Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.
In case you missed our coverage this week in ThreatWatch, Nextgov’s
Sabre Corp., a travel technology company, disclosed an investigation into a potential breach of its reservation system that supports about 32,000 hotels.
The company provides reservation systems for airlines, hotels and travel agencies, as well as other travel-related web and mobile systems.
Sabre hired security firm Mandiant to look into a potential breach of payment and customer data from one of its cloud-based systems, according to a Krebs On Security report. The company released the information in a quarterly Security and Exchange Commission filing.
“The unauthorized access has been shut off and there is no evidence of continued unauthorized activity. There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected,” a Sabre statement said.
An incredibly fast-moving phishing attack started hitting Gmail inboxes Wednesday.
Victims—who at first seemed to be journalists—receive what looks like an invitation to view a Google Doc from a known contact that instead replicates the attack to their address books, according to The Atlantic.
Clicking the link lets the attacker read, send and delete emails on a victim’s behalf without having login details, Recode reported. Two-factor authentication or changing a password doesn’t disable the attack; instead, users have to remove what looks like a Google Doc app from their account management pages. (Here’s Google’s recommended security check.)
The attack didn’t affect the real Google Docs program; it merely spoofed it. Google said it will be taking steps to prevent such trickery in the future and it also disabled the accounts associated with this specific attack.
One of Netflix’s popular shows, “Orange is the New Black,” made an early debut on a file-sharing site after the on-demand streaming network refused to pay ransom.
A hacker (or group) called thedarkoverlord took to Twitter on Friday and threatened to release the show’s upcoming season if Netflix didn’t pay an undisclosed sum, Variety reported. The show was scheduled for a June 9 release. The ransomer also claimed to have unreleased shows from other networks, including Fox, IFC, National Geographics and ABC.
Hackers got the content from Larson Studios, a postproduction company used by many TV studios.
Thedarkoverload on Saturday tweeted links to “Orange is the New Black” episodes—though the hackers didn’t get the final few of the 13-episode season. On Monday, the account tweeted another threat: “It’s nearly time to play another round.”
The New York Times reported the hacker alias is linked to other ransomware attacks, including a cancer support charity in Indiana.