Aon’s 145,000+ customers had their information exposed in a data breach spanning three years, with unauthorized access starting in 2020 and only recently ending in 2022. In other cybersecurity news, the sensitive account information was exposed for the 23 million users of online comic reading platform Mangatoon.
Autolycos Android malware downloaded over 3 million times
Researchers have been tracking a new variant of Android malware named Autolycos that has been hiding in several apps on the Google Play store, leading to more than 3 million victim installations. While Google has been able to remove 6 of the infected apps, 2 are still active and have a combined 550,000 installations. Autolycos was first identified in June of 2021 with researchers immediately informing Google of the compromised apps at the time. Despite the warnings, it took more than 6 months before the first of the apps was taken down.
Hackers steal over $600 million in cryptocurrency from Axie Infinity
Earlier this year, hackers were able to successfully exploit an employee of Axie Infinity to steal cryptocurrency tokens with a value of nearly $625 million. It is believed that the attack occurred towards the end of March and came in the form of a lucrative job offer to a third-party development engineer. But alongside the phony offer was an infected PDF file that contained a malicious payload. Officials for Axie Infinity have already contacted their clients regarding the incident and massive loss of user capital.
BlackCat ransomware sets starting ransoms at $2.5 million
With barely a year of operating experience, the BlackCat ransomware group has set a new standard for their demands with a starting ransom of $2.5 million. Even though this amount can be cut in half, if paid within the 5–7-day window, many corporate victims in Nordic countries have still had to negotiate ransoms down from over $2 million if they are unable to restore their systems from backups.
23 million users compromised in Mangatoon breach
Near the end of May, hackers were able to compromise an unsecured Elasticsearch database containing sensitive account information for 23 million users of Mangatoon, an online comic reading platform. Several security researchers have attempted to contact Mangatoon about the breach, but so far there has been no response. There have also not been any actions taken to properly secure the database, which has now been publicly accessible for at least 3 months. The hacker who is taking credit for the breach, Pompompurin, has claimed that the database used “password” for the credentials and was only changed after the hacker informed Mangatoon themselves.
Aon financial services firm suffers multi-year data breach
Officials for the British financial services firm Aon have begun contacting their North American clients regarding an unauthorized intrusion into their systems from December 2020 to February 2022. This breach has exposed extremely sensitive information on 145,889 customers and though Aon was quick to contact the SEC, the company is now facing two lawsuits for failing to provide adequate security for their stored data.
