Breach Brief – Facebook, USCellular, MeetMindful.com

Published On February 2, 2021 | By Tom Huskerson | Breach Briefs, News and Analysis

Facebook, that great gobbler of your personal information is also the bumbling village idiot of data security. This time is has lost control of over 500 million telephone numbers.

Security researcher Alon Gal reported finding a bot on Telegram selling the phone numbers of Facebook users for $20 apiece. Gal says the crook running the bot is laying claim to data of 533 million users. According to the Verge all the information comes from a Facebook vulnerability that was patched in 2019. Motherboard reported the bot was offering discount bulk pricing of 10,000 phone numbers for $5,000.

Telegram shut down the bot and Facebook claims the data was old. This is typical of Facebook to downplay a data breach…again. After all old data is not necessarily useless or invalid. Another factor to keep in mind is that these phone number came from Facebook user all over the globe. Gal counted of the millions of affected users in each country, finding 32,315,282 in America, 11,522,328 in the United Kingdom, 7,320,478 in Australia, and 3,494,385 in Canada.

USCellular

Since we’re on the topic of data breaches and telephones lets talk about USCellular.

USCellular reported a data breach after retail employees were suckered into downloading malicious software on to a store computer. The software gave remote access to the computer and to a customer relationship management (CRM) software.  From there hackers accessed the names, addresses, billing details and more details of existing USCellular customers.

USCellular is a regional service provider with most of its customers in the mid-west.

The company first noticed the breach on January 6th but it is believed that the actual attack was on the 4th according to Bleeping Computer. A notice was filed with Office of the Vermont Attorney General on January 21, 2021. USCellular reports Social Security numbers and credit card details were apparently masked by the CRM system and not lost to the attackers.

USCellular took steps to protect customers by removing the affected computer from the store and resetting all employees credentials in that store.

As for customers, though, their own login details have been changed as well including their PIN number and any security question and answer they had set up. People are being asked to contact USCellular to set up new details for their accounts.

MeetMindful.com

MeetMindful.com, a dating site launched in 2014 was attacked by whats is described by ZDNet as a well known hacker. The hacker, known online as ShinyHunters, is also credited with leaking the details of millions of users registered on Teespring, a web portal that lets users create and sell custom-printed apparel.

The hacker leaked the details of more than 2.28 million users registered of the  dating website. The data has been shared as a free download on a publicly accessible hacking forum known for trading stolen databases. The 1.2 GB file appears to be a dump of the site’s users database.

The hacker appears to have hit the mother load. The stolen data includes a wealth of information uploaded by lonely hearts when they first set up their profiles on the MeetMindful site and mobile apps.

Some of the most sensitive data points included in the file include:

  • Real names
  • Email addresses
  • City, state, and ZIP details
  • Body details
  • Dating preferences
  • Marital status
  • Birth dates
  • Latitude and longitude
  • IP addresses
  • Bcrypt-hashed account passwords
  • Facebook user IDs
  • Facebook authentication tokens

The MeetMindful data has been viewed more than 1,500 times and most likely downloaded, in many cases.

 

 

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Related Post

We Could All Be More More Cyber Smart!
Feds Making Money Moves
Apps Worth Mentioning : SheMatters
The Hottest Air Conditioning Scam

Comments are closed.