Following allegations that millions of email credentials had been compromised, Google has refuted accusations of a significant security breach at Gmail. The business stressed that the accusations were not based on a fresh attack against Gmail but rather on a misinterpretation of previously stolen material that was making the rounds online.
“Reports of a ‘Gmail security breach impacting millions of users’ are false,” Google’s official X account, News, said on October 28. Because of Gmail’s robust defences, users are always safe. According to the post, the false claims were caused by “a misunderstanding of infostealer databases,” which commonly aggregate information from different online credential theft events. Google claims that these collections don’t point to a new attack on Gmail or any other particular platform.
Troy Hunt First Person to Report Breach in Gmail
Troy Hunt, an Australian cybersecurity expert and the creator of the breach notification platform “Have I Been Pwned”, disclosed that a huge 3.5-terabyte database comprising over 183 million email credentials had leaked online, sparking the uproar. According to Hunt, the data may include Gmail accounts, among other providers, and is purportedly made up of information from multiple previous thefts.
The New York Times brought the leak to the attention of the world by mentioning Hunt’s recommendation that visitors visit HaveIBeenPwned.com to see if their personal information has been exposed. The website allows users to enter their email addresses to check if they are listed in any known breaches and to obtain details about the time and location of the data exposure.
Google Asks Users to Strengthen their Accounts
Google reaffirmed its recommendation for customers to improve account security, even though it insists that Gmail has not been compromised. The internet giant advised everyone to reset credentials if they were found in public data sets, use passkeys as a safer substitute for passwords, and enable two-step verification. Additionally, Google stated that its security algorithms instantly identify and eliminate risks brought on by massive credential dumps, guaranteeing that impacted accounts are quickly resecured.
Google and ChatGPT Locking Horns
Alphabet’s market value plummeted by $150 billion on 21 October as a result of OpenAI’s release of ChatGPT Atlas, an AI-powered web browser. This was one of the biggest one-day market reactions to a tech product launch this year. A mysterious six-second movie showcasing browser tabs was uploaded to X to make the announcement.
CEO Sam Altman then said during a livestream that the browser is “a rare once-a-decade opportunity to rethink what a browser can be about.” Within hours following OpenAI’s statement, Alphabet shares dropped as much as 4.8% to $246.15, but they recovered considerably to settle down 2.4% at $250.46.
Quick Shots
•Google refuted claims of a major Gmail data breach
involving millions of leaked passwords.
•Company clarified the reports were based on old,
previously stolen data, not a new hack.
•Official statement on X (formerly Twitter):
“Reports of a Gmail security breach are false.”
•Troy Hunt, creator of Have I Been Pwned, first
flagged a 3.5 TB leaked database with 183 million email credentials.
According to cybersecurity researchers, they have recently discovered a vast database that contains over 16 billion usernames and passwords, rendering it the most significant data exposure in history.
As per recent reports, the passwords that were revealed were probably created by several thieves who stole usernames and passwords using different types of infostealing software.
It turns out that these login credentials were collected from a variety of sources, including developer portals, business platforms, social media, and VPNs. Between tens of millions to over 3.5 billion records with accounts from Google, Apple, Facebook, GitHub, Telegram, and other platforms were found in 30 publicly available datasets of varying sizes, according to the researchers.
According to the study, “none of the exposed datasets were reported previously,” with the exception of the Jeremiah Fowler-reported collection that included over 184 million passwords.
Blueprint of Mass Exploitation
Researchers go on to say that this is a roadmap for broad exploitation rather than merely a leak. Cybercriminals now have unparalleled access to personal credentials that may be exploited for identity theft, account takeover, and highly targeted phishing, since more than 16 billion login records have been made public.
The structure and recentness of these databases are particularly worrisome; they are not merely repeated breaches from the past. This is large-scale, new intelligence that can be used as a weapon. Additionally, these recently found datasets were only made available online for a short time utilising unprotected Elasticsearch and object storage instances.
This was sufficient for security researchers to find the dataset without discovering who was in possession of it. According to the research, most of the data that was exposed comes from “a mix of details from stealer malware, credential stuffing sets, and repackaged leaks.”
Furthermore, these databases probably contain some duplicate information, even though there is no way to compare them. Because of this, it is challenging to estimate the number of individuals impacted by the data breach.
Datasets Recovered Followed a Set Pattern
The majority of the information in these datasets had a specific format, consisting of a URL followed by a username and password. For those who don’t know, this is precisely how malware that steals information gathers and transmits it to threat actors.
The researchers also discovered that phishing efforts, ransomware attacks, business email compromises, and account takeovers frequently employ these massive datasets of usernames and passwords.
Tokens, cookies, and metadata were also included in these accessible datasets, making them risky for businesses and services without multi-factor authentication. Additionally, some of these were only referred to as “credentials” and “logins”.
There has been a lot of recent incidents related to data breaches from different companies which include the top companies in and around the country. The most recent data breach was reported by the well-known airline of India, Air India. Let’s look at the information about the data breach faced by the airline.
Air India has conveyed that the data of millions of passengers have been compromised due to a cyber attack and it involves the personal data of the passengers registered between 26 August 2011 and 20 February 2021.
The airline has announced that the data breach had taken place due to a breach from the SITA passenger service system and the data breach involved the information of around 45 lakh passengers.
What is SITA?
SITA is a technology based company which is located in Switzerland. The company specializes in information technology and air transport communications. The country that was started with a 11-member airline now has a customer base of 2,500 customers in more than 200 countries across the globe.
Some of the services offered by the company include reservation systems, passenger processing, etc. In the year 2017 Air India had entered into a deal with SITA to enable the airlines to join Star Alliance by updating its IT infrastructure.
In the month of March, Air India had communicated that SITA had been under a cyberattack in the last week of February which led to the leakage of personal information of its passengers.
The company in a statement had mentioned that the data of around 45 lakh passengers have been compromised due to the cyber attack from across the world. The personal data that were registered in between 26 August 2011 and 20 February 2011 have been compromised.
The company has conveyed that the data that were breached during the cyber attack included the name, date of birth, contact details, passport information, ticket information, frequent flyer data and even the credit card information.
Steps taken by Air India after the Data Breach
The airlines have conveyed that it would launch an investigation into the incident. Other than this they have conveyed that, they have taken steps to secure the compromised servers, engaging certain external specialists of data security incidents, resetting passwords of its frequent flyer programme and contacting the credit card customers.
This data breach would affect you as an individual only if you have used to airline services in between the mentioned dates. The important point is that the credit card information has also been compromised and it can be a threat to your credit card.
However, Air India has assured its passengers that they were no evidence of any misuse of the compromised data, the airline has asked everyone to change the passwords of their confidential data which includes your credit card password and frequent flyer programme.
FAQ
What data got leaked in the Air India data breach?
The personal data of around 45 lakh passengers were leaked, which includes name, date of birth, contact details, passport information, ticket information, frequent flyer data and even the credit card information.
How did Air India faced a data breach?
Air India announced that the data breach had taken place due to a breach from the SITA passenger service system.
Who took over Air India?
Tata Sons Ltd were the frontrunner in acquiring Air India.
Conclusion
Cyberattacks have been reported frequently by different companies and are posing a serious threat towards the privacy of individuals. The rise in digitalization across the globe has led to an increase in the cyber crimes and cyber attacks by the criminals.
Upstox is the leading discount broker in the country. Upstox was formerly known as RKSV technologies. Upstox is backed by some of the top investors in the country which include Tiger Global and Ratan Tata. The company has nearly 30 Lakh users making it the second-largest stockbroker in the country.
Over the last few years, Upstox has increased its client base and ramped up its operations because of the easy availability of Smart Phones and cheap data prices. Recently Upstox had signed up with the Board of Cricket in India to be one of the sponsors of the Indian Premier League (IPL)
The company has announced and passed on an alert to their customer of the data breach. Let’s look at the further details of the data breach.
Retail broking firm and one of the leading discount brokers of the country Upstox had alerted its customers that there has been a data breach in the company. They have told that details such as contact data and KYC details of the customers have been breached.
A spokesman of the company through an email statement had said that the hackers’ group has put the sample of the data on the Dark Web. The spokesman of the company added on saying that for now, the company is not exactly sure about the certainty of the number of customers whose data has been exposed.
It is estimated that around 25 lakhs of its customers KYC data and contact numbers have been gained access by the hackers. This incident has happened in the midst of data breaches in some of the leading domestic companies and global giants such as LinkedIn, Facebook and Mobikwik.
The company has said that they had received receipts of emails that claimed unauthorized access to their databases. In response to it, the company has appointed a leading international cyber-security firm that will investigate the possibilities of the data breach of KYC details of customers. They would investigate on the KYC data stored in third-party data warehouse systems.
The spokesman of the company has added that as a proactive measure the company has taken steps to initiate multiple security enhancements which will particularly concentrate on the third-party warehouses.
The company has also taken steps to increase real-time monitoring to 24/7 and adding an additional ring-fencing to its network said the spokesman of the company.
He added that the company has ensured to restrict the access to the databases which has impacted in the breach. The company has also added multiple security enhancements at all third-party warehouses.
Upstox has taken measures to speed up its bug bounty programme to encourage the ethical hackers to stress-test its systems and protocols. This is a step taken by the company where it makes ethical hackers to hack into their systems to understand the vulnerabilities and identify the problems in the safety of the company’s data. This activity will be undertaken from time to time in regular intervals.
The company has taken an abundant caution towards the security of the customers. The company has taken the initiative to provide a secured password reset through OTPs for all its customers. The company has said that they take the safety of customers very seriously.
The CEO of the company Ravi Kumar has said that this time the company has strongly fortified its systems to the most highest standards to ensure higher safety.
The company has always made the customers to use unique passwords that are strong. They have ensured that the customers would change their passwords in regular intervals and stressed on not to share their OTPs with anyone.
The company has said that it has also taken steps to warn the customers about the online frauds and to double-check the legitimacy of the links and senders. They have asked the customers to keep a check on the OTPs they receive and the ones they have requested.
Upstox has always asked its customers to report and alert the service providers if they notice such activities.
The spokesperson of Upstox has said that, the funds and securities of all Upstox customers are safe and have been protected by the company.
Ravi Kumar who is the CEO and Co-founder of the company has also tweeted about it saying that funds and securities of the customers are protected and kept safe by the company.
FAQ
Is Upstox funded by Ratan Tata?
Yes. Upstox is an online discount stock broker backed by funding from Mr. Ratan Tata. He held 1.33% stake in the company As of Jan 2020.
Who is owner of Upstox?
Founders of RKSV Securities (Changed to Upstox Later) are Ravi Kumar, Raghu Kumar and Shrinivas Viswanath are the owner of Upstox.
Is Upstox SEBI registered?
Yes, It is registered with the Securities & Exchange Board of India (SEBI) as a stock broker.
Conclusion
These are the steps taken by Upstox regarding their data breach.
On 2 April 2021, around 533 million Facebook users data were leaked in a low level hacking forum. The published information includes Phone numbers and personal data. The data was leaked online and uploaded for free in low level hacking forums.
The data breach was found by the co-founder and the Chief Technical Officer of Hudson Bay, Alon Gal. Hudson Bay is a cybersecurity firm. He found the cache of the leaked data online on 3 April 2021.
According to Alon Gal, all your details on Facebook which include your name, occupation, gender, marital status, relationship status, the date of joining on Facebook, the place where you work, the date of joining your occupation, your Facebook bio, etc. He said in some cases even your Email ids and Phone numbers would have been leaked on the internet.
It is said that the exposed data includes the personal information of 533 million users across 106 countries. It is estimated that 36 million personal information has been leaked from the U.S, 11 million users personal information has been leaked from the U.K and around 6 million users personal information has been leaked from India, 8 million personal information from Brazil 3.8 million users personal information from Bangladesh, 1.2 million users personal information from Australia, etc.
These are some of the major countries whose users data have been released on the internet.
Previous Data Breach of Facebook
This is not the first time the data from Facebook has been leaked on the internet. In the year 2019 the same data, the data of 419 million users was leaked. It was being sold on telegram an instant messaging platform by charging a fee of $20 per search.
2019 Facebook Data Leak
Similarly, the data was leaked in the month of June 2020 as well. Now the data has been leaked again and this time anyone who requires the data can access it for free from low level hacking forums. It is easily accessible to any individual who can misuse it.
Alon Gal has said that he discovered the leaked data in the month of January 2021 for the first time. It was through an advertisement by a hacking forum of an automated bot. The automated bot could provide phone numbers for hundreds of millions of Facebook users in return for a particular amount of money.
The Motherboard had reported on that bot’s existence during that point of time and also verified that the data was legitimate. He added that if you have a Facebook account then it is extremely likely that the phone number you used for your account was leaked online. Cyber researcher Dave Walker confirmed that Mark Zuckerberg’s data was also leaked that revealed that he uses its competitors Signal messaging app.
Regarding the #FacebookLeak, of the 533M people in the leak – the irony is that Mark Zuckerberg is regrettably included in the leak as well.
The leaked data is easily accessible by anybody on the internet. It can be used on different individuals for various cybercrimes. The details can be used and exploited by advertisers to target their set of customers to push targeted advertisements.
The data can also be used by hackers to perform hacking attempts or social media engineering attacks. In simple terms, they can use your data to hack your social media profiles. Even an individual with the basic level or underdeveloped data skill can use the leaked data to perform certain Cybercrimes.
In the year 2018, it was said that the political firm called Cambridge Analytica had mined the data from 50 million Facebook profiles. The firm had mined and gathered the data and later used it to help the political candidate from across the globe to target their candidates and making them win the elections. This was also covered in a Netflix documentary – The Great Hack.
2018 Facebook-Cambridge Analytica Scandal
This was revealed after the backdrop of the U.S presidential elections of 2016 and the referendum of Brexit.
According to Alon Gal, the leaked data could provide valuable information to cybercriminals who use people’s information to scam them or impersonate them into handing over their login credentials.
He also said that the huge information and the phone numbers which are leaked on the internet will lead certain bad actors to easily take advantage of the data.
India is yet to have a strict data protection regulatory bill. Several countries in the West have Data Protection Regulation. In India, a bill names the Personal Data Protection bill is yet to be passed in the Lok Sabha. It has been pending since 2019.
The bill is said to contain certain provisions regarding to the breach of personal data. However, one can rely on sections 43A and 72A of the Information Technology Act of 2000. This article provides compensation in the case of improper disclosure of personal information.
From a security point of view, there is nothing much Facebook can do about the data leak of the users since it is already leaked on the internet and it has affected the users said, Alon Gal.
FAQ
How did Facebook leak data?
The recent data breach is believed to relate to a vulnerability which Facebook reportedly fixed in August of 2019. While the exact source of the data can’t be verified.
How to check if your Facebook data was leaked?
haveibeenpwned.com is a site developed by Australian web-security consultant Troy Hunt, where you can enter your phone number or email address and see the result.
How does Facebook make money from data?
Facebook makes most of its money by serving ads on the social media and messaging platforms it owns — Facebook, Messenger, Instagram, and WhatsApp. Advertisers pay Facebook to make their ads visible to people.
Conclusion
Alon Gal added on saying that what Facebook could possibly do is notifying users, so that they could stay cautious on certain phishing schemes or frauds using their personal data.
Online grocery store BigBasket has faced a massive data breach recently as the company had allegedly leaked the data of over two crore users on the dark web. BigBasket, funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and CDC group has filed a complaint in this regard with Cyber Crime Cell in Bengaluru.
According to media reports, Cyble, a cyber intelligence firm informed that the grocery e -commerce platform BigBasket has leaked data such as names, email IDs, password hashes, contact numbers, addresses, etc. on the dark web. Also, Cyble informed that a hacker has put the data on sale for over Rs 30 lakh.
Grocery e-commerce platform BigBasket
“In the course of our routine dark web monitoring, the research team at Cyble found the database of Big Basket for sale in a cyber crime market, being sold for over USD 40,000. The leak contains a database portion; with the table name ‘member_member’. The size of the SQL file is about 15 GB, containing close to 20 million user data,” according to Cyble.
Reacting to this, BigBasket said: “A few days ago, we learnt about a potential data breach at Bigbasket and are evaluating the extent of the breach and authenticity of the claim in consultation with cybersecurity experts and finding immediate ways to contain it. We have also lodged a complaint with the Cyber Crime Cell in Bengaluru and intend to pursue this vigorously to bring the culprits to book.”
Bengaluru based BigBasket also ensured that the confidentiality and security of customers is their priority and it does not store any financial data (including credit card numbers) etc. and is positive that this financial data is secure.
“The only customer data that we maintain are email IDs, phone numbers, order details, and addresses so these are the details that could potentially have been accessed. We have a robust information security framework that employs best-in-class resources and technologies to manage our information. We will continue to proactively engage with best-in-class information security experts to strengthen this further,” the statement by BigBasket read.
Cyble also claimed that the breach may have occurred on October 30, 2020 and it has already informed Bigbasket about it.
Recently, the Tata group announced that the company is in advanced talks to acquire online grocery startup-BigBasket.
According to reports, BigBasket is ready to sell a majority stake for about $1 billion to Tata group. However, both parties have not offered a response at the time of writing. Multiple reports also suggest that Tata group could splash around $500-700 million for a controlling stake as BigBasket is also looking to raise around $200 million from a fresh round of funding.
BigBasket, which boosts 26% investment from China’s Alibaba, rivals Walmart owned Flipkart and Amazon’s fresh. The investment from Tata group will reportedly buy out all of Alibaba’s shares.
