The #DataInsecurity Digest | Issue 103
As fears over foreign election interference grow, Washington remains idle
By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud
Subscribe here. Tell us what you think.
Editor’s note: Ransomware continues to impact basic services at dozens of local agencies, including hospitals, while Congress appears to be largely sitting on its hands. Microsoft announced that Iranian hackers attempted to hack a major U.S. presidential campaign the same week researchers found U.S. voting machines “incredibly insecure.” In other news, nearly 5 million DoorDash customers, employees, and merchants had sensitive data stolen by hackers.
And now, on to the clips!
—————–
Microsoft: Iranians attempted to hack U.S. presidential campaign. Security researchers at Microsoft found that a hacking group, which “originates from Iran and is linked to the Iranian government,” attempted to breach a presidential campaign and “tried to break into the accounts of current and former U.S. government officials, journalists covering politics and prominent Iranians living outside Iran.” (Source: NPR)
U.S. 2020 voting machines ‘incredibly insecure.’ Security researchers that “tested an array of voting machines and election systems that states plan to use in the next election… were able to crack into every machine they got their hands on. … All it took was a few days of tinkering on machines[.]” (Source: Washington Post)
DHS: No one can prevent another ‘WannaCry-style attack.’ Jeanette Manfra, the assistant director for cybersecurity for DHS’ Cybersecurity and Infrastructure Security Agency (CISA) commented: “I don’t know that we could ever prevent something like that,” referring to another WannaCry-style attack at a recent event. (Source: TechCrunch)
Breach du jour: 4.9 million DoorDash customers, merchants, workers. One year after the food delivery service’s previous breach, DoorDash has found its data compromised by another one. The latest breach allowed hackers to steal users’ “name, email and delivery addresses, order history, phone numbers and hashed and salted passwords[.]” The breach also compromised driver’s license information on “[a]round 100,000 delivery workers[.]” (Source: Tech Crunch)
Data breach used to file bogus anti-net neutrality comments. In the summer of 2017 millions of fake anti-net neutrality comments were filed in the runup to the FCC’s rollback of its 2015 net neutrality rules. News has now come to light that many of these fake comments were made possible because of a data breach. “In one particular group of 1.9 million comments, according to BuzzFeed News’ analysis, 94% of the email addresses belonged to people who had fallen victim to a hack known as the Modern Business Solutions data breach, in which millions of people’s personal information, including full names, birthdates, home addresses, and email addresses, had been stolen.” (Source: Buzzfeed)
Breach du jour part deux: 218 million Words With Friends users. The hackers, who gained access to a trove of user data in September were able to scoop up users’ “email addresses, login IDs, hashed (scrambled) passwords, Zynga account IDs, and in some cases, phone numbers and Facebook IDs.” (Source: Consumer Reports)
Quick hit: Three hospitals close due to ransomware attack. The hospitals are located in Alabama and have asked ambulances to take patients elsewhere whenever possible. (Source: BBC)
As ransomware continues to ravage cities, Washington remains idle. @timstarks observes that while “lawmakers have offered few ideas on how to respond to the wave of ransom-seeking cyberattacks that have struck at least 80 state and local government agencies … Members of Congress have introduced only four pieces of legislation since January that even mention the word ransomware. None would begin to address the full scope of the attacks that experts say will become only more numerous and severe.” (Source: Politico)
National Consumers League
Published October 10, 2019