Online survey company Typeform hacked, malware scam hits macOS users and Samsung smart phone users get an unwelcome surprise
Welcome to Cyber Security Today. It’s Wednesday July 4th, 2018. Happy Independence Day to our U.S. listeners.
To hear the podcast, click on the arrow below:
Many online companies ask customers to fill in ‘How did we do?’ surveys to improve service. But a number of firms around the world – including hotel chain Travelodge, food manufacture BirdsEye and the British prestige brand Fortnum & Mason – are finding out their surveys and quizzes have impaired customer service. That’s because those companies used surveys that collected customer data from a software company called Typeform, which was hit by a data breach. According to news reports, Typeform recently acknowledged suffering a breach caused by attackers downloading a “partial backup” of its customer data. So far the types of data taken include people’s names, birthdates, email addresses and home addresses and social media handles, depending on the company.
According to Typeform, all customer data is hosted on Amazon’s AWS service. The main servers are located in Virginia, and the backup servers are located in Germany.
Typeform said it detected an issue on June 27 and fixed it within 30 minutes. But data affected was collected prior to May 3rd.
This breach could be big. The digital bank Monzo said personal data of about 20,000 people is likely to have been included in the breach. Travelodge has hotels in the United States, Canada, the UK, Spain, Ireland, New Zealand, Australia and Asia.
You don’t hear a lot about malware hitting the macOS platform, but it’s out there. However, the latest scam is unusual. Often malware is spread by email. This time it’s being spread through cryptography or cryptocurrency chat groups on the Slack collaboration and Discord gaming Web sites. According to a columnist on the SANS Institute’s infosec blog, someone impersonating an administrator or a key person suggests readers download some code. It’s supposed to solve a problem. In fact, the file is malware. There’s an old saying, “Beware of Greeks bearing gifts.” These days, “Beware of people on the Internet offering helpful files.” Even if they appear to be knowledgeable, a stranger is still a stranger.
Finally, users of recent Samsung smart phones are reporting their devices are randomly sending photos to contacts in their address books. So far the problem has affected Galaxy S9 and S9+ devices. The problem, according to the news site Gizmodo, appears to be in Samsung Messages, the default texting app on Galaxy devices. For some reason it’s sending photos saved on devices to people on their contact lists. The suspicion is its related to a recent software update to wireless carriers aimed at improving the messaging service. Samsung told Gizmodo it’s looking into the problem. There is a fix – go into your phone’s app setting and revoke Samsung Messages ability to access storage.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.