The first week of June has been quite eventful in the cybersecurity news space. Here’s what you need to know:
A dataset containing emails, phone numbers, and other account details of TikTok users has reportedly been sold on the dark web by a hacker who goes by the alias “Often9”.
TikTok’s security team is claiming that no evidence of a breach was found, and that this information was all publicly accessible.
(–Source: Security Boulevard
Read More: Cybersecurity Alert: Major Breaches at TikTok and Ticketmaster – Security Boulevard )
Ticketmaster experienced a data breach affecting over 500 million of its users. This breach was announced after Live Nation, Ticketmaster’s parent company, detected unauthorized activity within the company’s data base. This stolen user data is now reportedly being advertised for sale online.
(–Source: Security Boulevard
Read More: Cybersecurity Alert: Major Breaches at TikTok and Ticketmaster – Security Boulevard )
Well-known luxury jewelry brand, Cartier, detected unauthorized access from a third party within its system, leading to the brand’s website being hacked and the data of some of its clients being stolen.
The company states that “limited client information” was stolen, included names, email addresses, and the country in which the client resides. Thankfully, the issue has now been contained, and no passwords or financial information were affected.
(–Source: New York Post on MSN
Read More: Cartier warns customers some data stolen after website is hacked )
Sports apparel brand, The North Face, was recently hit by a credential stuffing attack on its website, affecting 2,861 user accounts.
Users’ payment information is thankfully not at risk as a result of this attack, but names, addresses, email addresses, birthdates, phone numbers, user preferences, and purchase history are among the compromised information.
The North Face’s parent company, VF Corporation, immediately disabled impacted accounts’ passwords, and has urged affected users in their breach notification letter to change their password and not reuse credentials utilized on other sites.
(–Source: Security Week
Read More: Thousands Hit by The North Face Credential Stuffing Attack – SecurityWeek )
Data from a 2021 breach on AT&T has resurfaced and been re-released by a hacker who was able to combine files and link Social Security numbers and birth dates to the 70 million customers who were affected in this breach.
The attacker originally claimed in a dark web forum post that the information was stolen from a 2024 breach on AT&T, but investigations have revealed that the data actually comes from the 2021 breach, now with SSNs and DOBs decrypted.
(–Source: BleepingComputer
Read More: Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers )
A modified Salesforce app is being used by hackers in an attempt to trick companies into downloading it so their data can be accessed and stolen.
The hackers, who are calling employees to trick them into downloading the malicious app, have “proven particularly affective at tricking employees.” Once the hackers successfully convince their victims to install the app, they gain access to significant capabilities, included the ability to access customer networks and carry out more attacks on other cloud services and internal corporate networks.
Google has warned that approximately 20 organizations have been affected by this attack over the past few months.
(–Source: CNN Business
Read More: Hackers are using a modified Salesforce app to trick employees and extort companies, Google says | CNN Business )
