Hacker leaks 125 GB of Twitch data

Plus, Telegram goes up when Facebook goes down, and James Bond fans get scammed, not stirred

An anonymous hacker posted 125 GB of data to 4chan on Wednesday, claiming it was the entirety of live streaming service Twitch, from source code to member information. The hacker wrote that the leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool.” The data dump did contain Twitch’s source code with full comment history, creator payout information, client lists, proprietary SDKs and internal AWS services used by Twitch, other Twitch properties such as IGDB and CurseForge, an unreleased rival platform to Steam codenamed “Vapor,” and internal “red teaming” tools. “We can confirm a breach has taken place,” Twitch stated, adding, “Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.” For more on this story, see VGC.

Telegram adds 70M users during Facebook outage

Instant message service Telegram says it gained 70 million new users on Monday when Facebook and its subsidiaries Instagram, Messenger, and WhatsApp were all down for a period of about six hours. At the end of 2020, Telegram claimed to have close to 500 million active users, and the app has been downloaded over a billion times. Messaging app Signal also reported gaining “millions of new users” during the down time. Facebook attributed the outage to a faulty configuration change made on their end. “Imagine what could happen in the case of a cyberattack,” said Avast Security Evangelist Luis Corrons. “It could have been worse with consequences that last longer. We need to be prepared to have alternate means of working and communicating and not depend just on a single platform.” For more, see TechCrunch

FCC combats SIM swapping scams

The United States Federal Communications Commission (FCC) put out a press release this week announcing that it is beginning the process of new rulemaking to combat cell phone hijacking scams like SIM swapping and port-out fraud. SIM swapping occurs when a bad actor convinces a mobile carrier, either through trickery or bribery, to transfer an account to a different SIM card. In some cases, SIM swapping has been done without a mobile carrier agent’s participation, when the hacker simply exploited vulnerabilities in the carrier’s software. Port-out fraud is the same scam, except the bad actor has the account transferred to another mobile operator instead of another SIM card. For more, see The Record

Users scammed by No Time to Die fakes

Researchers are warning users to be wary of any online entities offering streams of the new James Bond movie No Time to Die, because hackers are using the film as a lure to find victims. Researchers discovered several malicious files disguised as the movie, containing dangerous Trojans designed to steal log-in credentials and create backdoors for later. They also found adware and ransomware programs masquerading as the film, as well as a number of phishing websites that play the first few minutes of the movie before asking the viewer to register with a credit card number. After the viewer inputs the card number, the movie does not continue but the card gets hit with charges. For more, see CNET.

Coinbase hacked, customer funds stolen

Bad actors have hacked Coinbase, one of the largest cryptocurrency exchanges in the world, by exploiting a flaw in the company’s SMS Account Recovery process. Coinbase sent a notification letter to affected customers, stating, “At least 6,000 Coinbase customers had funds removed from their accounts, including you.” The hacks took place between March and May this year. Coinbase said it would reimburse all affected customers, and it urged users to change their passwords and to deploy stronger methods of security for their Coinbase account, such as time-based one-time passwords (TOTP) or hardware security keys.

This week’s ‘must-read’ on The Avast Blog

School is back in session, and for many colleges, this means a return to campus. Now that faculty and students are now reacquainting with being in person again, we need to talk about the many free Wi-Fi networks offered on and around college campuses. Is free Wi-Fi really safe?

--> -->