By Deeba Ahmed
An APT group known as Tonto Team has tried targeting the Singapore-based Group-IB cybersecurity firm for the second time.
This is a post from HackRead.com Read the original post: Chinese Hackers Keep Targeting Group-IB Cybersecurity Firm

However, the APT group has failed to cause any harm to the Singapore-based cybersecurity giant.

An advanced persistent threat (**APT**) group known as Tonto Team has tried targeting the Singapore-based Group-IB cybersecurity firm for the second time. This attempt has also failed. The attack occurred in June 2022, whereas the first one occurred in March 2021.

**Incident Details**

According to Group-IB, they detected and blocked **malicious phishing emails** that targeted their employees. Group-IB’s team detected malicious activity on June 20, 2022, and its XDR solution triggered an alert after blocking the emails sent to two of its employees.

Screenshot of the alerts in Group IB- Managed XDR

Further **investigation** revealed that the Tonto Team threat actors posed as an employee from a legitimate firm and used a fake email created with a free email service called GMX Mail. The phishing emails were the initial phase of the attack. Attackers used them to deliver malicious MS Office documents created using the **Royal Road Weaponizer**.

Moreover, the actors used their own developed Bisonal.DoubleT backdoor, along with a new downloader that Group-IB researchers named TontoTeam.Downloader (aka QuickMute).

**How Did the Attack Occur?**

Attackers created a Rich Text Format (RTF) file with the Royal RTF Weaponizer. It is worth noting that this weaponizer is mainly used by **Chinese APT** (Advanced Persistent Threat) groups.

The file allowed attackers to create malicious RTF exploits with decoy content for Microsoft Equation Editor vulnerabilities tracked as **CVE-2017-11882**, **CVE-2018-0802**, and **CVE-2018-0798**. The decrypted payload, a malicious PE32 format EXE file, could be classified as a Bisonal DoubleT backdoor.

**Bisonal. Backdoor FunctionalitiesDoubleT**

Static analysis of the Bisonal.DoubleT sample was conducted and compared with its old version discovered in 2020. Similar strings were identified, and researchers also detected traces of a C2 server communication.

Additionally, they conducted a dynamic comparison analysis of the sample from 2022 and other samples of the same malware family. Researchers concluded that this backdoor could collect information about the compromised host, such as the proxy server address, system language encoding, the account name for the file currently running, hostname, time since system boot, and local IP address.

It encourages remote access to a compromised device, and the attacker can easily execute various commands. It can stop a specified process, obtain a list of processes, download files from the control server and run them, and create a file on the disk using the local language encoding.

**Tracking the Tonto Team**

The Tonto Team is also referred to as Karma Panda, HeartBeatm, Bronze Huntley, CactusPete, and Earth Akhlut. It is a cyberespionage group, possibly from China.

This APT group has mainly targeted military, government, finance, energy, education, technology, and healthcare organizations since 2009. Initially, it targeted companies in South Korea, Taiwan, and Japan and later expanded its operations to the USA.

The group frequently used **spear-phishing attacks** and delivered malicious attachments created using the RTF exploitation toolkit to drop backdoors, such as ShadowPad, Dexbia, and Bisonal.

1.  **Leading Cybersecurity Firm Kaspersky Hacked**
2.  **Google buys cybersecurity firm Mandiant for $5b**
3.  **Cybersecurity firm exposes 5B data breach records**
4.  **User data stolen in Stormshield cybersecurity breach**
5.  **Cybersecurity firm CloudSEK blames rival over breach**

Chinese Hackers Keep Targeting Group-IB Cybersecurity Firm

By Deeba Ahmed
Namecheap users should remain cautious, as hackers are using its inbox to scam users through phishing emails designed…
This is a post from HackRead.com Read the original post: Hackers Aim at Crypto Wallets with Hacked Namecheap Phishing Emails

Namecheap users should remain cautious, as hackers are using its inbox to scam users through phishing emails designed to appear as if they were sent from DHL or MetaMask cryptocurrency hot wallet.

For your information, **Namecheap** is a popular domain name registrar with more than 15 million domains issued thus far.

According to the company, the incident may have occurred due to a supplier-related issue. Namecheap released its official statement regarding the hack on Sunday, confirming that its upstream system was abused to send out malicious emails.

This means a third party is involved in “mailing unsolicited emails to our clients.” “As a result, some unauthorized emails might have been received by you,” the statement **read**.

The DHL emails inform the recipient that they need to pay a delivery fee for receiving their parcel, whereas the **MetaMask email urges** the recipient to complete the Know-Your-Customer (**KYC**) process. The email then warns victims that if the due process is not completed, they may lose access to their wallets.

Screenshot of the phishing email shared by a Twitter user @h4x0r\_dz

MetaMask **took to Twitter** to ensure that it doesn’t collect KYC information and would never send an email to get details of its users’ accounts. Hence, the company suggested that users shouldn’t enter the Secret Recovery Phrase on any website server and ignore any emails from Namecheap or MetaMask.

Namecheap assured its customers that its internal systems weren’t breached and that their personal information and account-related data were secure. However, the company has urged customers to avoid clicking on any links.

The company stated that it has temporarily suspended all emails. This includes emails delivering authentication codes, password resetting, and verifying trusted devices.

“We are glad to let you know that the mail delivery has been restored, so you should receive emails from Namecheap as usual from now on,” Namecheap CEO, Richard Kirkendall, confirmed. However, the CEO didn’t name the upstream system that was compromised. 

Speculation is rife that it could be SendGrid’s email delivery service. However, it is worth noting that the third party has denied being compromised. Twilio, which owns SendGrid and **got hacked last year**, said that the incident isn’t a result of a compromise of the Twilio network, but they are investigating it and will provide additional details over time.

1.  **PayPal Notifies 35,000 Users of Data Breach**
2.  **Geo Targetly URL Shortener Abused in Phishing Scam**
3.  **Reddit Hacked After Employee Bites on Phishing Scam**
4.  **Sophisticated SMS Phishing scam Dupes Zendesk Staff**
5.  **Scammers Using Microsoft Team GIFs in Phishing Scam**

Hackers Aim at Crypto Wallets with Hacked Namecheap Phishing Emails

By Habiba Rashid
The Trickbot botnet was dismantled in 2019, but its use by ransomware gangs evolved over the years.
This is a post from HackRead.com Read the original post: Trickbot Hacking Group Jointly Sanctioned By the US and Britain

The US and Britain have sanctioned seven members of the notorious Trickbot gang, which, according to authorities, is based in Russia.

The Trickbot ransomware bot **was dismantled** by cybersecurity companies in 2022, but somehow it managed to re-emerge. Now, the United States and the United Kingdom have come together for historic joint cyber sanctions against seven members of the notorious Russian hacking group known as **Trickbot**, officials announced on Friday.

These sanctions are the first for the UK, with officials stating that it was just the first wave of new, coordinated action against cyber criminals.

Malicious emails used in one of the Trickbot attacks

“The United States is taking action today in partnership with the United Kingdom because international cooperation is key to addressing Russian cybercrime,” U.S. Secretary of State Antony Blinken said in a statement on February 9th, 2023.

It is worth noting that, despite Trickbot’s absence in the past couple of years, the individuals behind it remain active and coordinate other attacks. According to experts, Trickbot’s operations were taken over by another ransomware gang known as **Conti**. The group was first identified in the latter half of December 2019 using TrickBot to drop its payload.

U.S. and British authorities have accused Trickbot and Conti of being associated with Russian intelligence services. Not only that, but the **leak of Conti gang chats** also revealed its soft corner for Russia. Additionally, Conti declared its support for Russia soon after the country sent its troops to Ukraine on February 28th,2022.

“During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centres, launching a wave of ransomware attacks against hospitals across the United States,” read the **announcement** by the U.S. Department of the Treasury. 

Along with other major ransomware attacks **orchestrated by the Trickbot gang**, the press release gives details, including their names, involvement with the Trickbot gang, and online monikers, regarding the seven individuals designated by the U.S. 

1.  **Emotet reemerged with botnet via Trickbot**
2.  **TrickBot crashes devices to evade analysis**
3.  **BLM movement exploited to spread Trickbot**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Trickbot Hacking Group Jointly Sanctioned By the US and Britain

By Waqas
The hackers disrupted the State TV broadcast and instead aired the slogan “Death to Khamenei” and urged people to withdraw their money from government banks. 
This is a post from HackRead.com Read the original post: Iranian State TV Hacked During President’s Speech on Revolution Day

The Ali’s Justice (Edalat-e Ali) hacker group has claimed responsibility for hacking the live transmission of an Iranian state-run TV and radio station to disrupt and deface the speech of Iranian president Ebrahim Raisi during the Revolution Day ceremonies.

On February 11th, 2023, the President of **Iran**, Ebrahim Raisi, was delivering a speech at Azadi Square in Tehran, where a massive crowd had gathered to mark the country’s 44th anniversary. It was an opportunity for the government to show its popularity, but its efforts were sabotaged by the hacktivist collective Ali’s Justice (Edalat-e Ali).

The hackers disrupted the State TV broadcast and instead aired the slogan “Death to Khamenei” and urged people to withdraw their money from government banks. Furthermore, they encouraged the citizens to participate in antigovernment protests, due to be held on February 16th, 2023.

Watch as hackers from the Edalat-e Ali group interrupt the live transmission.

The cyberattack was also **confirmed** by Germany-based Iranian journalist Bamdad Esmaili on his Twitter account. On the other hand, the Edalat-e Ali group used its Telegram channel to announce the hack. In a statement seen by Hackread.com, the group claimed responsibility for hacking TV and radio transmissions.

> “We the Adalat Ali group hacked the Islamic Republic of Iran’s TV and Radio transmission. First of all, the Adalat Ali group offers its condolences to the entire freedom-loving nation on the decade of dawn and the impure arrival of Khomeini the executioner to Iran.”
> 
> Edalat-e Ali

**Who are Edalat-e Ali Hackers?**

It is worth noting that Edalat-e Ali is a prominent group of hacktivists who have been working against the Iranian government for the past few years. Some of their recent hacks have involved the interruption of Iran State-Run TV’s live transmission **in October 2022**.

**In August 2021**, the same group breached the computer system and security cameras at a prison facility in northern Tehran, resulting in the leaking of live footage of the grim conditions and grave human rights abuses taking place inside.

**Iran, Protests, Hackers and Hacktivists**

Iran has been rattled by cyberattacks since September 2022, when **Anonymous hacktivists launched Operation OpIran** to support Iranians protesting against the death of 22-year-old Kurdish-Iranian Masha Amini.

Amini died while under detention by Tehran’s morality police, called the Guidance Patrol. She was arrested for wearing her hijab improperly.

Amini’s death sparked clashes between authorities and protestors, resulting in arrests and deaths. The latest hack from the Edalat-e Ali group was also part of its support for the protestors in Iran.

Nevertheless, the Iranian government vows to tackle protesters, while hacktivists from different parts of the world aim at the country’s critical infrastructure.

1.  **Iran’s protest detainees hit by spyware**
2.  **Iran’s Fars News Agency website hacked**
3.  **Iran’s atomic energy agency emails stolen**
4.  **Hackers turn to Dark Web to help Iranians**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Iranian State TV Hacked During President’s Speech on Revolution Day

By Waqas
Gustaffo Digital Service GmbH has been leaking personal and contact details of its customers since last month.
This is a post from HackRead.com Read the original post: Austrian ‘mobile concierge’ app Gustaffo leaking 100k customers’ data

Gustaffo was alerted about the data leak last week, but the company did not respond. Meanwhile, the misconfigured database is being updated with new and fresh customer data each day.

Austria, Vienna-based digital hospitality company Gustaffo has been caught in a data leak which saw over 100,000 customer records exposed. The cause of the data leak is its misconfigured database which is publically available without any password or security authentication.

What’s worse, the server is still live, and at the time of writing, new details of customers were being uploaded, including the following information:

1.  Full name
2.  Mobile numbers
3.  Email Addresses
4.  Booking Details
5.  Booking Links and information

Data that is being currently leaked and increasing

**So What is Gustaffo?**

According to this **press release**, Gustaffo was launched in 2016 and had 30 hotels in eight countries using the service. Its first customer was Austria’s largest hotel management company, Vienna House.

A look at Gustaffo’s **LinkedIn page** explains how the company functions and what services it offers. The company states it provides a “secure” and contactless Digital Guest Journey to Hotels and Hotel Groups.

“From the Check-In online to services during the stay including elevator and room access via the mobile app, and furthermore with Payment and Check-Out never having to go to the reception Via a white-labelled mobile app integrated with all major Property Management Systems your guests can directly access their assigned room via the mobile app instead of the usual key card,” says the About Us section of the company’s LinkedIn page.

Gustaffo was alerted to the security incident last week; however, there has been no response whatsoever, risking the personal details of unsuspecting customers at risk. This was revealed to Hackread.com by independent security researcher **Anurag Sen** working along with Hieu Minh, a Vietnamese researcher from **Chongluadao**.

It is worth noting that the researchers discovered the misconfigured cloud database on Shodan while searching for misconfigured cloud databases. For your information, **Shodan is an OSINT tool** and a specialized search engine used by cybersecurity researchers to locate vulnerable Internet of Things (IoT) devices, including servers and misconfigured databases on the internet.

Since Gustaffo has not responded to researchers nor have they secured the data, chances are that the company is completely unaware of the issue. Not only is it bad news for customers, but for Gustaffo itself, as the General Data Protection Regulation **(GDPR) is directly effective** in every country that is part of the European Union, including Austria.

In September 2021, the Austrian Data Protection Authority Österreichische Datenschutzbehörde **issued** a €9 million ($9.6 million) fine to the Austrian Post for violations of GDPR. This fine was among the largest fines ever imposed under the GDPR and served as an example of how seriously the law takes data privacy.

However, the fine was overturned by the Federal Administrative Court on December 2nd, 2020. Nevertheless, this fine was among the largest fines ever imposed under **the GDPR** and served as an example of how seriously the law takes data privacy.

While it’s unclear whether any malicious actors accessed the data or not, researchers are warning customers of Gustaffo to be on their guard against potential **phishing attempts** or identity theft scams.

**Misconfigured Databases – Threat to Privacy**

As we know, misconfigured or unsecured databases have become a major privacy threat to companies and unsuspecting users. **In 2020**, researchers identified over 10,000 unsecured databases that exposed more than 10 billion (10,463,315,645) records to public access without any security authentication.

**In 2021**, the number of exposed databases increased to 399,200. The top 10 countries with the most database leaks due to misconfiguration in 2021 included the following:

*   USA – 93,685 databases
*   China – 54,764 databases
*   Germany – 11,177 databases
*   France – 9,723 databases
*   India – 6,545 databases
*   Singapore – 5,882 databases
*   Hong Kong – 5,563 databases
*   Russia – 5,493 databases
*   Japan – 4,427 databases
*   Italy – 4,242 databases

1.  **579 GB of users website activity leaked in server messup**
2.  **Misconfigured AWS bucket leaked 350m email addresses**
3.  **Misconfigured baby monitors exposing video stream online**
4.  **Microsoft Power apps misconfiguration leaked 38m records**
5.  **Misconfigured backup leaked 50.5m GOMO Mobile user data**

****

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Austrian ‘mobile concierge’ app Gustaffo leaking 100k customers’ data

By Deeba Ahmed
Threat actors are targeting unsuspecting users with tailored phishing scam attacks based on victims' location, making it more convincing than ever.
This is a post from HackRead.com Read the original post: Geo Targetly URL Shortener Abused in Phishing Scam

Geo Targetly is a legitimate online service that offers its own URL shortening service, similar to Bitly, called Geo Link.

Researchers at Check Point Software Company’s security firm, Avanan, have discovered a new wave of **phishing attacks** in which actors use the Geo Targetly product, Geo Link, to redirect users to malicious links.

What’s worse, following this modus operandi, scammers can launch targeted attacks according to the victim’s region and language through this service.

> The latest Reddit hack teaches us one major lesson: Do not underestimate phishing attacks.
> 
> Hackread.com

For your information, Geo Targetly is a legitimate website that lets businesses and advertisers redirect users to ads or pages in their local markets. Its Geo Link service is essentially a URL shortener, according to the company, just like **Bitly**.

Threat actors use Geo Targeting to target potential victims at specific locations through phishing emails. This could be a massive blow to the cybersecurity fraternity, as exploitation of get targeting may be the ultimate game-changer for cybercriminals.

“In this attack, hackers redirect users via Geo Targetly … and provide them with customized, localized phishing pages,” Avanan researchers stated.

The said tool is used to display ads based on the user’s location. So, the ads viewed by someone in France would be different than those shown to someone in the US. Now, hackers can launch **geo-specific phishing** content and send malicious emails customized by region and language to their targets.

**Email Content**

One of the emails Avanan researchers **analyzed** was in Spanish and was sent to users in Colombia. It appears to be about a speeding subpoena. The email’s subject line translation is as follows:

“Subject: Notification of subpoena for excess of maximum speed allowed on urban roads of 60 km/h.”

The email contains a link. When the recipient clicks on “See Compared,” they are redirected to the Geo Targetly page. Since the user is in Colombia, the email will redirect them to a Colombian page.

Phishing email screenshot provided by Avanan

But that’s not the exciting part. The customization that hackers perform to attack their targets according to their location is the exciting part. With this trick, they can target multiple users in different parts of the world simultaneously.

By exploiting Geo Targetly, attackers can create **phishing URLs** that redirect users in certain regions to inauthentic login pages that appear legitimate. Due to this personalization, victims will be trapped and click on the link. This technique is based on the “spray-and-pray” method, in which thousands of phishing emails are sent at once.

**How to Stay Protected?**

Researchers recommend users check the URLs included in their emails and browsers before clicking on them. Avanan’s cybersecurity researcher Jeremy Fuchs stated that this is a widespread attack campaign.

Since there is no security flaw in Geo Targetly that threat actors have exploited, the only line of defence is staying vigilant. Geo Targetly has confirmed that hackers used its service to target users.

The company removed Geo Link from its free trial, considerably reducing its exploitation in phishing campaigns. Geo Targetly has also limited the creation of new accounts unless the user shares their legitimate company email account and domain.

1.  **SMS Phishing scam Dupes Zendesk Staff**
2.  **Phishing Attacks Using Unicode Characters**
3.  **Zoom Phishing Scam Steals MS Exchange Data**
4.  **Gmail Phishing Scam Stole Data Using Attachment**
5.  **Phishing: Microsoft & PayPal, most targeted brands**

Geo Targetly URL Shortener Abused in Phishing Scam

By Deeba Ahmed
According to Reddit, the breach took place after one of its employees fell for a phishing scam email sent through a malicious fake website.
This is a post from HackRead.com Read the original post: Reddit Hacked After Employee Bites on Phishing Scam

Reddit has become a victim of yet another data breach, in which threat actors have accessed the company’s internal documents, dashboards, business systems, and more.

On Thursday, Reddit confirmed that the platform had become a target of a sophisticated phishing attack on February 5th, 2023. The company revealed that the attackers targeted its employees by sending out plausible-sounding prompts via a website that looked exactly like Reddit’s intranet gateway. The objective of this attack was to steal credentials and second-factor tokens.

According to Reddit, Several employees received malicious emails sent via a fake website. One of the employees entered their credentials into this cloned website, which allowed the attacker(s) to hack into Reddit. Reddit asserts that its primary production system wasn’t breached, where Reddit stores most of its data.

After the affected employee informed the Security team, the team learned about the attack, and Reddit then launched an investigation into the incident. The company responded to the incident by removing the invader’s access to its system.

“We’re continuing to closely investigate and monitor the situation and working with our employees to fortify our security skills. As we all know, the human is often the weakest part of the security chain,” Reddit wrote in its blog.

Reddit CTO Christopher Slowe wrote that the attacker could access internal documents, dashboards, and business systems. Exposed data includes limited contact information of company contacts, which are currently in the hundreds, and current/former employees’ data. Reddit noted that limited advertiser info was also exposed.

The company, however, has assured Redditors that their data is secure and was not affected in this incident. “Based on our investigation so far, Reddit user passwords and accounts are safe,” the company’s spokesperson stated.

They further noted that after several days-long investigations by security, engineering, and data science (and friends), the company didn’t find any evidence that its customers’ non-public data was accessed or Reddit’s data was published/distributed online.

Reddit recommends that users switch to two-factor authentication. Slowe also hosted an AMA to answer queries related to the incident and confirmed that the employee who had self-reported the incident wasn’t fired but had been shifted to stocks as a punishment.

Reddit Hacked After Employee Bites on Phishing Scam

By Habiba Rashid
It turns out that the intelligence in Google's newly-announced ChatGPT rival, Bard AI, is a bit artificial at this moment.
This is a post from HackRead.com Read the original post: Bard AI Causes Google Losses of $100 Billion

One incorrect answer to a query by Bard AI has cost Google $100 billion.

Google’s **newly announced** experimental conversational Bard AI, has caused the tech giant to lose rather than gain profits. Google’s parent company, Alphabet, experienced a 7.7% stock plunge as it lost more than $100 billion in market value on Wednesday. 

This comes as a direct result of Bard’s ad, which shows the tool providing a factually inaccurate response to a query asking: “what new discoveries from the James Webb Space Telescope can I tell my 9-year-old about?” The third suggestion written by Bard AI states that “JWST took the very first pictures of a planet outside of our own solar system.”

However, Grant Tremblay, an American astrophysicist at the Harvard-Smithsonian Center for Astrophysics, pointed out the error in that response.

“I’m sure Bard AI will be impressive, but for the record: JWST did not take “the very first image of a planet outside our solar system”. the first image was instead done by Chauvin et al. (2004) with the VLT/NACO using adaptive optics,” **he tweeted**. 

> Not to be a ~well, actually~ jerk, and I'm sure Bard will be impressive, but for the record: JWST did not take "the very first image of a planet outside our solar system".
> 
> the first image was instead done by Chauvin et al. (2004) with the VLT/NACO using adaptive optics. https://t.co/bSBb5TOeUW pic.twitter.com/KnrZ1SSz7h
> 
> — Grant Tremblay (@astrogrant) February 7, 2023

According to **NASA’s report**, the first picture of a planet outside the Milky Way was taken by the Very Large Telescope in 2004, almost 19 years before NASA’s Webb telescope.

A Google spokesperson told **New Scientist**: “This highlights the importance of a rigorous testing process, something that we’re kicking off this week with our Trusted Tester program. We’ll combine external feedback with our own internal testing to make sure Bard’s responses meet a high bar for quality, safety and groundedness in real-world information.”

In **another tweet**, Tremblay also noted how a Google search using the regular search engine yields the correct information. This further sheds light on the fact that the error was able to slip through the system because AI models rely on plausible answers, depending on statistical analysis, and are not designed to give accurate answers.

This news comes after Microsoft launched its own AI results service for its Bing search engine on February 7th. Chinese search engine Baidu also recently announced plans for a similar project.

1.  **Fields of application of artificial intelligence**
2.  **AI-based Model to Predict Extreme Wildfire Danger**
3.  **How Artificial intelligence (AI) Stops Cybercriminals**
4.  **Microsoft patent reveals chatbot to talk to dead people**
5.  **AI-Powered Glasses Give Deaf People Power of Speech**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Bard AI Causes Google Losses of $100 Billion

By Habiba Rashid
The stolen Weee! database has been leaked on the infamous BreachForums and Russian-speaking cybercrime forums.
This is a post from HackRead.com Read the original post: Weee! Grocery Service Hacked, 1.1m Accounts Leaked

In total, hackers managed to steal 11.3 million order details, including 1.1 million email addresses belonging to Weee! customers.

A data breach affecting the US-based online grocery delivery platform, Weee!, has resulted in 1.1 million customers’ data being leaked online. On Monday, a threat actor named IntelBroker posted the database on BreachForums.

It is worth noting that BreachForums is a hacker and cybercrime forum that surfaced as an alternative to the popular and **now-seized Raidforums**.

Hacker announcing the breach (Screenshot: Hackread.com)

“Weee!” is particularly popular amongst Asian and Hispanic communities, delivering food across 48 states in the USA via warehouses spread throughout the country. Its delivery app has been downloaded over 2.6M times. 

The breach forum post reads, “In February 2023, a database of 11 million customers belonging to Sayweee was stolen by hackers.”

However, security researcher Troy Hunt of Have I Been Pwned, a data breach notification service, confirmed that the leaked data only includes 1.1 million unique email addresses. The additional entries are likely due to multiple orders placed by the same customer.

The leak contains information such as Weee! customers’ first and last names, email addresses, phone numbers, device type (iOS, PC, Android), order notes, dates, and other data the delivery platform uses.

Sample data as seen by Hackread.com

Some of the logs also included delivery notes that customers of Weee! left for couriers, such as codes to enter residential or office buildings.

The company’s spokesperson stated that “Weee! is aware that a data breach has affected some of its customers.” They also confirmed that the breach did not impact user financial data, as the online grocery delivery platform does not retain any payment details.

“For customers that placed an order between July 12, 2021, and July 12, 2022, information such as name, address, email addresses, phone number, order number, and order comments may have been impacted,” the company’s representative said.

“We have notified all customers of the issue and will be notifying all impacted customers individually if their information was exposed,” Weee!’s spokesperson explained.

“Security is a top priority for us and we are undertaking a thorough review to ensure we continue to deliver on the trust the Weee! Community places in us.”

The personally identifiable information (PII) in the leak can be abused by hackers in numerous ways. Exposed home addresses put users at a heightened risk of targeted scams and spear phishing campaigns, tracking, and unwanted contact.

On the other hand, leaked phone numbers could be used for marketing purposes, phishing, impersonation, and fraud. In extreme cases, PII information could be used by attackers to attempt identity fraud. 

1.  Uber Eats User records leaked on Dark Web
2.  Google-funded delivery service Dunzo hacked
3.  Chowbus food delivery service suffers breach
4.  Instant Checkmate and TruthFinder Data Leaked
5.  Foodora data breach 700k users in 14 countries affected

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Weee! Grocery Service Hacked, 1.1m Accounts Leaked

By Owais Sultan
In today’s SaaS market, security is of utmost importance. Online commerce has undergone major changes over the past…
This is a post from HackRead.com Read the original post: SaaS Security Best Practices: Safeguard Consumer Data

In today’s SaaS market, security is of utmost importance. Online commerce has undergone major changes over the past ten years, but many customers still don’t trust or understand these changes. It’s more difficult than ever to gain a cloud business’s trust.

To mitigate distrust of vague subscription fees, SaaS companies need to focus on securing customer data and communicating that security to their users. It’s not enough just to recognize that there is a problem; you need specific security measures that customers can understand.

We’ve put together some basic SaaS security information and best practices to help you get started protecting your subscription business; let’s dive in!

**What is SaaS security?**

SaaS security refers to the data privacy and security of user data in subscription-based software.

SaaS companies access, process, and analyze large volumes of client data every day. As a founder of a SaaS, it will negatively impact your user experience if you don’t safeguard this data.

To keep customer data safe, regulators have issued security guidelines that are mandatory for a SaaS company.

*   GDPR;
*   EU-US Privacy Shield Framework;
*   Swiss-US Privacy Shield Framework.

This ensures that any data your product has access to is kept secure in a way that customers can understand, whether you are dealing with internal or external issues.

**4 SaaS security best practices to keep your product secure**

Whether you are testing a new tool or implementing a new feature, it is necessary to consider how these changes will affect your SaaS security. Keep the following guidelines in mind to keep your data private and secure.

**1\. Encrypt your data**

Encryption should be a top priority at every level of your technology stack. Proper encryption ensures that customer data is not exposed to the public in the event of a breach.

As high-profile leaks become more frequent, customers are increasingly concerned about their data privacy. Let customers know that your product always protects their sensitive payment information by communicating your encryption policies.

There are many common encryption protocols, all of which ensure that the data you rely on is not stored in plaintext.

**2\. Make privacy a top priority**

Most compliance protocols and regulatory requirements require privacy and security statements; however, that is not all they are good for. By creating a trusted statement for your product, you are educating both your team and your customers on how to handle valuable data.

Determine the precise details that should be mentioned in your privacy policy by working with your development and legal teams.

**3\. Backup user data in multiple locations**

Many companies are not ready for a data breach, making effective customer data management very important. Backing up data in multiple locations ensures that no system failure will compromise your security.

Many of the cloud platforms that SaaS companies rely on provide this functionality as part of their products. Still, you need to be careful with backups to avoid a potentially catastrophic loss of customer data.

**4\. Consult with a cybersecurity firm**

The best industry advice on how to secure your platform can be found in independent security companies. Their testing procedures guarantee the security of your infrastructure, network, and software at all times. Additionally, these outside providers can help you out in the event of a breach.

**Understanding SaaS security keeps your customers safe**

As you can see, protecting the client’s data is one of the top priorities for a SaaS project.

By focusing on SaaS security, you build trust in your product and create an ecosystem that customers will enjoy utilizing. As people become more aware of personal safety issues, safer products become more attractive to buyers.

1.  Advertising Strategies For PaaS Services
2.  How to choose secure software for your business
3.  Cloud Hacking – Why API Remains the Biggest Threat?
4.  Solving the Cyber Security Problem: Mission Impossible
5.  What is Stakeholder-Specific Vulnerability Categorization?

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Source

HackRead