spokesperson to deduce that the data on the exposed server is at least a year old. In the wrong hands, the leaked data could put users at risk of spam calls and SIM-swapping attacks. There is no evidence yet, however, that any user has been impacted by the breach. Avast Security Evangelist Luis Corrons expects that Facebook will release more news about the server once the company conducts an internal investigation. “It seems clear,” he added, “that the less personal data users add to their Facebook profile, the better, as sooner or later that data will be compromised.”

This week's stat:

At least 600,000 GPS devices being used worldwide still use the “123456” default password, Avast researchers learned in their deep dive on GPS child trackers.

School delayed due to ransomware

The Monroe-Woodbury Central School District in Orange County, New York was supposed to welcome students back from the summer this Wednesday, but a ransomware attack changed the plan. NBC New York reported that education officials sent out an email Tuesday night to the families in the district, stating that a “cyber security threat” had interfered with their scheduled operations. All seven schools in the district delayed the first day of classes while security experts restored data from backup servers. District Superintendent Elsie Rodriguez says the recuperation might take a little while, adding, “For the time being we’re using paper and pen. We’re going back to the old days.”

“It is great that there was a backup in place that allowed to recover the data without paying the ransom,” commented Luis Corrons, acknowledging that other institutions were not so lucky. Monroe-Woodbury is the fourth school district in the tri-state area to be hit by ransomware this year. The Rockville Center district in Long Island paid an $88,000 ransom for the retrieval of their data.
...

Continue Reading