Sky suffers network breach but denies customer data at risk
Sky has denied suffering a significant network breach and putting customer data at risk, despite CyberNews researchers finding a configuration file apparently listing database access credentials on a publicly available domain.
CyberNews reported the issue to Sky, who quickly removed the configuration file from its location.
Database not found as Sky says incident had no impact
Sky said it acted quickly to remove the file in question and that customer data wasn't compromised at any time. Sky also said the incident had led to no broader impact on its data or systems.
One other potential cause for concern is that while researchers could find the file, they couldn't find the database itself. This raised concerns that it had already been stolen, although Sky has not commented further.
The CyberNews researchers who identified the leak told Tech Radar, “There’s no way to tell what data is being stored on the production server. With that said, exposed configuration files can serve as quick infiltration shortcuts for ransomware groups that could take a company’s servers and data hostage.”
Next steps for Sky
At present, there doesn’t appear to be any further danger facing Sky, although the incident itself undoubtedly remains a concern. At the same time, only Sky knows what data was held in the files in question, and the company themselves may not know whether it was accessed by anyone who may have sinister intentions.
Sky doesn’t seem to be treating this as a regular type of data breach, and thus has not reported anything to the Information Commissioner’s Office (ICO).
Do Sky customers need to worry?
Given what we know, Sky customers have no specific reason to be alarmed at this incident.
However, reviewing your online security is never a bad idea. As a minimum, it’s worth:
Changing your Sky passwordChanging any other passwords that are the same as your Sky passwordSetting up Two Factor Authentication (2FA) on your Sky email account if you use oneAdding 2FA to the accounts that previously had the same password as your Sky account to be extra safe
If a breach has occurred and your data is exposed, contact us
If it later becomes clear that a significant data breach did occur on the back of this or another incident, and your personal details were subsequently exposed, you could be entitled to compensation.Contact LawPlus here for a free, no-obligation assessment of your potential claim.
Post Office admits data breach
The Post Office has admitted a GDPR breach following objections to plans to close and relocate a village Post Office branch.
Following the conclusion of a consultation period about plans to close the Post Office in Haworth, a West Yorkshire village south of Keighley, and relocate it to a Co-Op branch, the Post Office sent out an email thanking local residents for sharing their views.
Unfortunately, the email contained 155 visible email addresses of those who had participated in the consultation. The Post Office attempted to rectify the situation by recalling the email but repeated the error, sending another email exposing the 155 email addresses.
The Post Office then sent an email that didn’t expose the email addresses, asking recipients to delete the original email that it couldn't recall.
The email sent by the Post Office to customers said:
"Regrettably the content of the email was correct, the email contained the email addresses of other recipients in error.
As we were unable to recall the message, please can we ask you to delete the original email and reply to this email confirming this has been done."
Haworth residents not impressed
This incident further inflamed local tensions, with considerable unhappiness around the planned closure and relocation further exacerbated by the exposure of residents’ email addresses.
One resident, Tim Underwood, told local newspaper The Telegraph & Argus, “It isn't acceptable, it’s an utter shambles, and has been dealt with in the same vain as how Haworth Post office closure was dealt with.”
Meanwhile, the Post Office told the paper, “We take any data incident very seriously and are sorry for any concern caused to the recipients of the email in question. Initial action was taken to recall the original email, followed by a request that it be deleted by each recipient before a corrected version was sent. We have notified the Information Commissioner’s Office about the incident and are looking at what we can do to ensure this does not happen again.”
Commenting on the incident, the ICO said, “People have the right to expect that organisations will handle their personal information securely and responsibly.
“Post Office Ltd has made us aware of an incident and we will assess the information provided.”
Next steps for affected residents
It is not yet clear whether the ICO will conduct a full investigation into this incident.
To date, there have also not been any reports of this data breach leading to further consequences.
However, if you’ve been affected by this data breach, you may be entitled to compensation.
While we’ll wait for the outcome of the ICO’s assessment and any subsequent investigation, you can still contact LawPlus and share your details with us pending any potential review and claim. Once the ICO has done it’s work, we’ll conduct a FREE, no-obligation assessment of your case and advise if you have grounds to claim compensation from the Post Office.
Coinbase users hacked after 2FA flaws exposed
Popular cryptocurrency exchange Coinbase, which boasts over 68 million users from over 100 countries worldwide, has admitted that 6,000 of its customers had crypto stolen from their accounts earlier this year. The thefts occurred after hackers exploited flaws in Coinbase’s SMS message multi-factor authentication (MFA) security feature.
While this flaw was specific to Coinbase, such an incident will undoubtedly cause concern for many, given how vital two-factor authentication (2FA) and MFA are in preventing fraud.
Coinbase notified the 6,000 affected customers at the end of September.
Hacking activity conducted between March and May this year
In Coinbase’s communication to the affected customers, the crypto exchange said the hacks and subsequent thefts had occurred between March and May 2021.
Coinbase said that for the thefts to occur, the hackers responsible needed:
The customer’s email addressTheir Coinbase passwordThe telephone number associated with their Coinbase accountTo be able to access the customer’s email account
Coinbase believes this information was likely acquired via targeted phishing campaigns aiming to steal account credentials. Although this has not been confirmed in relation to this incident, such attacks in Coinbase and other popular cryptocurrency exchanges are known to have become increasingly frequent in recent years.
In addition to phishing scams, it is also known that banking trojans commonly used to steal online bank accounts can also steal Coinbase and other crypto exchange accounts.
What was the MFA flaw?
Typically, hackers cannot access Coinbase (or other online accounts) if MFA is in place. Furthermore, receiving a notification requesting authentication also acts as a red flag that an account's details have been compromised. Thus, users can change their passwords and remove the threat.
Following this incident, Coinbase has said hackers could exploit a flaw in its SMS account recovery process and acquire an SMS 2FA token to access users' accounts.
Coinbase said it fixed its "SMS Account Recovery protocols" as soon as it learned of the hack, preventing further exploitation.
Further personal details potentially stolen
As hackers had full access to Coinbase accounts, the user accounts that saw thefts potentially had a raft of other personal information stolen, too, including:
Full nameHome addressDate of birthIP addresses linked to Coinbase account activityAccount holdings and balances
Given the data potentially stolen, the affected Coinbase users will need to remain vigilant around potential fraud attempts on their other online accounts. At an absolute minimum, users would be wise to ensure they change any passwords the same as they used for Coinbase.
While this hack involved exploiting 2FA and MFA flaws, these methods are still one of the most robust means of protecting online accounts from fraud. Even if you're not one of the Coinbase users affected by this incident, it's worth ensuring you have 2FA or MFA set up for the accounts you do use. Hardware security keys or authentication apps tend to be more secure and less vulnerable to flaws than SMS or email 2FA, so it's better to use these methods where possible. Coinbase is also encouraging all its users to use alternatives to SMS or email. In August, Coinbase accidentally told 125,000 users their 2FA settings had been changed, causing panic among those receiving the notification.
What next for affected customers?
Coinbase has already deposited funds equal to the amounts stolen to those affected by the theft.
In addition to ensuring they’re using 2FA or MFA and changing their passwords, both those affected by this incident and all Coinbase users should ensure they know the signs of a phishing email and remain vigilant when clicking emails and submitting details online.
Have you been affected by a data breach? Contact LawPlus today
If you’ve been affected by this Coinbase incident or have experienced fraud owing to any other data breach, you may be entitled to compensation.
Contact LawPlus today for a FREE, no-obligation assessment of your data breach claim.