T-Mobile admins recently discovered unauthorized activity through an internal API that allowed hackers to access the data for 37 million of their customers. In other cybersecurity news, hackers have demanded $10 million from Riot Games after stealing source code during an attack.
Hackers demand $10 million ransom for stolen Riot Games source code
Following a data breach last week, officials for Riot Games have received a ransom demand of $10 million in exchange for hackers both deleting the code and not publicly leaking it. It is believed the stolen source code includes sensitive documentation on the company’s anti-cheat applications and internal documentation on unreleased games. Riot Games is the third game-development company to have been targeted by a cyber-attack in as many months, which also focused on stealing source code for a variety of games and other sensitive company IP (Intellectual Property).
Ireland’s Data Protection Commission (DPC) fines WhatsApp for GDPR violations
WhatsApp Ireland has recently been faced with a fine of €5.5m over their data processing procedures, which were updated in May of 2018, and required users to consent to the latest Terms of Service to continue using the app. The fine is being imposed on WhatsApp because Ireland’s Data Protection Commission (DPC) concluded that the app didn’t do enough to inform users of what data was being collected or how it was being used and stored, when requiring them to agree to the updated user conditions.
37 million T-Mobile customers compromised in latest breach
Earlier this month, administrators at T-Mobile discovered some unauthorized activity through an internal API (Application Programming Interface), that allowed hackers access to sensitive customer data for 37 million users. While officials for T-Mobile have stated that they were quick to identify the vulnerable point of intrusion and resolve it, this attack is just the latest in a long series of data breaches that the company has suffered in recent years, which points to a lack of improvement to their overall security protocols.
MailChimp attack leaves FanDuel customers vulnerable
Users of the sports betting site, FanDuel, have been receiving notifications about a data breach at a third-party vendor, MailChimp, that may have exposed their contact information, and could be used in future phishing campaigns. Fortunately for FanDuel customers, the breach was isolated to MailChimp servers, and they didn’t compromise their FanDuel passwords or any financial information, as it is stored internally. Users are still being encouraged to update their credentials and be wary of any emails coming directly from FanDuel that are requesting personal information.
Lazarus Group responsible for 2022 hack of cryptocurrency firm, Harmony
After a considerable investigation by the FBI into the June 2022 hack at the cryptocurrency firm, Harmony, it has revealed that North Korea’s Lazarus Group was behind the $100 million theft. FBI officials traced some of the cryptocurrency to a laundering protocol service, which then split the stolen Ethereum into Bitcoin and was then disbursed to 11 different addresses. With the help of several currency service providers, officials were also able to freeze accounts that contained some of the stolen Ethereum before it was laundered and sent on again.
