Protect Yourself from Hackers | TransUnion Hackers

Here’s How to Protect Yourself from TransUnion Hackers (and any other Hackers)

Last month, TransUnion (one of the biggest credit bureaus in the world) suffered a hacking attack at its SA subsidiary with a $15 million dollar ransom attached. More than 3 million client records were stolen during the attack and a further 6 million IDs exposed, with hackers from the group N4ughtySecTU demanding payment in exchange for not releasing sensitive information of “28-million credit records” online.

Since the company refused to pay this astronomical amount, that they said was “extortion”, the stolen data could be circulating online right now – and any South African credit user could be affected.

If you’re worried about the implications of this huge cybersecurity breach, you’re not alone. Fortunately, there are some things you can do to protect yourself from hackers, even if your data has been compromised.

Let’s take a look at the latest news on the TransUnion leak and what you can do to secure your privacy.

millions of customers’ data is on the loose – now what?

In the aftermath of the TransUnion leak, millions of South Africans – including President Ramaphosa –  have become victims of cybercrime overnight. To find out if you were one of them, the best thing you can do is to contact Trans Union directly, although TransUnion advised that affected individuals had been emailed directly.

If you think that your information has been leaked, it’s important to remain calm while recognising that your personal data could be used by criminals. Some of the crimes that leaked data can be used for include:

  • Financial scams
  • Phishing emails
  • Telephone scans
  • Tracking your whereabouts to commit physical crimes
  • Identity theft using your name

If you suspect that you have become a target of online or physical criminals, it’s essential to notify the police immediately. You should also safeguard your information by following the steps below.

how to get back your privacy after the TransUnion leak

In the wake of the biggest data breach to affect a South African credit bureau, TransUnion is offering affected individual access to its TrueIdentity Service free of charge until the end of 2023.

It’s definitely worth accepting this offer, but that alone may not be enough to prevent your information being used by criminals.

Aside from regularly checking for updates from TransUnion, here are some other steps you can take to protect your privacy.

  • Change your passwords on all your important online accounts, including your email and electronic banking profile
  • Don’t use your name, children’s names, or place of work or residence as a password
  • Be especially suspicious of unusual phone calls, text messages, or emails from people claiming to work at your bank or credit card provider
  • Verify any requests for personal information
  • Never click on a suspicious link
  • Change your security questions
  • Keep a close eye on your bank accounts and credit reports

protect yourself from hackers

Taking the above steps should help you secure your data so that you can rest easy.

Wherever possible, activate a two-factor authentication on your accounts which will certainly help block automated attacks, however, it’s important to remember that hackers are sometimes able to bypass multi-factor authentication through bots. To ensure that your business and personal data is fully protected in the future, be proactive about your data security and choose one of our secure cloud storage solutions today.

The Experian Experience data breach & New Protection Laws

The recent Experian expeirence data breach is no secret. The cat is out of the bag! Over a million South Africans were notified of the data breach which took place on July 2020. On the 19th of August 2020, SABRIC announced that Experian’s data breach put the personal data of 24 million South Africans and over 790,000 businesses in jeopardy.

How Did it Happen?

It turns out that Experian unwittingly provided financial details to a South African individual fraudulently acting as a representative of one of their legitimate financial customers. The company then provided the individual with sensitive information in May 2020. In July 2020, the fraud was brought to light and the company took immediate preventative action and will be taking legal action too.

How Things Played Out

The real question is whether or not Experian has been downplaying the situation.

The company’s latest statement informed the public that Experian was not hacked as many had presumed. They also advised that no financial information had been compromised.

Data that the fraudster may have gained access to includes email addresses, ID numbers, home addresses, work information, and full names. While financial information was not provided, a fraudster could still use this information for identity theft purposes giving them deeper access to financial data.

The Legalities

According to the new Protection of Personal Information Act (POPI) recently instated, Experian was required to notify the information regular as soon as they became aware of the fraud.  The company is also meant to notify any individual whose personal information has been compromised. Experian failed on both of these fronts.

The new POPI act sets in place a series of rules and guidelines that assist companies to adopt a swift data breach response plan so that they can quickly determine what information has been lost, where that data sits and who has been affected. As soon as a company experiences a breach, as part of a POPI compliance exercise they should act immediately and to the letter.

Unfortunately, even though South Africa has the POPI act, there is currently no regulatory law in the country concerning cybercrime. The Cybercrimes Bill which was passed in July still awaits Cyril Ramaphosa’s approval. This new Bill will impose stricter laws on reporting data breaches when they happen.

The Conclusion

While the Experian data breach dust settles, we hope that we are not simply waiting to see who will be next! Hopefully, the hackers will give South African people and businesses a break for a while – let’s work together by following regulations to keep them at bay, and encrypting and backing up our data so that it’s not an easy target.

A ‘Security Incident’ or hack attack? What the Twit, Twitter!

Already facing a potential Federal Trade Commission fine of $250 million after admitting to improper usage of users’ personal information in 2019, Twitter is in privacy hell! Whether or not you are an avid Twitter user, you will probably have heard that the company also suffered a recent hack attack which they classified as a security incident. According to inside reports, the attack included some high profile users such as Bill Gates and Elon Musk. What the twit, right!

Okay, hold on, let’s start at the beginning. What happened?

On the 15th of July 2020, a social attack was engineered and carried out on Twitter. According to the company, 130 Twitter accounts were attacked. The hackers used 45 of those accounts to spread Tweet posts and gained access to the inboxes of 36 others. Data was downloaded by the attackers from 7 accounts successfully.

More About the Attack

So how did the hackers ever gain access to the accounts of 130 unsuspecting users in the first place.? The answer is actually rather ambiguous as it’s both simple and complex at the same time.

Twitter has gone to great lengths to investigate what they initially referred to as “a security incident” and have found that it is the result of a small group of their employees being targeted through a phone spear-phishing attack.

What is a phone spear-phishing attack?

Quite simply, fraudsters send emails from a known or trusted sender in order to get the target to reveal confidential information. This method works more often than not as the target believes they are talking to their trusted contact, when in fact, they are not.

In order for the attackers to be successful, they needed to obtain access to the internal network where they could gather the credentials of specific employees with access to internal support permissions. To some degree, they succeeded.

Their hack, however, required a two-step approach as none of the targeted employees had all the necessary permissions that were needed by the hackers. Using the credentials of some of the employees with the right access, they were able to target 130 Twitter accounts; tweeting from 45, downloading the Twitter data of 7 and direct messaging of 36 users.

What is the Risk to You?

For the most part, the hackers were unable to access the private info in the majority of the hacked accounts (save 7 that is). Twitter confirmed the following:

  • The hackers could view user’s email addresses and cell phone numbers.
  • Hackers were unable to view previous account passwords.
  • The company is still investigating how much information the hackers gained access to from accounts that they were able to take over.

The investigation is still underway and Twitter says it will do everything it can to ensure that a similar attack doesn’t happen in the future.

Steps You Can Take

Just to be safe, you should change your Twitter password and take the time to suss out your profile for any unusual activity. Make sure that you never click on email links or attachments, even if it seems to come from a trusted source. Check with the source first as to whether or not they messaged you and why.

At Soteria Cloud, we have a tendency to repeat ourselves – with good reason. We can’t tell you often enough how important it is to change your passwords regularly and that you should be storing sensitive information in an encrypted format in the cloud.

If the Twitter hack gave you a bit of a scare (or wakeup call), perhaps now is the time to start looking into ramping up your cloud backups and device security.

Surprisingly Hackable IoT Devices

If you are currently deeply enfolded in the convenience of connected IoT (Internet of Things) devices in the home, you’re possibly not prone to thinking about considering the risks that they can pose.

Just as the IT infrastructure in your office can be hacked, so to can your home IoT devices be attacked by the very same cybercriminals. Your high tech, connected vacuum cleaner or baby monitor, your smart window dressings or home security system, these smart devices can all be used to steal your personal information or even spy on you via the embedded device cameras.

At the RSA Conference this year, a variety of surprisingly hackable IoT devices were thrown into the spotlight, making more than just a few of the onlookers a bit uncomfortable.  And yes, you guessed it; a baby monitor and vacuum cleaner made the list!

Why are connected IoT Devices so Hackable?

The risk starts when a device connects to your network. All networks have vulnerabilities and it just takes a clever cybercriminal to hack into your device and use it for all manner of evils. Your device could start listening to you and capture this information for a criminal. The camera can be used to determine whether or not you are in the home or even see where you hide precious items. You could even find that your entire network gets jammed up and a hacker demands a sum of money to return your life (and devices) back to normal. The options are aplenty!

Which IoT Devices are the Most Hackable?

When you think of IoT, it’s likely that your mind immediately goes to your internet-powered devices such as your laptop, mobile phone, tablet and similar, but the reality is that IoT is so much more than just these devices. Below are a handful of IoT devices you might never consider could be used to hack into your personal information.

  • Car remote – it can be hacked, jammed, cloned, and used to steal your car;
  • A built-in vehicle GPS system – this can unlock your car, locate your car, and even drive your car;
  • CCTV cameras – can be used to gather sensitive info in offices and homes such as passwords on computer accounts and the PIN for the alarm system;
  • Wireless printers – hackers can get access to all documents printed and scanned on the device;
  • Smart televisions – built-in cameras can be used to spy on the home and linked accounts can be accessed;
  • Smart fridges – can be used to gather data on family emails via the linked device camera.

But what does this all mean? The list above contains so many items that most of us take for granted. Inter-connected devices that simplify our lives. Does it mean that we have to disconnect all our convenient smart home devices and revert back to a DIY era or the “stone age” again? No, it certainly doesn’t. What it means is that you have to be safe while using these devices.

How to ensure that your IoT devices are safe

Instead of retiring your IoT devices prematurely, start working on having a more aware and cautious approach to using your connected devices. Here are a few things that you can implement to ensure that your IoT devices are providing you with the conveniences they promise, without the threats and risks.

  • Regularly update your devices to the latest version of software.
  • Install security patches and fixes as soon as they are released.
  • Research the various security risks that each of your connected devices presents (Google is great for this).
  • Make sure that your network username and password are secure and different from any other passwords. Be sure to change them often.
  • Don’t keep sensitive data stored on any connected devices. If you have info and data you would like to save, back it up to the cloud.

As a responsible IoT device owner, there is every reason to believe that you can avoid the risks associated with such convenience. You know what they say though…the cost of IoT convenience is your privacy!

Joburgers say “We Will Not Pay”, as City Uncovers Hacking Details

“We don’t negotiate with terrorists” is the type of thing you expect to hear on a fast-paced, action movie. This, however, is the very same stance that the City of Johannesburg took with the “Shadow Kill Hackers” who demanded 4 bitcoins (amounting to approximately half a million rand) from the City in October.

This is not the first time that the City of Johannesburg has been in the spotlight for security breaches; in fact, we covered news of a prior ransomware attack on Johannesburg back in August of 2019. If you live in the Johannesburg area, you might have been affected by this as the city shut down its website, all e-services, and call centre, as a precautionary measure after being alerted to the breach.

What happened in the Jo’burg City Hacking?

The self-named Shadow Kill Hackers contacted the City of Johannesburg and made their demands – 4 Bitcoins to be paid over to them by 5pm on 28th of October. The demands went on to say that if payment wasn’t made they would release all the data they had managed to retrieve from the City’s server on to the internet.

This is undoubtedly a valuable lesson to the City of Johannesburg, and all other municipalities about encryption.

The City of Joburg did not comply with the demands. They had another strategy in mind which involved investigation, improvement in system security, and following the letter of the law by letting the public know of the breach.

A great precedent was set by the response of the City, not only in the fact that it refused to concede to the ransom demand but also because it immediately set to work calling in experts to restore services and find out who was responsible for the disruption.

What’s the Final Solution?

Quite simply – the IT experts need to implement new, reliable systems. Major-General Sibiya, Head of Forensics, said that the Hawks have the case in hand and are making progress in interviewing various witnesses.

He also stated that the City is now aware of how the attack was executed when it was carried out, and where. They are now properly aware of the vulnerabilities that the City of Joburg’s servers have, with experts working on upgrading the systems. In short; the City of Johannesburg has it under control!

How Can You Protect Yourself?

If you hear that one of your online service providers or digital service providers has been hacked or has suffered a breach, that’s your cue to take action. Make sure that your accounts are either deleted and reinstated or that you change all of your passwords to something completely dissimilar to the one that you had.

You would also be well advised to do a few credit checks in the months to follow, just to ensure that no fake identity has been created using your details, and racking up a huge bill! You also need to get in touch with the service provider to ascertain the severity of the attack and to confirm the status of the threat. If the service provider is dedicated to customer care and your safety, they will also provide you with a list of “next steps” for you to follow.

While a big congrats goes to the City of Johannesburg for handling the situation as best they could, this recent hacking still serves as a valuable lesson to businesses as well as the man on the street.

No one is ever completely safe from hacking

If it can happen to the City of Johannesburg, it can most certainly happen to you! Take the necessary precautions to protect yourself and your data and be sure that it is backed up regularly to the cloud.

Has Your Website Been Hacked? Here’s what to Do

If you own a website, you might be worried about getting hacked. When a website is hacked, it’s normal to feel a sense of panic. Unfortunately, the worst has happened, and you have lost your website, your data and probably the very link between yourself and your customers.

The best piece of advice to give you is to relax. It’s not the end of the world, and the problem can be rectified. Your website and all that goes with it can be recovered, and then you are going to need to put mechanisms in place to minimise the risk of it happening again.

What are the Signs of a Hacked Website?

There are several tell-tale signs to look out for that will tell you that your website has been hacked? Here are some of the most discernible signs of a hacked website:

  • Your website’s source code suddenly includes some unusual JavaScript.
  • When you visit your URL, pop-ups and unknown adverts are displayed.
  • Additional unauthorised users have been added to your FTP and database management tools.
  • When you visit your website URL, you end up somewhere else – usually a dodgy website with questionable content.
  • Your website no longer displays your content but rather malicious or unknown content.
  • When you visit your URL, there’s a Google alert noting that the website is hacked.
  • When you enter your website URL, the website cannot be reached.
  • Internet browsers warn visitors that the website is unsafe or not secure.

Not all hackers have the same intentions, so it’s a good idea to take a close look at the type of hacking attack you have fallen victim to and ascertain what the intended outcome is for the hacker. Some hackers simply hack for the fun of it (they enjoy chaos and the attention that their efforts achieve), some hack with the intention of stealing money, while others hack for political reasons, identity theft, or to steal sensitive data.

What to do

If you are sure that your website has been hacked, there are a few things that you need to do immediately. Follow these steps:

  • Inform the right people
    You need to inform your IT department as well as your hosting company. These departments have the software and necessary skills to action the proper damage control.
  • Get the details of the hack
    You need to know just how much damage the attack has caused. What was stolen and what was exploited. A good tool for this is the Google Search Console. Once you have signed in, check the Messages and the Security Issues sections for the information that you need.
  • Go offline
    Taking your website offline while you deal with the recovery phase of the process will protect your customers and potential customers from being exposed to malicious software.
  • Purge the website
    First, take a close look at your website pages and make sure that you remove any pages that the hackers may have created for their own purposes. Once these are deleted, you need to back up the website. You can do quick and easy online backups at Soteria.

If you already have a recent backup of the website, you have the upper hand, as you can immediately delete all of the pages and restore the website pages to their former glory in just a few clicks.

  • Change all your passwords
    If your website has been hacked, you should assume that hackers have acquired your passwords. You need to change all of your website and hosting related passwords. It might also be a good idea to change any passwords that you use on websites where your banking/financial information is stored.
  • Get Google to review your hack recovery process
    Remember when you read up on the issues affecting your website in Google Search Console? Now, you need to go back to the Search Console and revisit the message Google sent you advising you that the website is unsafe. Through this, you can request a Google review to un-flag your site as “unsafe”. Google will require you to provide information on the steps you took to clean your website and make it safer for users in future.
  • How to Hack-Safe Your Website
    Once your website is back up and running, you need to ensure that you don’t become a victim of hacking again. The first step is to change your passwords regularly and to keep a close eye on any possible changes on your accounts. You also need to run regular data encrypted backups to ensure that there is always a current version available of your website that’s untainted.

Last Word

At Soteria Cloud we have heard all too often about websites being hacked and owners not knowing what to do to rectify the problem. Now, you can follow the above steps or chat to your hosting company about possible courses of action too.