Amazon Fires Employee For Leaking Customer Data

Amazon Fires Employee For Leaking Customer Data

  • Retail giant doesn’t disclose how many customers have been affected
  • Users should be on their guard against fraudulent and phishing emails

Multiple Amazon customers turned to social media to describe how they had received a notification from the online retail giant that their email addresses have been leaked to an unnamed third party.

Emails sent by Amazon to customers admit that a rogue employee unlawfully passed on users’ personal email details to a third-party, violating the company’s rules:

Part of the email reads:

“We are writing to let you know that your e-mail address was disclosed by an Amazon employee to a third-party in violation of our policies. As a result, we have fired the employee, referred them to law enforcement, and are supporting law enforcement criminal prosecution.”

Amazon goes on to explain that no information beyond users’ email addresses was breached, and that it is not asking customers to take any actions in response.

Nonetheless, it’s understandable that Amazon customers who receive the warning might feel alarmed.

If a third-party gained access to some Amazon customers’ email addresses they could be used to send spam, or even to send potentially convincing phishing emails posing as Amazon in an attempt to steal passwords.

Furthermore, a report from Motherboard suggests that the security breach may actually be connected to more than one insider. A statement received by the website from Amazon, referred to the perpetrators in the plural:

“The individuals responsible for this incident have been fired. We have referred the bad actors to law enforcement and are supporting their criminal prosecution.”

Notably, Amazon has made no official statement giving an indication of just how many customer email addresses have been breached, or which department the rogue employee or employees may have worked, or where in the world they might reside.

Of course there are most likely a wide range of job roles within Amazon’s customer service department which might have valid access to customers’ email addresses – and perhaps other sensitive information – as they answer questions and resolve issues related to users’ accounts.

And that makes it all the more important for companies to take an uncompromising stance against workers who exploit their access to customer data by, for instance, selling it to a third party.

Amazon has proven itself willing to punish staff in the past when customer privacy has been violated.

For instance, at the beginning of 2020, the retailer told US senators that it had fired four employees who had accessed videos recorded by customers’ Ring doorbells.

One week later Amazon sent a similar email to that sent in recent days, revealing that it had fired a number of employees after customer email addresses as well as phone numbers were shared with an unnamed third-party without permission.

Sadly there is little individuals can do to prevent a malicious insider from exploiting information that has been shared with an online retailer, but you can take steps to protect yourself from attack by being on the guard for malicious emails pretending to come from a company.

Amazon’s customer service department advises customers to report fraudulent and scam emails they receive that pretend to come from Amazon by sending them – preferably as an attachment – to stop-spoofing@amazon.com

Cybercrooks Hijack Nando’s Customer Accounts to Make Fraudulent Meal Purchases

Fans of the popular Nando’s UK eateries have fallen prey to a credential stuffing attack that drained hundreds of pounds sterling out of their bank accounts.

According to several UK media outlets, cybercriminals hijacked multiple customer accounts of the Peri-Peri chicken restaurant chain. They then placed large food orders after changing their corresponding phone numbers.

While some orders do not exceed £60, one customer said she lost £670 in fraudulent meal purchases.

The restaurant chain has acknowledged the attack, saying its systems have not been compromised in any way.

“While our systems have not been hacked, unfortunately some individual Nando customer accounts have been accessed by a party or parties using a technique called ‘credential-stuffing,’ whereby the customer’s email address and password have been stolen from somewhere else and, if they use the same details with us, used to access their Nando’s accounts,” the company said.

According to one report, a group of young individuals placed two massive in-store orders after initially failing to use compromised accounts to finalize their purchase.

“My card was compromised and used in your Finsbury Park location in London, whereas I am in Leeds. It looks like my Nando’s account was compromised to make this payment/ charge. Can you help!?” one customer tweeted.

“Can you explain to me how my Nando’s account has been hacked? Currently in lockdown in Wales with my bank card in my hand … but apparently ordering a sit down meal in Croydon.. Little help?” another customer added.

With Covid-19 restrictions across the country, Nando’s diners must place their orders online or use a QR code and then fill in their payment details. However, most customers claimed that their payment details were not stored in their customer account.

The restaurant chain said it will reimburse victims and improve its ability to detect fraud and malicious activity.

“We take immediate action to refund anyone who has been impacted and secure those affected Nando’s accounts,” Nando’s added. “We have made and are continuing to make investments to improve our detection and prevention of suspicious and malicious activity. We apologise to our customers who have been impacted by this.”

‘Eris Loris’ Hacker Spammed Millions of ‘Among Us’ Games with Pro-Trump Messages, YouTube Channel Ads

Over the past three days, popular indie game Among Us has undergone a series of spam attacks affecting millions of online games.

The attack, dubbed “Eris Loris,” impacted public North American lobbies with spam messages that appear in the game’s chat log. Most messages urge users to subscribe to the YouTube and Discord channels of a person called Eris Loris, and vote for Donald Trump in the 2020 presidential elections.

However, hybrid messages have also spawned, in which Loris threatens to “hack your device” or “blow up your phone” if you don’t subscribe to his online channels.

InnerSloth, the developers of the online social murder-mystery game, have acknowledged the attack on their official Twitter page:

“Hello everyone, We’re are super duper aware of the current hacking issue and we’re looking into it. We will be pushing out an emergency server update so people who are in game will get kicked from games. Please play private games or with people that you trust!!!Bare with us!!” InnerSloth said in a tweet posted on October 23.

The developers have advised players to join only private games or play with people they know and trust. It’s also imperative not to subscribe to the infamous YouTube channel or participate in the comment section of the videos posted by Eris Loris. If you join a public lobby, ban Eris Loris or anyone who sends the trademark message.

According to Kotaku, an online gaming reviews website, Loris acknowledged the hack, saying he was curious to see peoples’ reactions.

“I was curious to see what would happen, and personally I found it funny,” Loris said. “The anger and hatred is the part that makes it funny. If you care about a game and are willing to go and spam dislike some random dude on the internet because you cant play it for 3 minutes, it’s stupid.”

Forest Willard, one of the games’ programmers, tweeted yesterday that an anti-hack fix is being rolled out.

“Alright, wave 2 of anti-hacks are going out: Wave 1 did fix impersonation, this is why the prominent hack now is just chat spam and mass despawn (black room) Wave 2 should fix both of these. We’ll see where we need to go from there,” Willard said.

Vastamo Hacker Says He Doesn’t Care if Therapy Leaks Drive Patients to Suicide


Finnish local media is reporting new developments in the ransomware incident involving the Vastamo psychotherapy center. The attacker has been regularly leaking sensitive information to coerce the practice into paying ransom as authorities continue to investigate the incident.

Earlier this month, the psychotherapy practice with offices across almost the entirety of Finland confirmed its systems had been hacked. The attackers had made off with patient data, threatening to publish it to eager fraudsters on the dark web. To avoid the conundrum, the medical practice would have to pay ransom.

The story pretty much ended there. Local authorities told Vastamo to keep disclosure to a minimum as investigators sift through the data in an effort to catch the hackers. Those efforts are still ongoing, but new details are surfacing.

As reported by local news outlet Ilta-Sanomat, the breach itself occurred in the fall of 2018. Why the attackers did nothing with the stolen data is a mystery. For one reason or another, they made their ransom demands this month, and the amount is steep: 450,000 Euros in digital currency, according to the report.

Vastamo reportedly refused to negotiate with the aggressors. During this time, the perps tried to coerce the firm into paying by releasing chunks of the stolen patient data on the web – hundreds of records at a time, including “content of therapy sessions,” the report notes.

The site then reveals that a lone attacker was behind the hack, but that he is part of a larger hacking group whose victims extend beyond Finland and beyond the medical community (Google-translated):

“The blackmailer says the group he represents has also broken into four other organizations, none of which are Finnish. It is alleged that these have paid ransoms of similar size or larger. Others are not actors in the field of therapy, but they also contain sensitive personal information alongside trade secrets.”

During an exchange with the extortionist, the site insisted that these actions could push some patients to suicide. The extortionist reportedly said he didn’t care if that happens. In fact, he reportedly went as far as to contact individual victims with smaller ransom demands.

The extortionist has so far leaked 300 patient records on the dark web.

If the Ilta-Sanomat news story is accurate, Vastamo appears to have caved in and paid the hacker’s demands.

More details about the company’s efforts in the wake of the incident can be found on its official website.

FTC Launches New Fraud Reporting Tool for US Consumers

The US Federal Trade Commission (FTC) has launched a new cyber-fraud reporting platform, where consumers can easily report fraud, scams or bad business practices.

As fraud has surged during the pandemic, the consumer protection agency has created ReportFraud.ftc.gov, a user-friendly platform providing a “streamlined experience” for people bombarded with online scams and impostor calls.

“Every time you report scams or bad business practices to the FTC, you’re helping to protect your community,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “With ReportFraud.ftc.gov, it’s quicker and easier than ever to share your story, and each report helps the FTC, and other federal, state, and local law enforcement agencies, fight fraud.”

The new website replaces the former FTC Complaint Assistant and provides steps for consumers to protect financial and personal information, depending on their submission.

In 2020, the FTC has gathered over 223,995 fraud reports covering over $160 million in consumer losses.

Additionally, more than 345,000 identity theft reports have been filed this year, with scammers leveraging everything from government benefits to phone and utility bills.

The reporting tool encourages users to report scams even if they are not 100% sure of fraudulent activity.

“Whether you think it’s a scam, you know it is, or you’re not happy about a business practice, tell the FTC,” the agency said. “The FTC and its law enforcement partners enforce a variety of laws. Your report makes a difference and can help law enforcers spot problems.”

Hacker Claims to Have Guessed Donald Trump’s Twitter Password

A Dutch ethical hacker claims to have gained access to Donald Trump’s official Twitter account by guessing the password, making this the second successful attempt in four years.

The official Twitter account of Donald Trump may have fallen prey to a successful login attempt by the Dutch ethical hacker Victor Gevers. It turns out that hackers are always checking to see who’s not taking security seriously.

“I always run random checks,” says Gevers.  “Whenever someone is in the news, I monitor. I ran a check on the Biden, Pence and Harris accounts. Anyone receiving media attention is a potential target and deserves protection. Regardless of who they are.”

When the hacker checked the President’s account, he noticed that two-factor authentication was disabled, which is odd since verified accounts usually have this feature by default. He then tried several passwords, according to the website VN, which broke the story.

!IWillAmericaGreatAgain!

MakeAmericaGreatAgain

MakeAmericaGreatAgain!

Maga2020

Maga2020!

maga2020!

The last password on the list worked. After gaining access, the hacker says he stopped there and notified US authorities, who didn’t respond. Gevers suggested at one point that he might have been the one to post the famous Babylon Bee tweet under the president’s name, which was a link to a satire website.

The hacker says he finally received an answer on October 20. This would be the end of it, but Twitter denies that anyone but the president had access to the account. In any case, Gevers maintains that the password has changed and 2FA was reinstated.

In 2016, three Dutch hackers managed to guess the password of the same account. All that prevented them from entering was Twitter’s algorithm, which saw that the connection was from Europe. A proxy server later, the hackers managed to gain access by using the “yourefired” password.

IT Services Giant Sopra Steria Reportedly Hit with Ryuk Ransomware

Sopra Steria, one of the world’s biggest IT services companies, has reportedly been hit with the Ryuk ransomware. 

Sopra Steria Group SA is a giant IT firm whose business areas span consulting services, systems integration, enterprise resource planning, implementation of applications, technical support, outsourcing services and professional processes operation.

With around 45,000 employees and offices in 25 countries, the France-based company even lists cybersecurity services among its offerings. But that’s not to say it can’t fall victim to a cyberattack itself. And, according to recent reports, that’s precisely what happened on Tuesday, when ransomware operators reportedly encrypted parts of its network.

The next day, Sopra Steria issued the following statement:

“A cyberattack has been detected on Sopra Steria’s IT network on the evening of 20th October. Security measures have been implemented in order to contain risks. The Group’s teams are working hard for a return to normal as quickly as possible and every effort has been made to ensure business continuity. Sopra Steria is in close contact with its customers and partners, as well as the competent authorities.”

Pressed to expand on the boilerplate statement, Sopra Steria representatives told BleepingComputer they “don’t have further details to share.”

Sources familiar with the matter told the news outlet that the group responsible for the attack are the operatives behind the Ryuk ransomware strain. LeMagIT, a French IT magazine operating under US marketing company TechTarget, reportedly got the same tip from its sources.

Fake Instagram follower services slapped with lawsuit

Fake Instagram follower services slapped with lawsuit

  • Fake engagement sites use bots to follow Instagram accounts
  • Social media influencers desperate for more fans fuel fake engagement industry

Facebook has filed federal lawsuits against four individuals who it claims have been selling fake Instagram followers.

In a press release, Facebook named defendants Sean Heilweil and Jarrett Lusso of New York-based boostgram.com, and Laila Abou Trabi and Robin Abou Trabi of Dubai-based website instant-fans.com.

Both sites are said to use a network of bot accounts on Instagram which can be commanded to deliver a barrage of likes and follows to any other account. This “fake engagement” is sold for a price – sometimes to genuine individuals, and other times to “commercial resellers” of fake engagement.

Which means that if you’re desperate to prove that you are a social media influencer, you can pay as little as $30 per week to artificially inflate your count of followers and likes, and perhaps dupe brands into believing that you are more popular than you really are.

Facebook says it is not the first time it has attempted to prevent the individuals named in lawsuits from selling thousands of automated fake likes and follows to those who are desperate to brag about their social media following on Instagram.

Apparently it has sent multiple cease-and-desist notices since 2017, months before Facebook-owned Instagram announced it was taking action to reduce “inauthentic activity” on the social network.

But Instant Fans and Boostgram continued to violate Instagram’s Terms of Use, and even – according to Facebook – falsely claimed they had no ability to take down their own websites.

In some cases, third-party apps have requested users’ login credentials to inflate their social media following, which is clearly not to be recommended.

Viewed today, Boostgram’s website has been replaced with a curt closure message:

Boostgram website is closed, we are no longer accepting new customers.

Meanwhile, Instant Fans gives the appearance of still being in operation, offering to help grow users’ influence on Instagram, YouTube, Facebook, TikTok and other social media sites.

But whatever happens to these two companies, it appears that Facebook is facing an uphill battle. Every time a fake engagement service is squashed, two more spring up to replace it promising to bring genuine followers to social media accounts hungry for more fans.

US Accuses Iran of Sending Threating Emails to Citizens in the Name of Proud Boys

Iran sent threatening emails to Democratic voters in the US, emulating the right-wing group Proud Boys, according to a statement made by the National Intelligence Director John Ratcliffe.

Reports of threatening emails seemingly coming from the pro-Trump group started to appear over the past few days. US security officials from both National Intelligence and the FBI say the emails are actually from Iran.

Ratcliffe went even further and said that both Russia and Iran obtained an undisclosed volume of voter registration data. However, it seems to have come from available public sources and not from an intrusion.

“We have confirmed that some voter registration information has been obtained by Iran, and separately, by Russia,” said the director.

“If you receive an intimidating or manipulative email in your inbox, don’t be alarmed and do not spread it,” said Ratcliffe. He also said it’s an attempt to intimidate voters, incite unrest and damage the sitting president by communicating “false information to registered voters that they hope will sow confusion chaos and undermine your confidence in American democracy,” according to a BBC report.

Both Iran and Russian rejected the accusations, saying that US officials’ statements are not true and are politically motivated. Only Iran stands accused of sending the threatening emails, as Russia doesn’t seem to have been implicated.

The voting registration data is not secret in some states, and it can be released to the public by request. From the looks of it, people living in states where the data is public were targeted by the emails.

The emails started to show up in people’s inboxes on October 21, with threats of retaliation if the victims don’t change their allegiance from Democratic to Republican, and if they don’t vote for Donald Trumps in the upcoming November 3 elections.

Hackers Breach Psychiatric Practice in Finland, Hold Patient Data to Ransom

Hackers have breached a psychotherapy practice in Finland and are holding patient information to ransom, the victim company said in a notice this week.

Vastaamo has offices in around two dozen cities in Finland, including the capital, Helsinki. The firm has announced it has fallen victim to a hacker attack.

“An unknown hostile party has been in contact with Vastamo and claims to have obtained confidential information from the company’s customers … We are aware that some of our customers have leaked confidential information as a result of the breach. According to current information, customer data recorded after November 2018 has not been compromised,” it says.

Nowhere in the notice does the company mention a ransom, but according to local news outlet newsnowfinland.fi, the attackers indeed made such a request. The amount demanded is unknown.

Vastaamo has notified local authorities of the breach and has started its own internal investigation.

“In addition, Vastamo took immediate steps to clarify the matter in cooperation with external and independent security experts,” according to the announcement.

The firm’s technicians have hardened systems against further tampering “and their use is more effectively monitored by security professionals,” the notice reads.

“We do our best to find out what happened and work with the authorities to prevent the spread of confidential information,” reads a Google-translated version of the notice sent out by the psychiatric practice.

Tuomas Kahri, chairman of the Board of Vastaamo, issued the following (machine translated) statement:

“As a company providing psychotherapy services, the confidentiality of customer information is extremely important to us and the starting point for all our operations. We deeply regret the leak due to the breakthrough. We are constantly developing our data security and data protection and will take additional measures when our own investigations and regulatory investigations are completed. Due to the ongoing police investigation, we have not received a message on the subject before, as for technical reasons the investigation has not been made public,” said Kahri.

It’s not certain whether Vastaamo is dealing with a ransomware attack, but all signs point to one. In the past year, ransomware operators have not only encrypted but also downloaded the victim’s data, threatening to make it public or sell it to fraudsters in a bid to coerce victims into paying. Of course, even if the victim pays a ransom, nothing stops the perps from selling the data on the dark web anyway.

Vastaamo promises to keep customers updated with the latest information and directs members of the media to the company’s chairman for inquiries.

In situations like these, the victim company has a moral obligation to tell customers how to spot fraud attempts or phishing scams that leverage their personal information for credibility. Victim companies should also offer free credit card monitoring to those affected.

If you are a Vastaamo customer, keep a close eye on your bank statements and don’t reply to any unsolicited emails or text messages asking for your login credentials, or any other personal information for that matter.

If you have a password-protected account with Vastaamo and you’ve used that password on other services on the web, set up new passwords for each one of those other services.

Posts navigation

1 2 3 4 5 6 7
Scroll to top