Breach Alert Impacts 1.2 Million: RentoMojo.com

Breach Alert Impacts 1.2 Million: RentoMojo.com

Our security teams have recently discovered that online furniture and electronics rental startup RentoMojo has confirmed a data breach. The hacking origin date is April 23, 2023 and impacts 1.2 million. Personal identifying information data exposed include email addresses, user id, phone number, nationality and passport numbers.

The company reported that the attackers were able to gain access by exploiting cloud misconfiguration. Malicious attackers are continuously hunting for misconfigured cloud assets. They are vulnerabilities waiting to happen.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Image courtesy credit: Erfan Parhizi via unsplash.com.

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

Triple Date Breach Climbs to 25 Million: TruthFinder, Instant Checkmate and Gemini

Our security teams have recently discovered that over 25 million people have been impacted by data breaches involving TruthFinder, Instant Checkmate and Gemini.

Both TruthFinder and Instant Checkmate are subscription-based websites owned by PeopleConnect that allow users to do background checks on people by utilizing public records. The breaches for both companies occurred on April 12, 2019. While TruthFinder’s breach involves eight million account holders, Instant Checkmate’s is even larger impacting 12 million. Stolen account holder information includes users’ email addresses, phone numbers and passwords for both sites. Parent company PeopleConnect has confirmed that all customer accounts created between 2011 and 2019 have been impacted and that the published list originated inside their company. Learn More

Gemini (Gemini Trust Company, LLC) is a cryptocurrency exchange and custodian that allows customers to buy, sell and store digital assets. The American-owned company operates in the United States, Canada, the United Kingdom, South Korea, Hong Kong and Singapore. The breach size of 5.4 million originated December 13, 2022 as a result of a third-party incident. The company has declared that some customers have been the target of phishing campaigns from that third-party vendor exposing millions of email addresses and partial phone numbers. Learn More

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo by https://unsplash.com Erfan Parhizi

 

FBI’s Vetted Threat Sharing Network Hacked

FBI’s Vetted Threat Sharing Network Hacked

Just recently, our security teams have discovered large data sets of compromised cyber elements on the Dark Web. The breached site is InfraGard.org, which is a partnership between the Federal Bureau of Investigations (FBI) and key members of the private sector for the protection of the United States critical infrastructure.

InfraGard members are in roles involved in both cyber and physical security at companies that manage most of the nation’s critical infrastructures, including drinking water, power utilities, communication and financial services firms, transportation and manufacturing companies, healthcare providers and nuclear energy firms.

The breach origin date is December 2022 and data exposed includes their members’ contact information, such as name, email and phone numbers. The FBI stated that “this is an ongoing situation” and that they are “not able to provide any additional information at this time.” Approximately 80,000 InfraGard members are impacted. Learn more HERE.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. It has been a pleasure protecting America’s workforce for the last decade. We look forward to many years and much more growth to come.

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of Markus Spiske on Unsplash.com.

Twitter Data Breach Alert

Twitter Data Breach Alert

Just recently our security teams have found that Twitter, a popular social media service, has been breached. At least 5.4 million accounts have been compromised. The breach origin date is July, 2022 and data exposed includes name, phone number, email address and account holder user IDs.

Twitter acknowledged publicly that they received a report through their bug bounty program of a vulnerability in Twitter’s systems in January 2022. As a result of the vulnerability, if someone submitted an email address or phone number to Twitter’s systems, Twitter’s systems would tell the person what Twitter account the submitted email address or phone number was associated with, if any. Twitter then explained that the bug resulted from an update to their code in June 2021. When Twitter learned about this, they immediately investigated and fixed it. Twitter announced that at that time, they had no evidence to suggest someone had taken advantage of the vulnerability. Twitter has said that it would directly notify every account owner it could confirm was affected by the exposure. In the meantime, it is highly suggested to add two-factor authentication.

Guard Well Identity Theft Solutions exists to protect you, your family, and your employees from the damages of identity theft. It has been a pleasure protecting America’s workforce for the last decade. We look forward to many years and much more growth to come.

Be vigilant. Be strong. Stay in the know. If you have any questions or concerns, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Photo courtesy of Bermix Studios via unsplash.com.

Stolen Data of 533 Million Facebook Users Leaked Online

Stolen Data of 533 Million Facebook Users Leaked Online

Facebook, the most popular social media platform worldwide, has experienced another leak. This weekend we learned that the phone numbers and personal data of 533 million users were published for free.

 

Business Insider reported that “the exposed data includes the personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdays, bios, and, in some cases, email addresses.”

 

For more information, click HERE.

 

Be vigilant. Be strong. If you have any concerns or think you have been a victim, please contact our Member Services immediately. We are always available for you 24/7/365 at 888.966.GUARD (4827).

 

Photo credit: Tim Bennett on Unsplash

Romwe.com Breach Impacting 23 Million

Romwe.com Breach Impacting 23 Million

Our security teams have recently discovered several large sets of compromised data on the Dark Web. The website, Romwe.com, has been affected.

 

Romwe is a Chinese fashion retailer founded in 2008. Headquartere in Nanjing, China, Romwe deals with a wide range of trending fashion items for men, women and children. The breach date was July 2020 and impacts 23 million people. The type of data exposed includes email, password and telephone number.

 

If you have visited the romwe.com website or have engaged in business activity with this company, please call us at 888.966.GUARD (4827) to speak with a fraud resolution specialist. Likewise, if you have questions or concerns feel free to call anytime. We are available for you 24/7/365.

 

Dark Web Alert: Large Sets of Compromised Data

Dark Web Alert: Large Sets of Compromised Data

Our security teams have discovered additional large sets of compromised data on the Dark Web. More than 50 million records have been breached. The websites below (when known) have been affected. If you have visited these websites or have engaged in business activity with any of these companies, please call us at 888.966.GUARD (4827) to speak with a fraud resolution specialist. Likewise, if you have questions or concerns feel free to call anytime. We are available for you 24/7/365.

 

– City of Knoxville, TN Government Servers. Breach date: July, 2020. Data exposed: emails and bank accounts.

 

– Unknown. Breach date: unknown. Breach size: 50 million. Data exposed: names, emails, addresses, phone and gender. More information to come.

 

– UniversalLogistics.com. Breach date: June 11, 2020. Data exposed: corporate operational data reports, emails, invoices and personal data (names, DOB, SSN, driver’s license, credit cards).

 

 

Websites with Compromised Data on the Dark Web

Websites with Compromised Data on the Dark Web

Our security teams have recently discovered several large sets of compromised data on the Dark Web. The websites listed below have been affected. If you have visited these websites or have engaged in business activity with any of these companies, please call us at 888.966.GUARD (4827) to speak with a fraud resolution specialist. Likewise, if you have questions or concerns feel free to call anytime. We are available for you 24/7/365.

 

– apollo.io

– appen.com (formerly crowdflower.com)

– scentbird.com

– swvl.com

– promo.com (previously slide.ly)

– mathway.com

– truefire.com

– ggumim.co.kr

– dave.com

– chatbooks.com

– hurb.com

– liveauctioneers.com

– kreditplus.com

– execupharm.com

– dunzo.com

– verifications.io

– catho.com.br

– bhinneka.com

– wattpad.com

– gigasize.com

– netsential.com

 

 

Scams, Scams and More Darn Scams

Scams, Scams and More Darn Scams

Did you know that there are at least 48 different types of identity theft and the number of scams involved in each is growing daily? Romance scams, residence scams, utility scams, employment scams, telephone scams, email scams, charity scams, Apple care scams, AirBNB scams, PayPal scams, census scams, ticket scams, government scams, medical scams, insurance scams, real estate scams, investment scams, lottery and sweepstakes scams … there really isn’t one facet of our lives that isn’t ‘scam-able.’ As the weather turns colder, it kind of makes you want to curl up under an electric blanket and hibernate for a bit doesn’t it!

 

Although everyone with a social security number is at risk for identity theft, there are two groups that are targeted more often: children and seniors. The U.S. Department of Health & Human Services has studied why. They explain, “Children are targeted to establish a ‘clean slate.’ Seniors are targeted over the telephone and through phishing scams. Some studies suggest that people become more trusting as they age, which helps to explain why it’s more difficult for older adults to detect fraudsters.”

 

The next high-risk group that follows children and seniors are the military mostly due to deployment, which impacts their ability to respond to a threat in a timely manner. According to the Federal Trade Commission, military consumers are most affected by credit card and bank fraud. Another high-risk group is identity theft repeat victims. As reported in Consumer Affairs, “people who have previously been affected by identity theft are at a greater risk for future identity theft and fraud.” According to the Center for Victim Research, “7-10% of the U.S. population are victims of identity fraud each year and 21% of those experience multiple incidents of identity theft.”

 

Lastly, the deceased are targeted. Stealing a dead person’s identity, commonly known as “ghosting,” will often go unnoticed by surviving family for months or years. A report dating from 2012 stated that 2.5 million deceased American identities are stolen each year. Of those 2.5 million stolen identities, 800,000 were used to open lines of credit or get a mobile phone plan.

 

Fraudsters oftentimes repeat their favorite most lucrative scams, which are driven by major financial life moments, such as taxes and holiday shopping. Yes, it’s getting to be that time of year, and, guess what … the world’s largest online retailer, Amazon, is seeing a huge increase in fake Amazon.com order cancellation scams. If you receive an email about an order cancellation from Amazon, there’s a good chance it’s a scam. Click on links in the email and you could unintentionally download malware onto your device. Or you might be sent to a site that aims to collect your Amazon account information, like your username and password. If you receive such an email and recently placed an order, go to Amazon.com directly to check your order status.

 

Most of our blogs offer tips to help protect yourself and your family from identity theft. There is one tip in this blog: Remain aware of scams and that they can touch every facet of your life. By staying in-the-know, you can help every month be National Cybersecurity Awareness month … not just October.

 

If you suspect that you or a loved one has suffered identity theft, please reach out to us as soon as possible. Our Guard Well member services team is available around the clock, every day of the year. Email memberservices@guardwellid.com or call 888.966.GUARD (4827) for help.

DoorDash Data Breach: How to Tell if You’ve Been Hacked

DoorDash Data Breach: How to Tell if You’ve Been Hacked

Remember when home-cooked meals happened six nights a week instead of just during the holidays? I don’t really do either. Delivery is indeed a major convenience though. From groceries and prescriptions to corporate lunches, family dinners and late night snacks, if you can order it on an app, such as Uber Eats, it can be on your doorstep in about an hour. Yes, delivery is a major convenience but, just like with everything in life, there are risks and your data can be compromised. Just ask the almost $5 million DoorDash users, merchants and workers who were recently hacked. Hits a little too close to home.

 

Consumer behavior, along with the concept of dinnertime itself, have both evolved in the past few years, making food delivery one of the the newest up and coming fads. The industry, referred to as third party logistics, is experiencing “unprecedented growth to the tune of $43 billion in deliveries (2018) and is forecasted to rise to $76 billion by 2022.” As reported in Barron’s, GrubHub this past spring was losing the food-delivery war with DoorDash stealing the show. “For the industry, DoorDash’s pace of share gain is the dominant trend,” reported KeyBanc analyst Andy Hargreaves, March, 2019. DoorDash just recently surpassed Uber Eats as the second-largest food-delivery service in the U.S. after GrubHub. We regularly use all three providers, but with a preference for DoorDash only because of the availability of restaurant choices.

 

What actually was hacked?

The latest report according to Business Insider, detailed that the breach occurred in May and affects some users who started using the DoorDash app before April 5, 2018…. “DoorDash said an unauthorized third party was able to access some users’ profile information, including names, email addresses, delivery addresses, order history and phone numbers.” The article continued to report that the last four digits of some consumers’ credit cards were also accessed, but not full card numbers or CVVs. “For some delivery workers and restaurants, the unauthorized third party accessed the last four digits of bank-account numbers.” DoorDash did announce that the “credit card and banking information is not sufficient to make fraudulent charges or withdrawals.” That gives us a little peace of mind. Maybe.

 

How do you know if you were hacked?

DoorDash reported to Business Insider that it had begun contacting people affected by the data breach and will continue to do so as they become known. The company did recommend that even those who hadn’t been contacted by DoorDash regarding the breach should still change their password immediately to be safe.

 

– If you signed up for DoorDash after April 5, 2018, your data is likely safe. If you can’t recall when you signed up, contact them to find out.

– Check your bank account(s) which are tied to your DoorDash account for fraudulent activity. Hackers count on people not reviewing every item on their credit card and bank statements.

– Contact your identity theft solutions provider immediately and especially if you notice anything “off” in your statement(s).

– Do you use the same password for multiple accounts? We recommend that your passwords are updated on a routine basis and that the same one isn’t used across multiple accounts.

 

Hackers will continue to hack. That is a definite certainty in this day and age. When we set up any type of home delivery, it is unnerving to not be able to trust that they will keep us safe as well as our food. Maybe we all should go back to those home-cooked meals … now, how do you turn the oven on again?

 

Need help? Our Member Services team is here for you 24/7/365. Call us at 888.966.GUARD (4827) or email memberservices@guardwellid.com.

 

References:

Fortune. Morris, Chris. “DoorDash Data Breach: What to Do If Your Account Was Compromised.” September 27, 2019.

Business Insider. Holmes, Aaron. “DoorDash Hack: How to Tell If You’re Affected.” September 26, 2019.