Cloud Host Breach Leads Roundup

Hackers Accessed Souce Code, Database
Cloud Host Breach Leads Roundup

In this week's breach roundup, cloud-hosting provider Linode reports a breach of its web servers that exposed source code and a database containing encrypted credit card numbers. Also, an unencrypted laptop stolen from the home of an employee at an Arizona counseling center contained sensitive information about mental health patients.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

Hackers Breach Cloud Host's Servers

Cloud-hosting provider Linode says hackers breached its web servers, gaining access to a portion of its source code as well as a database that included encrypted credit card numbers.

A group known as HTP claimed responsibility for the breach, the company reports in an April 16 blog on its website. Linode believes the hackers may have exploited a previously unknown zero-day vulnerability in Adobe's ColdFusion application server, the blog notes.

In addition to encrypted card numbers, the exposed database includes the last four digits stored in clear text to assist in lookups, the company says. So far, there's no evidence that decrypted credit card numbers were obtained by hackers, Linode says.

Because some passwords for the company's virtual console feature, known as Lish, were stored in clear text in the database, the company has invalidated all affected Lish passwords, which now must be reset.

Stolen Laptop Impacts Mental Health Patients

An unencrypted laptop stolen from the home of an employee at an Arizona counseling center contained sensitive information about hundreds of mental health patients.

Arizona Counseling and Treatment Services told the Yuma Sun that the home of one of its employees was burglarized the week of March 18. Information stored on the device includes names, dates of birth and treatment plans for more than 500 patients of Arizona Counseling and Treatment Services as well as Cenpatico Behavioral Health of Arizona, the newspaper reports.

The employee immediately filed a police report, and Arizona Counseling and Treatment Services is offering affected patients free credit monitoring.

Canadian Agency Reports Breach

The Investment Industry Regulatory Organization of Canada, which oversees all investment dealers and trading activity on debt and equity marketplaces in Canada, is notifying a number of investment firms of a breach involving the loss of a portable device that contained personal information on the firms' clients.

The agency says it conducted an internal investigation and hired a forensics company to determine what information was contained on the device. Although the agency did not reveal the nature of the information that was exposed, it's offering to place a six-year alert flag on affected individuals' credit files through Equifax Canada.

The agency did not reveal how many individuals were affected, but news outlet The Globe and Mail reports that 52,000 brokerage firm clients were impacted by the lost device.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.