Security News Survey – May 24, 2019

Baltimore continues to suffer under ransomware attack, Facebook faces Instagram data breach, and TalkTalk’s 2015 data breach surfaces new issues.

A couple of weeks ago, we discussed a ransomware attack on the city of Baltimore, Maryland, that locked down most of the city’s computers. This week, the city confirmed that it is still being held hostage, with no immediate end in sight to the cyber attack’s devastating fallout.

Baltimore still held hostage under ransomware attack

Baltimore remains on lockdown two weeks after it was successfully infiltrated by a RobinHood variant that appeared to impact around 10,000 computers. Attackers have been demanding 13 bitcoins (equal to roughly $100,000) as ransom, which the city is refusing to pay. Unfortunately, the partial shutdown has paralyzed key public services in the city, leaving it unable to access email accounts or process employee payments, real estate transactions, and citizen utility payments. Baltimore Mayor Bernard Young issued a statement earlier this week with more information on the city’s efforts to regain control of the essential services, saying that officials have “established a web-based incident command, shifted operations into manual mode and established other workarounds to facilitate the continued delivery of services to the public.” He also confirmed that the city, alongside the FBI, is still investigating the incident. According to Young, it may take “months” to complete the recovery process, pointing to the fact that the city operates like a large enterprise with thousands of systems and applications.

Unsecured database exposes millions of Instagram influencers

The Facebook privacy and security saga continues this week as its photo-sharing network, Instagram, suffered a data breach impacting millions of high-profile customers, including influencers, celebrities, and brands. According to reports, a database containing at least 49 million records—public details as well as private contact information—of these individuals was discovered by a security researcher. The database was traced back to a social media marketing firm based in India. The firm has since taken the database offline, but it is unclear who else had accessed the information during the four months that it was exposed. Facebook has confirmed that it is investigating the incident, stating that it is seeking to determine if the information actually came from Instagram or from “other sources.” However, many reports are pointing fingers at the earlier-discovered Instagram bug that inadvertently exposed accounts’ contact information via source code when viewed on a web browser—data that is easy to scrape and collect.

UK ISP TalkTalk failed to notify 4,500 customers of past data breach

A BBC Watchdog investigation revealed that a simple Google search yielded personal and financial details of more than 4,500 TalkTalk customers. It seems the compromised information, however, was not a result of a new data breach, but rather a cyber attack that took place in 2015. The attack on TalkTalk exposed information of more than 150,000 customers four years ago, and the breach resulted in a fine against the IPS of £400,000. Unfortunately, this week’s revelation indicates that TalkTalk isn’t quite able to put its past behind it. The customers involved in the BBC investigation were previously told that they had not been impacted by the 2015 data breach. TalkTalk is insisting that this resulted from a “genuine error” wherein customers received the wrong notification message. The company says it has apologized to impacted customers and has reassured that the information exposed in the breach (and available online since 2015) could not lead to any “direct financial loss.”