419M Facebook user records leaked in data breach

Plus, ransomware hits yet another NY school district, a phishing scheme uses hacked SharePoint accounts, and a unique RAT targets Brazilian Android users.

A security researcher discovered an exposed server that contained several databases of information on over 419 million Facebook accounts, Tech Crunch reported. Predominantly listing users’ phone numbers and Facebook IDs, the server also exposed other bits of data such as gender, country, and full name for certain users. Sources say 133 million of the breached records pertain to U.S.-based Facebook users, while the rest expose accounts in the U.K. and Vietnam. Facebook made a policy change last year that disabled the feature allowing users to find each other using phone numbers, leading a Facebook spokesperson to deduce that the data on the exposed server is at least a year old. In the wrong hands, the leaked data could put users at risk of spam calls and SIM-swapping attacks. There is no evidence yet, however, that any user has been impacted by the breach.  Avast Security Evangelist Luis Corrons expects that Facebook will release more news about the server once the company conducts an internal investigation. “It seems clear,” he added, “that the less personal data users add to their Facebook profile, the better, as sooner or later that data will be compromised.”

This week's stat                                                                               

At least 600,000 GPS devices being used worldwide still use the “123456” default password, Avast researchers learned in their deep dive on GPS child trackers

School delayed due to ransomware

The Monroe-Woodbury Central School District in Orange County, New York was supposed to welcome students back from the summer this Wednesday, but a ransomware attack changed the plan. NBC New York reported that education officials sent out an email Tuesday night to the families in the district, stating that a “cyber security threat” had interfered with their scheduled operations. All seven schools in the district delayed the first day of classes while security experts restored data from backup servers. District Superintendent Elsie Rodriguez says the recuperation might take a little while, adding, “For the time being we’re using paper and pen. We’re going back to the old days.”

“It is great that there was a backup in place that allowed to recover the data without paying the ransom,” commented Luis Corrons, acknowledging that other institutions were not so lucky. Monroe-Woodbury is the fourth school district in the tri-state area to be hit by ransomware this year. The Rockville Center district in Long Island paid an $88,000 ransom for the retrieval of their data. 

This week's quote                                                                               

“The attacking software learns to mimic the voice of a person defined for it and makes a conversation with an employee on behalf of the CEO.” - the Cyber Security Hub at the International Quality and Productivity Center, issuing a warning about AI voice-based attacks like the one that scammed a U.K. company out of $243,000. Read More.  

Phishing scam uses SharePoint to target banks

A new phishing scam targeting the banking industry uses compromised SharePoint accounts to create a malicious ruse pretending to be a financial proposal, reported Bleeping Computer. Because the emails come from the popular collaboration platform SharePoint, secure email gateways often let them through. The sender claims to be a legal assessor with a financial proposal. Clicking through to get to the proposal, targets are instructed to enter their login credentials for Microsoft OneDrive or another email provider. Once they do that, their information is sent to the attacker.

This week's 'must read' on The Avast Blog                                    

If you use an Android made by Samsung, Huawei, LG, or Sony, you’ll want to learn about this threat that could potentially affect up to 1.25 billion users. Read More

BRATA malware targets Androids in Brazil

Posing as a WhatsApp update, the Brazilian RAT Android (BRATA) malware targets Brazilian Android users with operating system 5.0 or higher. SC magazine reported the fake update has been downloaded about 10,000 times from Google Play, though it is also available in other third-party Android outlets. The malware has the ability to log everything the user types, interact with other apps on the device, show attackers the device screen in real-time, unlock the device remotely, and more. So far, security analysts have identified over twenty variants in the BRATA family. 

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com. Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.