Breach Alert Impacts 1.2 Million: RentoMojo.com

Breach Alert Impacts 1.2 Million: RentoMojo.com

Our security teams have recently discovered that online furniture and electronics rental startup RentoMojo has confirmed a data breach. The hacking origin date is April 23, 2023 and impacts 1.2 million. Personal identifying information data exposed include email addresses, user id, phone number, nationality and passport numbers.

The company reported that the attackers were able to gain access by exploiting cloud misconfiguration. Malicious attackers are continuously hunting for misconfigured cloud assets. They are vulnerabilities waiting to happen.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Image courtesy credit: Erfan Parhizi via unsplash.com.

NortonLifeLock Password Manager Tool Hacked

NortonLifeLock Password Manager Tool Hacked

NortonLifeLock has notified their customers that hackers have breached their Password Manager accounts. This latest breach dates back to December 2022 when thousands of customers were told that their accounts were compromised. Just recently, the parent company of NortonLifeLock, Gen Digital (formerly Symantec Corporation), reported that “the likely culprit was a credential stuffing attack.” This type of attack involves credentials that had previously been exposed or breached being used to break into accounts on different websites that share the same password.

By far, password protection is critical for online safety. Enabling multi-factor authentication (MFA) and having exceptional password hygiene habits are great practices to follow. For example, every account that requires a password should have their own unique, complex and random password. Try to avoid using combinations that utilize information that could be connected to your social media accounts, such as a loved one’s birthday or a pet’s name. Hackers are well-known to comb their intended victims’ social media accounts.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of https://unsplash.com/@flyd2069.

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

Our security teams have recently discovered that over 25 million people have been impacted by data breaches involving TruthFinder, Instant Checkmate and Gemini.

Both TruthFinder and Instant Checkmate are subscription-based websites owned by PeopleConnect that allow users to do background checks on people by utilizing public records. The breaches for both companies occurred on April 12, 2019. While TruthFinder’s breach involves eight million account holders, Instant Checkmate’s is even larger impacting 12 million. Stolen account holder information includes users’ email addresses, phone numbers and passwords for both sites. Parent company PeopleConnect has confirmed that all customer accounts created between 2011 and 2019 have been impacted and that the published list originated inside their company. Learn More

Gemini (Gemini Trust Company, LLC) is a cryptocurrency exchange and custodian that allows customers to buy, sell and store digital assets. The American-owned company operates in the United States, Canada, the United Kingdom, South Korea, Hong Kong and Singapore. The breach size of 5.4 million originated December 13, 2022 as a result of a third-party incident. The company has declared that some customers have been the target of phishing campaigns from that third-party vendor exposing millions of email addresses and partial phone numbers. Learn More

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo by https://unsplash.com Erfan Parhizi

 

Online Music Streaming Service Breach Impacts Billions

Online Music Streaming Service Breach Impacts Billions

Our security teams have recently discovered that a former deezer.com partner experienced a data breach in 2019 that has impacted 257 billion users. Deezer is a France-based music streaming platform. Leaked information includes users’ dates of birth, email addresses, genders, geographic locations, IP addresses, names, spoken languages and/or surnames. The hacking dates back to mid-2019 when a Deezer third-party fell victim to a breach exposing user data, which was then sold on a popular hacking forum.

The hacker claimed that the data breach affects users in the United States, the United Kingdom, Brazil, Columbia, France, Germany, Guatemala, Italy, Mexico and Turkey.

Other music streaming platforms, such as Spotify, have suffered data leaks in recent years. In December 2020, Spotify confirmed that an incident may have affected over 300,000 users’ email addresses, display names, passwords, genders and dates of birth.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo by Uriel SC via Unsplash.com.

Update for 200 Million Breach

Update for 200 Million Breach

Our security teams have discovered that hackers stole the email addresses of more than 200 million Twitter users  and posted them on an online hacking forum. The Twitter breach origin date was July 2022. Data exposed includes name, phone number, email address and account holder user IDs.

We first reported the breach on December 6, 2022. It is highly recommended to add two-factor authentication. Please contact us if you need assistance.

There were no clues to the identity or the location of the hacker or hackers behind the breach. “It may have taken place as early as 2021, which was before Elon Musk took ownership of the company last year, explained Satter (Reuters News).” Learn more HERE.

If you have any questions or concerns please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of Bermix Studios via unspash.com.

FBI’s Vetted Threat Sharing Network Hacked

FBI’s Vetted Threat Sharing Network Hacked

Just recently, our security teams have discovered large data sets of compromised cyber elements on the Dark Web. The breached site is InfraGard.org, which is a partnership between the Federal Bureau of Investigations (FBI) and key members of the private sector for the protection of the United States critical infrastructure.

InfraGard members are in roles involved in both cyber and physical security at companies that manage most of the nation’s critical infrastructures, including drinking water, power utilities, communication and financial services firms, transportation and manufacturing companies, healthcare providers and nuclear energy firms.

The breach origin date is December 2022 and data exposed includes their members’ contact information, such as name, email and phone numbers. The FBI stated that “this is an ongoing situation” and that they are “not able to provide any additional information at this time.” Approximately 80,000 InfraGard members are impacted. Learn more HERE.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. It has been a pleasure protecting America’s workforce for the last decade. We look forward to many years and much more growth to come.

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of Markus Spiske on Unsplash.com.

Twitter Data Breach Alert

Twitter Data Breach Alert

Just recently our security teams have found that Twitter, a popular social media service, has been breached. At least 5.4 million accounts have been compromised. The breach origin date is July, 2022 and data exposed includes name, phone number, email address and account holder user IDs.

Twitter acknowledged publicly that they received a report through their bug bounty program of a vulnerability in Twitter’s systems in January 2022. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email address or phone number was associated with, if any. Twitter then explained that the bug resulted from an update to their code in June 2021. When Twitter learned about this, they immediately investigated and fixed it. Twitter announced that at that time, they had no evidence to suggest someone had taken advantage of the vulnerability. Twitter has said that it would directly notify every account owner it could confirm was affected by the exposure. In the meantime, it is highly suggested to add two-factor authentication.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. It has been a pleasure protecting America’s workforce for the last decade. We look forward to many years and much more growth to come.

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of Bermix Studios via unsplash.com.

8.4B Passwords & 25M Records Stolen

8.4B Passwords & 25M Records Stolen

Just recently our security team found two new breaches involving 25,000,000 stolen records and that 8.4 billion passwords have been stolen and sold on the dark web. We see these breaches all the time. The reality is that out of the 8.5 billion IP addresses worldwide, 3.5 billion of them are malware. That’s correct! Almost half of the worldwide web is created to commit fraud. That’s why we have proudly built a strong partnership with industry powerhouse Experian who jointly provides our member’s identity protection, support, and complete resolution service.

 

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. It has been a pleasure protecting America’s workforce for the last decade. We look forward to many years and much more growth to come!

 

Be vigilant. Be Strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

Photo courtesy of unsplash.com Bermix Studios

Data Breach Alert: T-Mobile 100 Million Impacted

Data Breach Alert: T-Mobile 100 Million Impacted

The Associated Press reported yesterday that communications giant T-Mobile confirmed there was unauthorized access to ‘some T-Mobile data’ but that the company is still determining the scope of the breach and who was affected. T-Mobile is actively investigating the leak after someone took to an online underground forum offering to sell personal information from more than 100 million cellphone users.

 

According to Vice’s Motherboard report, the data came from T-Mobile servers and “includes social security numbers, phone numbers, names, physical addresses, unique IMEI (International Mobile Equipment Identity) numbers, and driver license information.” Motherboard also reported that they had seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.

 

The seller on the underground forum was asking for 6 bitcoin, which is about $270,000, for a subset of the data containing 30 million social security numbers and driver licenses. The hacker said that they are privately selling the rest of the data at the moment. For more in-depth details about the hack, you can read the KrebsonSecurity article HERE.

 

A statement on the T-Mobile website reads “We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency.” The statement also included that the company takes the protection of their customers very seriously and that T-Mobile is “conducting an extensive analysis alongside with forensic experts to understand the validity of these claims, and are coordinating with law enforcement.”

 

If you or a family member has been a T-Mobile customer and suspect your data has been compromised, please contact us as soon as possible. We are always available for you 24/7/365 at 888.966.GUARD (4827). Our Member Services can also be emailed at memberservices@guardwellid.com.

 

Photo credit: John Tuesday on unsplash.com

University of California and StreetEasy: Dark Web Fraud Alert

University of California and StreetEasy: Dark Web Fraud Alert

Our teams have discovered extremely large sets of compromised data on the Dark Web. The latest two websites involved are University of California and StreetEasy.com.

 

The University of California (UC) is the world’s leading public research university system. Like several hundred other institutions throughout the country, including universities, government institutions and private companies, UC has been using a vendor service called Accellion File Transfer Appliance (FTA) to transfer information. Accellion was the target of an international cyberattack where the perpetrators exploited a vulnerability in Accellion’s program and attacked roughly 100 organizations. The attackers are now attempting to get money from organizations and individuals.

 

The breach origination date was March 31, 2021. Information stolen includes names, addresses, SSNs, as well as some email addresses and medical IDs.

 

StreetEasy.com is New York City’s leading local real estate marketplace on mobile and the Web, providing comprehensive listings and market data. The approximate breach size is 990,290 and originated in June of 2016. Data exposed includes passwords, first and last names, email addresses, and user IDs.

 

Be vigilant. Be strong. Stay in the know. If you have visited these websites in the past or have done business with them, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.GUARD (4827).

 

Photo credit by Erfan Parhizi via unsplash.com.