Categories
Tech Lite

Discord reveals data breach following support agent hack

In April, cyber-security researchers discovered a new malware that is distributed over Discord which has more than 300 million active users…reports Asian Lite News

Popular teenage chat platform Discord has started notifying users about a data breach following the compromise of a third-party support agent’s account.

According to BleepingComputer, the agent’s support ticket queue was compromised in the security breach, exposing user email addresses, messages exchanged with Discord support, and any attachments sent as part of the tickets.

The company said it immediately addressed the breached support account by disabling it once the incident was discovered.

“Due to the nature of the incident, it is possible that your email address, the contents of customer service messages and any attachments sent between you and Discord may have been exposed to a third party,” Discord said in letters sent to affected users.

“As soon as Discord was made aware of the issue, we deactivated the compromised account and completed malware checks on the affected machine,” it added.

Moreover, the company stated that it considers the risk to be minimal and advised users to remain alert for any signs of fraudulent or phishing messages or activity.

In April, cyber-security researchers discovered a new malware that is distributed over Discord which has more than 300 million active users.

The team from CyberArk Labs spotted the malware called Vare which uses Discord’s infrastructure as a backbone for its operations.

This malware is linked to a new group called ‘Kurdistan 4455’ based out of southern Turkey and is still early in its forming stage, according to security researchers.

ALSO READ-US data regulator threatens Meta over privacy violations

Categories
-Top News India News

6 in 10 Indians report personal data breach

It is clear that people believe financial institutions are failing in their responsibility to protect their personal data…reports Asian Lite News

As many as 6 in 10 Indians report personal data breach by their loan service providers while 4 in 10 blame insurance providers or banks, a new report has revealed.

Nearly 59 per cent with existing loans have been approached by alternate service providers to switch to another lending institution either via email, phone call, SMS and WhatsApp in the last five years, while 40 per cent of those with existing insurance policy/policies have been approached with detailed competitive offer, according to the report by online community platform LocalCircles.

Meanwhile, 34 per cent with bank accounts have been approached with offers to open a similar bank account. Out of them, 23 per cent had been approached several times and 11 per cent once or twice.

“This indicates a massive data breach as the sender has access to an individual’s personal loan data which is being used to send unsolicited loan offers,” the report showed.

“Citizens whose data got compromised by loan agencies, insurance companies and banks believe it was due to their weak data protection governance internally and externally,” the findings showed.

It is clear that people believe financial institutions are failing in their responsibility to protect their personal data.

Asked about how such data is getting compromised, the majority felt it was the weak internal and external governance at the financial institutions that was leading to it.

Also, 53 per cent felt that it was the service providers of these institutions that compromise their personal data, while 38 per cent felt employees were involved as well.

A sizable 43 per cent also felt that the institutions themselves were compromising their information or selling it, a big enforcement or communication gap that the financial institutions must plug.

ALSO READ-Top WhatsApp, Meta executives resign

Categories
-Top News China

China issues security warning after sale of stolen data

In an advert on a criminal forum, later removed, the user said the data was stolen from Shanghai National Police

Chinese President Xi Jinping has urged public bodies to “defend information security” after a hacker offered to sell stolen data of one billion Chinese citizens.

In an advert on a criminal forum, later removed, the user said the data was stolen from Shanghai National Police, the BBC reported.

The hacker claims the information includes names, addresses, National ID numbers and mobile phone numbers.

Cyber-security experts have verified that at least some of a small sample of the data offered is real.

The 23 terabytes of data is thought to be the largest ever sale of data on record and was being offered for $200,000 until the post was removed on Friday.

No Chinese officials have responded to the news and President Xi did not make direct reference to the data sale.

But, according to the South China Morning Post, the President has asked public bodies in China to “defend information security… to protect personal information, privacy and confidential corporate information” to ensure people feel secure when submitting data for public services.

On Friday, the moderators of the website where the sale was listed, by a user called ChinaDan, posted a notice which read: “Dear Chinese users, welcome to our forum. You most likely came here because of the Shanghai police database leak. The data is no longer being sold, and posts related to this topic have been deleted.”

The website administrators then added that they have many other similar and high quality Chinese databases for sale, adding: “We are not in China and we are not Chinese, so we do not have to obey Chinese laws,” the BBC reported.

According to DarkTracer, which monitors cyber criminal activity, another hacker, perhaps inspired by the publicity surrounding ChinaDan’s offer, posted an advert on Tuesday for 90 million Chinese citizen records, which the hacker claims to have stolen from Henan National Police (HNGA).

None of that data has been verified.

“It remains unclear exactly why the data has been withdrawn,” the BBC quoted Toby Lewis, global head of threat analysis at Darktrace, as saying.

“The original offer of sale suggests that the hacker was looking to sell the data to several buyers without exclusivity, rather than just one.

“So one theory is that for a high enough price exclusivity could have been bought, and that kind of purchase could possibly have been made by the Chinese state itself,” he added.

ALSO READ: Reshaping Hong Kong into China with controls, surveillance