PayPal Credential Stuffing Breach
by Artie Kaye
The online payment company filed reports about the breach, which took place in December from the 6th to the 8th. The resulting investigation found that information was accessible by people not associated with the accounts. 34,942 accounts were compromised. PayPal did not find evidence of funds transfers. Credential stuffing attacks attempt to login by submitting known passwords and usernames, attempting to find valid combinations. These types of attacks can be used to verify login information found on a different site, and once verified they become valuable to certain people. Diversifying your passwords across platforms, and having stronger passwords for financial institutions can help protect you. Password managers are a valuable tool as well due to the random nature of the generated passwords.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
T-Mobile Data Breach
by Artie Kaye
This is the 8th breach the company has suffered since 2018; approximately 37.5 million users’ information was exfiltrated this time. The access point was an application programming interface security hole, software which allows different programs, websites, or devices to communicate with each other. Names, billing addresses, phone numbers, email addresses, and dates of birth are among the data accessed between around November 25th, 2022 and January 6th, 2023. They have reported this breach to governmental agencies and are cooperating with law enforcement. The company is contacting affected customers.
Third-Party References:
Click the links below to learn more details. (Opens in a new tab/window.)
Patches for the Week
by Artie Kaye
This week sees patches from Cisco, Drupal, and Oracle.
Cisco
Cisco released two patches, one high severity and one medium severity.
Drupal
Drupal has four that it lists as moderate severity.
Oracle
Lastly, Oracle has released multiple patches of varying severity.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)