News for January 20, 2023


PayPal Credential Stuffing Breach

by Artie Kaye

The online payment company filed reports about the breach, which took place in December from the 6th to the 8th.  The resulting investigation found that information was accessible by people not associated with the accounts.  34,942 accounts were compromised.  PayPal did not find evidence of funds transfers.  Credential stuffing attacks attempt to login by submitting known passwords and usernames, attempting to find valid combinations.  These types of attacks can be used to verify login information found on a different site, and once verified they become valuable to certain people.  Diversifying your passwords across platforms, and having stronger passwords for financial institutions can help protect you.  Password managers are a valuable tool as well due to the random nature of the generated passwords.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)


T-Mobile Data Breach

by Artie Kaye

This is the 8th breach the company has suffered since 2018; approximately 37.5 million users’ information was exfiltrated this time.  The access point was an application programming interface security hole, software which allows different programs, websites, or devices to communicate with each other.  Names, billing addresses, phone numbers, email addresses, and dates of birth are among the data accessed between around November 25th, 2022 and January 6th, 2023.  They have reported this breach to governmental agencies and are cooperating with law enforcement.  The company is contacting affected customers.

Third-Party References:

Click the links below to learn more details. (Opens in a new tab/window.)


Patches for the Week

by Artie Kaye

This week sees patches from Cisco, Drupal, and Oracle.

Cisco

Cisco released two patches, one high severity and one medium severity. 

Drupal

Drupal has four that it lists as moderate severity.

Oracle

Lastly, Oracle has released multiple patches of varying severity.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)