Netflix Premiere Leak, McDonald's Scammers, Rodents vs. Tokens

As per tradition, we share a selection of the most notable information security incidents of the past month. In August, we managed to see: a nightmare for League of Legends fans, the largest leak in US history, and yet another failure in Microsoft's work.

Premature premiere

What's happened: upcoming Netflix releases leaked into the network due to an attack on a contractor.

How did it happen?: On August 9, unreleased episodes of Netflix anime and animated series began appearing on social networks and thematic forums. Among them: Arcane, Terminator Zero, Dandadan, Ranma ½ and others.

Netflix fast reacted leak, stating that “hackers have compromised one of our post-production partners.” This is also supported by the low quality of the “leaked” videos with watermarks “for work use.”

The media giant tried to remove the leaked data from the network, and also posted a new plot trailer for the most high-profile new release – the second season of the anime based on the game League of Legends – Arcane, to calm the hype. But it did not help, millions of fans who were waiting for the second season have already seen the main plot spoilers.

Manage your dream, but don't forget about information security

What's happened: American division of Toyota became victim of a cyber attack.

How did it happen?: On August 16, 240 GB of data from Toyota's California division appeared on a hacker forum. Among the leaked data were employee and client data, internal documents and databases, as well as logins and passwords for admin accounts in plain text.

It is noteworthy that the attackers do not sell the data, but give it away for free. This may indicate that the attack was an act of “hacktivism.”

Toyota confirmed the leak and assured that it was investigating the incident, which was “limited in nature.” However, a few days after this statement, the leaked admin accounts were are validcontinued to work.

We entered through the butler

What's happened: hackers called Major outage in Indian banking apps.

How did it happen?: Attackers attacked C-Edge Technologies, a major service provider, causing mobile banking apps to be down in most of India on August 1.

The incident was investigated by specialists Juniper NetworksAccording to their information, C-Edge Technologies was hacked due to an incorrectly configured Jenkins server. This is an automated system for testing and delivering modules of mobile applications.

The attackers started by sending a POST request to the server, attempting to execute a malicious command. This succeeded, and the criminals gained a foothold on the server, gained access to other company systems, and then deployed ransomware.

It is noteworthy that in addition to the incorrect configuration of Jenkins, one of its parts incorrectly processed POST requests, the server itself was not updated to the current version. This allowed exploitation of the critical vulnerability CVE-2024-23897 (CVSS score: 9.8/10) and the attack.

Cold revenge from warm Italy

What's happened: former contractor attacked crypto platform Holograph.

How did it happen?: Holograph is a crypto platform with its own tokenization protocol. Hackers took advantage of a vulnerability in it and generated 1 billion Holograph tokens — HLG — using a proxy wallet.

The total value of the generated tokens was approximately $15 million. Due to this “crypto inflation,” the value of HLG tokens fell from $0.014 to $0.0029 in a few hours.

An international investigation was launched after the incident, and the suspects were arrested in Italy. Their names have not been released, however it turned outthat the organizer of the attack was a “disgruntled former contractor” who understood how the Holograph protocol worked.

The PDn Saga: Selling Clones

What's happened: data of 2.7 billion Americans got there into the public domain.

How did it happen?: On August 6, a post appeared on a hacker forum with the personal information of 2.7 billion Americans. The leak contains names, Social Security numbers, all known email addresses, and possible aliases of the victims.

Researchers believe that the alleged source of the leak is the company National Public Data. It collects personal data of citizens and then provides access to it for a fee for criminal background checks and for private detectives.

According to information Mediaa dump with similar data was already sold in the spring of this year on the same hacker forum. Then another hacker claimed to have hacked National Public Data and obtained personal data of citizens of the USA, Great Britain and Canada.

Since the initial leak, various hackers have published partial copies of the dump, each with a different number of entries and, in some cases, even different data. The latest and most complete version of the dump appeared on August 6.

While the exact authenticity of the clone leaks has not yet been established, it has been revealed that National Public Data collected data from non-public sources without Americans' consent. In connection with this, the companies were presented accusations.

Six months together, already like family

What's happened: Kootenai Health, a major U.S. healthcare provider, became a victim hackers.

How did it happen?: The attackers penetrated the company's infrastructure using ransomware. They then encrypted files and leaked personal data of clients and employees, including: age, passport data, social security number, driver's license and medical documents.

According to information researchersthe attackers penetrated the company back in February 2024, but the problem was only discovered in August 2024. As a result, the leak suffered about 500 thousand people.

Microsoft and an unexpected day off

What's happened: there was a global failure in the operation of Microsoft services.

How did it happen?: On July 30, from 14:45 to 23:43 Moscow time, many Microsoft services and applications were unavailable: Azure, Outlook, Minecraft, Entura, and Microsoft Intune, etc. This disrupted the work of many organizations: courts, utilities, banks, and medical institutions around the world!

Microsoft has publicly stated that the outage was caused by a DDoS attack, and that its security measures only exacerbated the attack rather than mitigated it. A previously unknown hacktivist group has claimed responsibility for the attack.

Also the company stated, that it had set up Azure Web Application Firewall, a means of protection against such attacks. It is unclear, however, why the global IT giant did not install a firewall for web applications earlier.

Wiped clean

What's happened: hackers remotely erased data from devices of pupils and students around the world.

How did it happen?: Attackers have hacked Mobile Guardian, a developer of MDM systems for the educational sector. It develops cross-platform software for filtering traffic, monitoring student activity, and remotely managing devices.

Reportedly companiesOn August 4, a cyber attack occurred, as a result of which hackers gained access to the Mobile Guardian platform. The obtained capabilities were used not to steal data, but to delete it. For example, in Singapore, data was deleted from 13 thousand devices, and this ended breakup contract with the country's Ministry of Education.

The company, unfortunately, has given up: after the attack, it completely shut down its control servers, which means users cannot log into Mobile Guardian and students have limited access to their devices.

Beavers attack!

What's happened: Nexera's blockchain infrastructure was attacked hackers.

How did it happen?: August 7, unknown attackers hacked Fundrs smart contract management system using BeaverTail malware, which allowed them to steal 47 million Nexera infrastructure tokens, NXRA, worth $1.76 million.

The attackers cashed out 15 million tokens worth $450 thousand, and the Nexera team managed to remove the other 32 million from circulation. After that, the company suspended trading its tokens on decentralized exchanges and recommended that other platforms do the same. However, this led to an 86% drop in the token price.

This is what I don't like

What's happened: hackers stole McDonald's subscribers earn about $700 thousand.

How did it happen?: A hacker group hacked McDonald's Instagram* account and posted an ad for a fraudulent cryptocurrency token. It was named after one of the company's mascots, Grimace.

The advertising did its job, and the token capitalization instantly grew from several thousand to $25 million. After that, the scammers sold the tokens they had, thereby earning about $700 thousand in Solana (SOL) cryptocurrency. The cost of the token itself fell to $65 thousand.

The company eventually got its account back, but for a while its profile description featured a thank you from the hackers for the cryptocurrency. McDonald's apologized to its subscribers for the incident.

*Meta Platforms Inc. is recognized as an extremist organization in Russia and is banned.

IB tip of the month: To prevent incidents, it is important for an information security specialist to be able to speak the language of business. Explain to management and colleagues the risks of neglecting information security rules and protection tools. You will be able to learn how to make friends between business and information security at the annual series of practical conferences Road Show SearchInform from September 19 to November 28. The program includes 27 cities of the Russian Federation and the CIS, join us!