Hackers Mess with Password Manager, Plastic Surgery Clinics and Burritos

There's never a dull week in ThreatWatch, Nextgov's list of threats and cyber incidents to know about.

OneLogin Password Manager Sends Customers Long List of Fixes After Breach

Password manager OneLogin acknowledged a breach of its systems, but reports say the company is downplaying how significant the incident may be to customers.

The company in a blog post said it detected unauthorized access to its U.S. data region, which it has since blocked and is working with an independent security firm to investigate and reported it to law enforcement.

“While our investigation is still ongoing, we have already reached out to impacted customers with specific recommended remediation steps,” the company said.

However, the public blog post didn’t acknowledge what other company messages said, including that customer data was compromised and “the ability to decrypt encrypted data,” according to The Register.

Multiple customers sent Motherboard messages from OneLogin that listed what customers should do to remediate the breach. In addition to changing passwords, the company suggested creating new API keys, authentication tokens, security certificates and credentials, as well as "recycling" stored notes.

“That long list might perhaps be why OneLogin's been a bit brief in public: it's a lot of stuff to get done and could set tongues-a-wagging if the extent of the risk became widely known,” The Register said.

Hackers Blackmail Plastic Surgery Patients After Stealing Pictures

Hackers published a cache of personal information—including nude pictures—from Lithuanian plastic surgery clinics after attempting to blackmail the business and the patients.

The data dump Tuesday included more than 25,000 pre-and post-operation photos, and data such as passport scans and insurance numbers of the Grozio Chirurgija clinic chain clients, according to The Guardian. The clients came from 60 countries.

Lithuanian police said the Tsar Team hacking group stole the data earlier this year, releasing a small batch in March and another Tuesday. The group first attempted to get a 300 bitcoin (about $688,000) payment from the clinic, reduced the price to 50 bitcoins (about $114,000) and eventually turned to extorting individual patients. "Dozens" have come forward about blackmail attempts, the police said.

The police, working with other European authorities, warned people who download and store the stolen data could also be prosecuted.

Chipotle Confirms Payment System Breached 

Chipotle Mexican Grill confirmed it found payment-information-stealing malware on its systems at locations across the country.

Chipotle disclosed the incident April 25, but recently released additional details about the investigated conducted by unnamed cybersecurity firms. They found malware designed to find track data—the payments details like names, credit card numbers and verification codes—on point-of-sales systems between March 24 through April 18.

Customers can look up if the malware affected stores they frequent, but the malware was located in at least 48 states. A company spokesman told Reuters the breach affected “most” of its restaurants.

They also detected the malware at seven locations of Pizzeria Locale, an affiliated company.

“During the investigation, we removed the malware, and we continue to work with cybersecurity firms to evaluate ways to enhance our security measures,“ the Chipotle statement said. Law enforcement is also investigating the incident.