Millions more 23andMe user records leaked on cybercrime forum

Oct 20 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that treats cybercriminals like the Met Police treat a teenager with a Nerf gun in central London. #NoMercy 🙈

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹

Check out these freshly hatched patches!! 🐣🐣🐣

🚨 Urgent: Unpatched Cisco Vulnerability Exploited!

Cisco warns of a critical security flaw (CVE-2023-20198) actively exploited in its IOS XE software. Attackers can create a privileged account to control affected systems.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory. Mitigate by disabling HTTP server features on exposed systems.

Stay vigilant for updates. 🛡️🔒

Now, on to today’s hottest cybersecurity stories:

  • 👥 Millions more 23andMe user records leaked on cybercrime forum

  • 🕵️ D-link sees link: confirms employee fell victim to phishing attack

  • 🦸 All work and no Google play makes Android a mal boy… hehe 😂

23andMal 💀

🔐 23andMe Faces Second Data Leak: Millions of User Records Exposed! 😱

The same hacker responsible for the recent 23andMe data breach has struck again, leaking millions of new user records. This massive dataset containing four million user profiles was shared on the cybercrime forum BreachForums by the hacker known as Golem.

🚫 Concerning Details:

The newly leaked data includes information on users from Great Britain, and even data on “the wealthiest people living in the U.S. and Western Europe.” Some of this stolen data matches known 23andMe user and genetic information, raising alarm.

🧐 Unanswered Questions:

It’s still uncertain how this breach occurred and whether credential stuffing was the method used. 23andMe had previously suggested that users’ password reuse was a factor. An investigation is underway, but many questions remain, such as the extent of data stolen and the hackers’ intentions.

💡 Stay Protected:

In response to the breach, 23andMe urged users to change their passwords and enable multi-factor authentication. They are collaborating with forensic experts to get to the bottom of the incident.

This ongoing situation highlights the importance of safeguarding personal data and the need for robust cybersecurity measures. Stay tuned for updates on this developing story. 🛡️

 

Clean your Mac or PC

 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

D-wink, wink, nudge nudge 👀

 

giphy.com

 

🔐 D-Link Confirms Data Breach: Low-Sensitivity Data Exposed 🛡️

Taiwanese networking equipment manufacturer D-Link has acknowledged a data breach that led to the exposure of what it described as “low-sensitivity and semi-public information.” This incident appears to be unrelated to the recent Taiwanese government official data breach.

📅 Old System at Fault:

D-Link stated that the breached data likely originated from an outdated D-View 6 system that reached the end of its life in 2015. The data was used for registration purposes and does not contain user IDs or financial information.

🔍 Limited Impact:

Contrary to initial claims of millions of affected users, D-Link clarified that only around 700 “outdated and fragmented” records were compromised. The company believes that the breach involved tampered login timestamps.

🛡️ Strengthening Security:

D-Link attributed the breach to an employee falling victim to a phishing attack, prompting them to enhance security measures. Specifics of the attack were not disclosed, but active customers are unlikely to be affected.

This underscores the importance of ongoing vigilance and security practices to protect sensitive data. Stay secure! 🔒

🎣 Catch of the Day!! 🌊🐟🦞

Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.

🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)


🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts 👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Is Google paranoid of Android? 😬

 

giphy.com

 

📢 Google Bolsters Android Security with Real-Time Scanning! 🛡️

Exciting news for Android users! Google is stepping up its security game with an update to Google Play Protect. This free service now offers real-time code-level scanning for potential threats in apps before they’re installed on your device. 📱

🔍 What’s New?

When you’re about to install an app that hasn’t been scanned before, Google Play Protect will recommend a real-time app scan. This helps identify emerging threats and ensures your safety.

🛡️ Google Play Protect:

This service is your built-in defence against malicious apps from the Play Store or external sources. In some cases, it might even block an app from installation to keep your device secure.

🌍 Enhanced Protection:

With this update, crucial app signals are sent to Google Play Protect for code-level evaluation in real-time. This proactive measure is aimed at safeguarding users from cunning and ever-evolving threats, such as polymorphic apps that use AI to avoid detection.

🌏 First Stop: India

The feature is being rolled out in select countries, starting with India. Stay tuned for its availability in your region!

This advancement is crucial as cyber threats are continuously evolving. It’s part of Google’s commitment to providing comprehensive security on the Android platform. Keep your device safe and enjoy a worry-free Android experience! 🔒🔥

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 💊 HealthHack: Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps. This newsletter keeps you in the know.

  • Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

  • 🧠 Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles