Security News

Data breaches, Fortnite flim-flam, and a whammy of a cyberattack

Avast Security News Team, 29 June 2018

Two online services suffered data breaches this week and Ukraine reported signs of a planned large-scale attack.

Data breach #1: Ticketmaster UK

On Wednesday, Ticketmaster UK alerted customers their data may have been stolen due to malware found in one of its customer support products. The infected product, hosted by third-party supplier Inbenta Technologies, was disabled as soon as the malware was discovered, reports Ticketmaster UK in their official statement.

The international ticket distribution company claims that less than 5% of their global customer base was potentially affected, and that those customers have all been contacted with information about the attack and instructions to change their passwords. Victims are also being offered free account monitoring for 12 months where any irregular purchases will be flagged. The Ticketmaster UK users who are vulnerable are those who purchased or attempted to purchase tickets between February and June 2018.

Because the Inbenta-supported product was also used on the Ticketmaster International website, the company is alerting all users of that site between September 2017 and June 2018 that they have have been compromised as well. The company says it is working with security experts to learn how the breach came about.

Data breach #2: Prince Hotels

Close to 125,000 guests of one of Japan’s largest hotel/resort chains have had their info compromised. While almost 67,000 had credit card info stolen, the other 58,000 had their personal data breached, such as contact info and booking details. All victims had stayed at one of the 43 hotel locations between May and August 2017.

The data was breached through a hack of the hotel’s official foreign-language website on June 15 and 17 this year. Fastbooking, which runs the website, stated it was bolstering security in the wake of the hack and that a third party is investigating the matter. In the meantime, the website is temporarily down and reservations can only be made through email. Prince Hotels President Masahiko Koyama has issued a public apology, adding, “We will work hard on the investigation to find the cause and prevent any recurrence.” So far, there have been no reports of the hacked data being used.

Data breach #3: Equifax — the aftermath

State financial regulators from Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina, and Texas asked Equifax to sign a consent order that lays out additional security steps the credit bureau must take lest it face punitive action. The new measures include annual security audits, close monitoring of outside vendors, and improving patch management controls, among others. Equifax readily agreed to the order, stating that many of the requests had already been addressed.

The Equifax data breach last year affected over 143 million Americans and is one of the largest data breaches on record. Authorities are still investigating how Equifax safeguards its data, and the new consent order makes Equifax accountable for more proactive security.

Ukraine warns of imminent cyberattack

Ukrainian cyber police chief Serhiy Demedyuk told Reuters on Tuesday that he believes the stage is being set for a cyberattack on a scale as massive as the NotPetya attack in 2017. He reports that Russian hackers have been setting up “back doors” in the computer systems of Ukrainian companies, banks, and infrastructure firms in a systematic and coordinated way. Analysis of the malicious software, states Demedyuk, suggests “that this is all being done for a specific day.”

Ukraine claims Russia has been waging cyberwarfare ever since relations plunged when Russia annexed Crimea in 2014. Many large-scale attacks like NotPetya have originated in Ukraine before spreading to the rest of the world, and several have fallen on Ukrainian holidays. While Ukraine is better equipped to defend against cyberattacks with help from foreign allies including NATO, Kiev cyber police are keeping a wary eye on upcoming holidays, including Independence Day in August. The Kremlin, for its part, denies all accusations of cyberattacks.

Android malware preys on Fortnite fever

Fortnite is one of the hottest apps of the moment with 125 million users seemingly addicted to the role-playing survival game. Epic Games released the title on just about every platform so far, but the Android version is still in development, due later this summer.

Malware developers are taking advantage of the fan frenzy by posing malicious programs as the Fortnite game for Android users. Anybody looking up “Fortnite for Android” on YouTube will find a host of videos that have links in the comments claiming to be the game. Once the victims download the malware-riddled phony app and launch the “game,” they may be treated to an official-looking Epic Games logo card, but then they are told they will unlock Fortnite only if they first download and play another game. Then, that game will lead to another, and so on, dropping the user into a rabbit hole of downloads with the false promise of Fortnite at the end of it. While the phony app is not necessarily harmful, it is maddening and deceitful to the user while being lucrative for the malware developers, who get paid per download.



Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.