Bill Toulas reports: Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations’ cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, Microsoft says the threat actors posed as legitimate companies to enroll and successfully be verified as that company in the MCPP…
Category: Business Sector
Google Fi Customers Caught Up in T-Mobile Data Breach
Matthew Humphries reports: Google is in the process of telling Google Fi customers that their data was stolen as part of the T-Mobile breach earlier this month. On Jan. 5, a hacker breached T-Mobile’s network and stole data from 37 million customer accounts. Google Fi uses T-Mobile’s network for the majority of its connections, and it seems the…
Hacker finds bug that allowed anyone to bypass Facebook 2FA
Lorenzo Franceschi-Bicchierai reports: A bug in a new centralized system that Meta created for users to manage their logins for Facebook and Instagram could have allowed malicious hackers to switch off an account’s two-factor protections just by knowing their phone number. Gtm Mänôz, a security researcher from Nepal, realized that Meta did not set up a limit…
The U.N. Committee on Human Rights asks Morocco NOT to extradite Raoult
A small and somewhat bitter update to the Sébastien Raoult case. Sébastien’s father contacted DataBreaches tonight to say that they had just received a response from the Human Rights Committee of the United Nations. In response to Raoult’s appeal submitted on January 17, the committee responded by asking Morocco not to extradite Raoult while Raoult’s…
Ca: Qulliq Energy stops short of labelling cyberattack another Nunavut ransomware incident
CBC reports: The Qulliq Energy Corp. says it was locked out of its data in January’s cyberattack, but stopped short of calling it a ransomware attack. QEC announced last month it fell victim to a cyberattack, which was discovered on Jan. 15. While no operating technology, such as power plant infrastructure, was affected, QEC’s information technology, like email, billing and payroll databases were….
Bits ‘n Pieces (Trozos y Piezas)
BR: Instituto Federal Do Pará Attack Claimed By BlackCat The Instituto Federal Do Pará (IFPA) is a public education institution in Brazil. On January 21, it was added to the leaks site of the AlphV (BlackCat) group with a message saying, “The guys decided to ignore our ransom demands, so the data of their employees…