Hackers downloaded full backups of all posts and messages from over 400,000 accounts on the Kodi media forum, forcing staff to shut down the forum as they work to rebuild it on a new server. In other cybersecurity news, the U.K. Criminal Records Office suffered a significant data breach.
Money Message ransomware targets computer vendor MSI
Late last week, officials for the Taiwanese computer vendor, MSI, confirmed that they had been in negotiations with the Money Message ransomware group to stop them from leaking 1.5TB of stolen data. MSI was given one week to pay the $4 million ransom before the full trove of stolen data is added to the Money Message leak site, which currently only has screenshots of the data posted to the site. While the company is assuring customers that they will not notice any interruptions to their services, they also have yet to reveal the extent of the threat actor’s intrusion or what customer information may have been accessed.
UK Criminal Records Office suffers extended cyberattack
Following an unnamed cybersecurity incident on January 17, the UK’s Criminal Records Office (ACRO) has been working endlessly to restore normal operations and has recently begun informing customers that their sensitive information may have been compromised. In the time since first discovering the incident, officials for the ACRO have changed the narrative from a cybersecurity issue to a series of website outages due to pre-scheduled maintenance, and that there is no conclusive evidence to indicate a data breach. Only time will tell if the incident was related to ransomware or just data theft from an organization that provides critical services and stores a significant amount of overly sensitive data on millions of UK citizens.
Hackers compromise 400,000 Kodi media forum users
Over the weekend, hackers were able to successfully compromise an inactive administrator account for the Kodi media software forums and download full backups of all posts and messages for the forum’s 400,000 users. Kodi staff have already taken the entire forum offline and are working to rebuild the forum server elsewhere, which was already in the planning stages. Users of the popular media player forum have been receiving mandatory password resets and will be further notified when the new forum server has been completed.
Hyundai confirms data breach for French and Italian markets
Hyundai Italia has recently begun informing their French and Italian customers of a data breach that exposed personally identifiable information (PII), though they have confirmed that no financial information was compromised. In the letter to customers, officials state that customers should remain wary of any email or SMS communications that appear to be coming from Hyundai Italia, or that may be requesting sensitive information. The overall extent of the incident is still under investigation and could grow to include Hyundai customers from other countries as well.
Yum Brands finally reveals data breach
Three months after falling victim to a ransomware attack, the parent company of KFC and Pizza Hut, Yum Brands, confirmed that they had been breached and were contacting all affected employees and customers. While there has not been any indication that the stolen data has been used nefariously, the company is offering 2 full years of credit and identity monitoring for anyone whose data was compromised. The initial ransomware attack was devastating enough to force Yum to close 300 restaurants across the UK, while staff were working to minimize the damage and begin recovery protocols.
