{"id":36767,"date":"2021-02-20T07:00:55","date_gmt":"2021-02-20T05:00:55","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=36767"},"modified":"2025-08-29T07:59:13","modified_gmt":"2025-08-29T04:59:13","slug":"attack-on-a-crypto-exchange-yandex-data-leak-and-other-cybersecurity-developments","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/attack-on-a-crypto-exchange-yandex-data-leak-and-other-cybersecurity-developments\/","title":{"rendered":"Attack on a crypto exchange, Yandex data leak and other cybersecurity developments"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">We\u2019ve gathered the most important cybersecurity news from the past two weeks.<\/span><\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>Hackers gained access to user data of cryptocurrency exchange KeepChange.<\/li>\n<li>An employee at Yandex provided access to users&#8217; email accounts.<\/li>\n<li>In China, the Clubhouse social network was blocked amid a surge in popularity. Experts warned that the Chinese government could have access to user data.<\/li>\n<li>Facebook restricted news for residents of Australia, and access to Australian media content worldwide.<\/li>\n<\/ul>\n<\/div>\n<p><!--more--><\/p>\n<h2 class=\"wp-block-heading\"><b>Yandex disclosed an internal leak of user data<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">In Yandex,<\/span> <a href=\"https:\/\/yandex.ru\/company\/press_releases\/2021\/2021-02-12\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">they reported a breach affecting 4,887 Yandex.Mail inboxes<\/span><\/a><span style=\"font-weight: 400;\"> caused by an employee.<\/span><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><span style=\"font-weight: 400;\">&#8220;This was one of three system administrators with the access rights required to perform the tasks needed to support the service,&#8221; the company said.<\/span><\/p>\n<\/blockquote>\n<p><span style=\"font-weight: 400;\">Unauthorized access to the compromised mailboxes has been blocked, and victims have been notified to change their passwords. An investigation is underway.<\/span><\/p>\n<h2 class=\"wp-block-heading\"><b>Hackers breached the KeepChange exchange and gained access to user data<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Cryptocurrency platform KeepChange was the target of a hacking attack, resulting in a data breach.<\/span><\/p>\n<blockquote class=\"wp-block-quote twitter-tweet is-layout-flow wp-block-quote-is-layout-flow\">\n<p dir=\"ltr\" lang=\"en\">Data Breach at KeepChange<a href=\"https:\/\/t.co\/PtWT4u8s62\">https:\/\/t.co\/PtWT4u8s62<\/a><\/p>\n<p>\u2014 KeepChange (@KeepChange_io) <a href=\"https:\/\/twitter.com\/KeepChange_io\/status\/1358890426686668800?ref_src=twsrc%5Etfw\">February 8, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The project team said that &#8220;not a single bitcoin was stolen,&#8221; however user data were compromised. Hackers gained access to names, email addresses, details about the number and amount of transactions, and hashed passwords.<\/p>\n<p>In KeepChange, withdrawals were paused and they urged users to change passwords as soon as possible and enable two-factor authentication.<\/p>\n<h2 class=\"wp-block-heading\">Facebook began restricting news in Australia over a new law<\/h2>\n<p><span style=\"font-weight: 400;\">From 17 February, Facebook<\/span> <a href=\"https:\/\/about.fb.com\/news\/2021\/02\/changes-to-sharing-and-viewing-news-on-facebook-in-australia\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">blocked<\/span><\/a><span style=\"font-weight: 400;\"> Australian media from publishing content, and users in the country cannot view local or international news via the platform. Users in other countries also cannot share posts from Australian media.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This move followed a proposed bill under which digital platforms would have to pay media for publishing and distributing their content.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Facebook did not back down, arguing that hosting news on the platform helps distribution and monetisation for media outlets.<\/span><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><span style=\"font-weight: 400;\">&#8220;Such actions merely confirm the concerns that an increasing number of countries express about the behavior of tech firms that consider themselves above governments and rules. They can change the world, but that does not mean they rule it,&#8221;<\/span> <a href=\"https:\/\/www.facebook.com\/scottmorrison4cook\/posts\/3992877800756593\"><span style=\"font-weight: 400;\">said<\/span><\/a><span style=\"font-weight: 400;\"> Australian Prime Minister Scott Morrison.<\/span><\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\"><b>A database with more than 3 billion stolen records put up for sale<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">On the RaidForums cybercrime forum, a database containing about 3.27 billion &#8220;unique combinations of email addresses and passwords&#8221; was posted, <a href=\"https:\/\/threatpost.com\/billions-passwords-cyber-underground\/163738\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">ThreatPost<\/span><\/a> reports. It was priced at just $2.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The database is a compilation of data obtained from previous breaches. It includes data from Netflix, LinkedIn, Exploit and other platforms.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to the seller going by Singularity0x01, the database was built on the basis of a previous 1.4 billion-record compilation.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Experts noted that some files in the database were corrupted or missing, and the total size appeared smaller than claimed. RaidForums later permanently banned Singularity0x01 for \u201cleakage of hidden content.\u201d<\/span><\/p>\n<h2 class=\"wp-block-heading\"><b>Experts reveal the most popular passwords leaked online<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Analysts named the passwords that appeared most often in 2019\u20132020 breaches. Among them are 123456, picture1 (test1 in 2019) and password. Analysts advise changing your password if it is on the list.<\/span><\/p>\n<blockquote class=\"wp-block-quote twitter-tweet is-layout-flow wp-block-quote-is-layout-flow\">\n<p dir=\"ltr\" lang=\"en\">If you find your password on this list published by security application provider <a href=\"https:\/\/twitter.com\/NorthpassHQ?ref_src=twsrc%5Etfw\">@NorthpassHQ<\/a>, it might be wise to make a change. <a href=\"https:\/\/t.co\/eXMaxb1lMV\">https:\/\/t.co\/eXMaxb1lMV<\/a> <a href=\"https:\/\/t.co\/t2w6M1WKkH\">pic.twitter.com\/t2w6M1WKkH<\/a><\/p>\n<p>\u2014 Statista (@StatistaCharts) <a href=\"https:\/\/twitter.com\/StatistaCharts\/status\/1359442042791866368?ref_src=twsrc%5Etfw\">February 10, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2 class=\"wp-block-heading\">More than 100 financial services firms were targeted by DDoS attacks<\/h2>\n<p>In 2020, more than 100 financial-services firms worldwide fell under the gaze of hackers orchestrating DDoS strikes. This is according to the FS-ISAC.<\/p>\n<blockquote class=\"wp-block-quote twitter-tweet is-layout-flow wp-block-quote-is-layout-flow\">\n<p dir=\"ltr\" lang=\"en\">More than 100 <a href=\"https:\/\/twitter.com\/hashtag\/financialservices?src=hash&#038;ref_src=twsrc%5Etfw\">#financialservices<\/a> firms across the globe were targets of a wave of DDoS attacks in 2020. See our latest release for how cross-border <a href=\"https:\/\/twitter.com\/hashtag\/cyberintel?src=hash&#038;ref_src=twsrc%5Etfw\">#cyberintel<\/a> sharing helps protect firms from evolving threats. <a href=\"https:\/\/t.co\/vjloWc8Dfw\">https:\/\/t.co\/vjloWc8Dfw<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/daretoshare?src=hash&#038;ref_src=twsrc%5Etfw\">#daretoshare<\/a> <a href=\"https:\/\/t.co\/GE426H1teC\">pic.twitter.com\/GE426H1teC<\/a><\/p>\n<p>\u2014 FS-ISAC (@FSISAC) <a href=\"https:\/\/twitter.com\/FSISAC\/status\/1359155699595550729?ref_src=twsrc%5Etfw\">February 9, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><span style=\"font-weight: 400;\">Companies received threat emails promising further attacks and ransom. The Wall Street Journal notes attackers began by targeting individual companies to demonstrate their capabilities, and threatened to escalate. Initially they demanded ransom from $200,000 to $350,000 in bitcoin.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The attackers claimed ties to the Fancy Bear and Lazarus groups. However, the FBI stated they were simply trying to intimidate their victims.<\/span><\/p>\n<h2 class=\"wp-block-heading\"><b>Microsoft fixed more than 50 vulnerabilities in its products<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Microsoft <a href=\"https:\/\/msrc-blog.microsoft.com\/2021\/02\/09\/multiple-security-updates-affecting-tcp-ip\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">patched over 50 bugs<\/span><\/a><span style=\"font-weight: 400;\">, including a zero-day vulnerability that attackers had already exploited.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Windows TCP\/IP stack also received fixes for three vulnerabilities that could allow control of the systems.<\/span><\/p>\n<h2 class=\"wp-block-heading\"><b>China blocks Clubhouse<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Chinese authorities blocked the Clubhouse social network, which had been rapidly gaining popularity worldwide.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to South China Morning Post, Clubhouse spread quickly in China because users had a rare chance to discuss political issues.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">TechCrunch reports that since last Monday, users on the mainland can no longer access the app, though the site remains unblocked.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Stanford Internet Observatory reports that part of Clubhouse&#8217;s infrastructure is run by the Shanghai-based Agora software vendor, which also has an office in the United States. User IDs are transmitted in plaintext over the internet.<\/span><\/p>\n<blockquote class=\"wp-block-quote twitter-tweet is-layout-flow wp-block-quote-is-layout-flow\">\n<p dir=\"ltr\" lang=\"en\">\ud83d\udce2 New work out today from our Tech team &amp; China research team: <a href=\"https:\/\/twitter.com\/joinClubhouse?ref_src=twsrc%5Etfw\">@joinClubhouse<\/a> app recently became popular in \ud83c\udde8\ud83c\uddf3. We looked at its data security practices &amp; found a potential risk to mainland Chinese users.<\/p>\n<p>\ud83d\udd17 <a href=\"https:\/\/t.co\/EFQp5c633D\">https:\/\/t.co\/EFQp5c633D<\/a><\/p>\n<p>Here are our key findings \ud83d\udc4b\ud83e\uddf5\u2935\ufe0f<\/p>\n<p>(1\/8)<\/p>\n<p>\u2014 Stanford Internet Observatory (@stanfordio) <a href=\"https:\/\/twitter.com\/stanfordio\/status\/1360423156356325377?ref_src=twsrc%5Etfw\">February 13, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><span style=\"font-weight: 400;\">Thus, researchers suggested that Chinese authorities could access user data from Clubhouse.<\/span><\/p>\n<h2 class=\"wp-block-heading\"><b>Google to introduce anti-tracking features in Android<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Google aims to follow Apple&#8217;s lead and is exploring a version of anti-tracking in Android, Bloomberg reports, citing familiar sources.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to the publication, engineers are weighing how to limit data collection and cross-app tracking in Android, although the new feature would be less radical than Apple&#8217;s.<\/span><\/p>\n<h2 class=\"wp-block-heading\"><b>US police request Amazon Ring footage to track Black Lives Matter protesters<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The Electronic Frontier Foundation gained access to emails showing that Los Angeles Police Department requested data from Amazon Ring doorbell cameras.<\/span><\/p>\n<blockquote class=\"wp-block-quote twitter-tweet is-layout-flow wp-block-quote-is-layout-flow\">\n<p dir=\"ltr\" lang=\"en\">When we asked for more info on what, specifically, LAPD was investigating, they responded with \u00abcriminal behavior.\u00bb LAPD also redacted the dates, times, and number of hours of footage sought. <a href=\"https:\/\/t.co\/OOf6y9vClp\">https:\/\/t.co\/OOf6y9vClp<\/a><\/p>\n<p>\u2014 EFF (@EFF) <a href=\"https:\/\/twitter.com\/EFF\/status\/1361725419527888899?ref_src=twsrc%5Etfw\">February 16, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><span style=\"font-weight: 400;\">Requests for footage relate to last year&#8217;s Black Lives Matter protests, media reports say. Civil-liberties groups note that the growing use of surveillance tools during protests poses an &#8220;incredible risk&#8221; to civil rights:<\/span><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><span style=\"font-weight: 400;\">&#8220;People have fewer opportunities to exercise their rights to political speech, protest and assembly if they know the police can obtain video of these actions simply by sending letters to people with Ring cameras.&#8221;<\/span><\/p>\n<\/blockquote>\n<p><span style=\"font-weight: 400;\">Also on ForkLog:<\/span><\/p>\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400;\">The media reported that hackers attacked KIA Motors America and <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-attack-kia-motors-america-and-demand-20-million-in-bitcoin\"><span style=\"font-weight: 400;\">demanded $20 million in bitcoin<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">US authorities <a href=\"https:\/\/u1f987.com\/en\/news\/u-s-authorities-indict-three-north-korean-hackers-in-theft-of-more-than-1-3-billion\"><span style=\"font-weight: 400;\">charged<\/span><\/a> three North Korean hackers in the theft of more than $1.3 billion.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">EXMO exchange <a href=\"https:\/\/u1f987.com\/en\/news\/exmo-exchange-hit-by-ddos-attack\"><span style=\"font-weight: 400;\">was subjected to a DDoS attack<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Hacker <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-drains-37-5-million-from-cream-finance-defi-protocol\"><span style=\"font-weight: 400;\">withdrew tokens worth $37.5 million<\/span><\/a><span style=\"font-weight: 400;\"> from the DeFi protocol Cream Finance.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">In Ukraine, <a href=\"https:\/\/u1f987.com\/en\/news\/ukraine-arrests-suspects-linked-to-egregor-ransomware-operators\"><span style=\"font-weight: 400;\">arrested<\/span><\/a><span style=\"font-weight: 400;\"> suspects linked to the Egregor ransomware.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">The Cyberpunk 2077 and The Witcher designer <a href=\"https:\/\/u1f987.com\/en\/news\/cd-projekt-red-hit-by-ransomware-attack\"><span style=\"font-weight: 400;\">suffered a ransomware attack<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Europol <a href=\"https:\/\/u1f987.com\/en\/news\/europol-outlines-arrests-in-sim-swapping-operation-that-netted-over-100m-in-cryptocurrency\"><span style=\"font-weight: 400;\">announced<\/span><\/a> the arrest of hackers <a href=\"https:\/\/u1f987.com\/en\/news\/europol-outlines-arrests-in-sim-swapping-operation-that-netted-over-100m-in-cryptocurrency\"><span style=\"font-weight: 400;\">who stole $100 million in cryptocurrency<\/span><\/a><span style=\"font-weight: 400;\"> using SIM-swapping.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Blockfolio <a href=\"https:\/\/u1f987.com\/en\/news\/blockfolio-hacked-to-push-offensive-messages-users-funds-safe\"><span style=\"font-weight: 400;\">was hacked for the purposes of an abusive mailing list<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Ransomware operator Ziggy <a href=\"https:\/\/u1f987.com\/en\/news\/ziggy-ransomware-halts-operations-hacker-publishes-decryption-keys\"><span style=\"font-weight: 400;\">shut down<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">The UN <a href=\"https:\/\/u1f987.com\/en\/news\/un-north-korea-used-stolen-cryptocurrencies-to-advance-its-nuclear-weapons-programme\"><span style=\"font-weight: 400;\">stated<\/span><\/a><span style=\"font-weight: 400;\"> that North Korea used stolen cryptocurrency to advance its nuclear weapons program, and linked the KuCoin hack to DPRK hackers. Chainalysis <a href=\"https:\/\/u1f987.com\/en\/news\/chainalysis-links-lazarus-to-kucoin-hack-worth-280m\"><span style=\"font-weight: 400;\">confirmed<\/span><\/a><span style=\"font-weight: 400;\"> the latter.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Experts described the legality of monitoring protesters <\/span><a href=\"https:\/\/u1f987.com\/en\/news\/experts-assess-the-legality-of-locating-protesters-using-surveillance-footage\"><span style=\"font-weight: 400;\">using surveillance data<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><b>What to read this weekend?<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Since mid-December, the SolarWinds software supply chain attack has drawn enormous attention from U.S. intelligence and cybersecurity professionals worldwide.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">ForkLog explored why this breach is regarded as one of the biggest attacks on American government systems in recent years.<\/span><\/p>\n<p>Subscribe to ForkLog news on Telegram: <a href=\"https:\/\/t.me\/forklogfeed\" target=\"_blank\" rel=\"nofollow noopener\">ForkLog Feed<\/a> \u2014 the full feed of news, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019ve gathered the most important cybersecurity news from the past two weeks.<\/p>\n","protected":false},"author":1,"featured_media":36768,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-36767","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"39","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/36767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=36767"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/36767\/revisions"}],"predecessor-version":[{"id":36769,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/36767\/revisions\/36769"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/36768"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=36767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=36767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=36767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}