Top 6 cyber-security incidents of July 2023

Hackers steal $20 Million from Revolut.

The Financial Times (FT), on July 9, reported that hackers exploited a vulnerability in the payment system of fintech Revolut and stole US$20,000,000.

According to reports, the cyber security incident lasted several months before 2022. According to FT sources, the software flaw caused communication problems between Revolut’s European and US Payment Systems. Revolut refunded accounts incorrectly when certain transactions were declined.

Malicious actors, including organized criminals, were able, through this system, to steal about $23 million from Revolut. Revolut was alerted by a US-based bank partner that the funds in its account were lower than expected. Revolut recovered some of the stolen money by pursuing these criminals, but the company still lost about $20 million.

DDoS attacks on fanfiction sites

On July 10, the fanfiction site Archive of Our Own (AO3) alerted its users that it had been the victim of a targeted distributed denial-of-service (DDoS) attack.

The site informed users about the cyber-attack on X (formerly Twitter) and explained why the area had been taken offline. AO3 assured its users they were “working on countermeasures” and promised that the site would soon be operational.

The site battled against the DDoS for over 28 hours before announcing that it had updated its cyber security controls and returned online.

Anonymous Sudan, an anonymous hacktivist collective claiming to be a terrorist Islamic group, claimed responsibility for the attack. The hackers claimed they took down the site because it was “against degeneracy and full of disgusting smuts, other LGBTQ+, and NSFW” things.

Many cyber security experts question the validity of Anonymous Sudan’s claim that it is a hacktivist organization motivated by a religious ideology, particularly a Muslim one.

AO3 released a statement about the true identity of the gang. They noted that even cyber security professionals do not believe Anonymous Sudan is telling the truth about their cyber attacks’ motivations. Therefore, they urged caution when believing the reasons given for targeting AO3.

Microsoft hack steals emails from US agencies.

Microsoft, a technology company, announced on July 14 that it had been the victim of “a threat actor based in China with espionage goals” who stole emails belonging to over 20 US organizations.

In a statement analyzing the hack, the company explained how the hackers, known as Storm-0558, had exploited a software weakness. The hackers were able to gain unauthorized access to the Microsoft email accounts for approximately 25 organizations, including US government agencies.

During the hacking, the malicious actor acquired an inactive MSA Consumer signing key and then used it to create authentication tokens to access OWA or using Azure AD enterprise. The hacker’s method of obtaining the MSA inactive key is unknown, and the investigation continues.

HCA Healthcare data breaches affect 11 million patients

HCA Healthcare in the US suffered a data breach that affected 11 million patients.

On July 10, the cyber-attack was discovered after patients’ personal information was posted online. HCA Healthcare released a statement about the breach, saying that the data had been stolen from an “external storage location used exclusively to automate email message formatting.”

The stolen dataset contained personal identifying information such as:

  • Names of patients, their cities, states, and zip codes.
  • Patients’ names, phone numbers, email addresses, dates of birth, gender, and date of birth.
  • Dates, locations, and service dates for upcoming appointments.

HCA Healthcare blocked access to third-party storage after discovering unauthorized access and data theft. The company contacted everyone affected by the breach.

HCA Healthcare announced that an investigation had been launched into the data breach and that the incident was reported to the appropriate authorities.

Hacker steals Estee Lauder data.

On July 18, the business processes of cosmetics company Estee Lauder were disrupted by a cyberattack.

A malicious actor stole data from the systems of Estee Lauder and disrupted its processes. Estee Lauder has not revealed how the hacker gained access to its systems.

The cosmetics company released a statement regarding the cyber-security incident. It said that it had shut down some of the affected systems and was working on restoring and securing the systems.

Estee Lauder announced that an investigation was launched to determine what data was stolen. Estee Lauder also confirmed that law enforcement officials and cyber security specialists were contacted about the cyber attack.

Roblox data breach exposes developer data.

On July 18, it was revealed that attendees of the Roblox Developer Conference from 2017-2021 could have had their data exposed.

Troy Hunt, the creator of Have I Been Pwned, broke the news about the data theft. A source sent Hunt an anonymous message stating that the personal data of all attendees at the Roblox Developer Conference was stolen and posted online. Leaked data included names, birthdates, emails, IP and home addresses, phone numbers, and email addresses.

Roblox announced on July 20 that it had contacted all affected users. “Minimally impacted users only received an apology email.” The company offered a year’s worth of identity protection to those more severely affected and apologized for the rest.

Leave a Reply

Your email address will not be published. Required fields are marked *