Hackers Hijack Twitter to Avenge ISIS Drone Strike, Expose U.S. Prisoner Calls, and Attack Spotify Listeners
Hacker stealing data from a laptop Thinkstock
Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.
In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
70 Million U.S. Prisoner Calls Breached
Someone leaked the media the records of calls placed by inmates in at least 37 states and downloadable recordings of many calls. The material was taken from prison phone service provider Securus Technologies.
The calls span nearly 2 and 1/2 years, from December 2011 to the spring of 2014.
There appear to be at least 14,000 recorded conversations between inmates and attorneys.
“There's a real danger that hackers could use these bulk data records to compromise convicts and witnesses,” Engadget notes.
Securus suspects an insider dumped the contents online, not a hacker.
Jihadis Breach 54,000 Twitter Accounts to Avenge the Killing of ISIS Hacker
The self-dubbed "Cyber Caliphate" hacker group is lashing out in response to a drone strike against its founder, ISIS member Junaid Hussain. The coalition attack occurred in August.
Most users impacted by the Twitter hijacking are based in Saudi Arabia, but some might be British residents.
Cyber Caliphate urged its followers to take control of the hacked accounts to spread ISIS propaganda.
The group tweeted a link to a database displaying the stolen Twitter details last Sunday, before the social media company hours later suspended the feed, reportedly, upon the urging of a security agency.
The Islamic extremists also posted what they claimed were personal details, including mobile phone numbers, of the heads of the CIA, the FBI and the National Security Agency.
Online Investment Startup Nutmeg Exposes Customer Financials in Email Goof
Customer investment details were sent to the wrong people due to a fault in the code running the firm’s service.
More than 30 investment suitability reports — including names, addresses and details of investments, assets and assessments of risk appetite — were compromised.
“The data breach is a blow to the Silicon Valley credentials of the wealth manager, which seeks to attract young tech-savvy investors by providing automated online investment services at low cost,” FT reports.
Renzo Marchini, special counsel with law firm Dechert, said that leaking details of personal investments could embarrass those whose data is exposed. “You’re giving away the wealth of someone,” he said.
Credentials of Spotify Users Surface Online
Email addresses and passwords of users of the music streaming app appeared online days after the company allegedly was hacked.
Newsweek verified the details of the security breach with nine individuals whose email addresses were posted publicly on Nov. 2. One victim claimed he was locked out of his account for three days.
Several users only heard about the incident when they reached out to Spotify after realizing their accounts had been overtaken.
In an email to Newsweek, Spotify provided a statement, denying its system was hacked.
"Spotify has not been hacked and our user records are secure," the statement reads. "The compromised credentials come from a well-known past leak on another service.”