Infosec Round-Up Oct 8th

Play Video

Twitch Leak, A.I. Ban & Rogue IT Technician

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Twitch Data Leak

The game streaming platform Twitch has fallen victim to a breach in which a reported 125GB of confidential data has been leaked.

Shared via the imageboard 4chan, the leak contained not only large amounts of financial information relating to its users, but also allegedly the source code from around 6,000 internal Git repositories.

Along with the data, the anonymous user posted referring to Twitch as “a disgusting toxic cesspool” and cited ‘greater competition in the online video streaming space’ as the motivation for the leak.

With Twitch confirming that no login credentials or credit card numbers were contained within the leak, the company noted: “We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party”.

Adding, “Our teams are working with urgency to investigate the incident. As the investigation is ongoing, we are still in the process of understanding the impact in detail”.

School Insider Threat

A former IT technician for a Leicestershire school has admitted to causing serious disruption by breaking into the computer systems of former employers, deleting data and changing passwords.

Adam Georgeson, 29, who had at the beginning of this year been fired from his role at Welland Park Academy, and was subsequently employed at a Rutland IT firm, gained unauthorised access to the IT systems reportedly out of ‘boredom’.

Appearing in Leicester Crown Court this Monday, the insider threat admitted changing passwords and deleting data, resulting in school systems being no longer accessible and remote learning being negatively impacted.

Detective Constable Anthony Jones, has stated: “There was a great deal of resentment towards both his former employers – but that’s no excuse for his actions which caused significant problems for both and could’ve had more damaging consequences.”

Adding, “I hope this case will serve as an example that Leicestershire Police takes all reports of cyber crime seriously and will fully investigate them in order to bring the perpetrators to justice.”

EU A.I. Ban

The European Union Parliament has voted in favour of a resolution which effectively bans the use of artificial intelligence-powered biometric mass surveillance technologies.

In a resolution adopted by 377 in favour, 248 against and 62 abstentions, MEPs cited the risk of algorithmic bias, as well as asking for a permanent ban on the automated recognition of individuals in public spaces, noting that citizens should only be monitored when suspected of a crime.

Petar Vitanov, the lead MEP on the issue, stated on the matter, “Fundamental rights are unconditional. For the first time ever, we are calling for a moratorium on the deployment of facial recognition systems for law enforcement purposes, as the technology has proven to be ineffective and often leads to discriminatory results.”

Adding, “We are clearly opposed to predictive policing based on the use of A.I. as well as any processing of biometric data that leads to mass surveillance. This is a huge win for all European citizens.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Infosec Round-Up Oct 1st

Infosec Round-Up Oct 1st - Hut Six

iPhone contactless flaw could allow locked phone payments. China warns crypto “seriously endanger the safety of people’s assets”. Ethereum research facing 20 years in prison.

InfoSec Round-Up Sep 24th

InfoSec Round-Up Sep 24th - Hut Six

REvil steals loot from affiliate criminals. Lithuania warns of Chinese made phones. UK MoD exposes the data of Afghan interpreters.

Infosec Round-Up Sep 17th

Infosec Round-Up Sep 17th - Hut Six

Irish DPA investigates TikTok data collection. NSO Group flaw fixed. Microsoft announces passwordless future.

Infosec Round-Up Sep 10th

Infosec Round-Up Sep 10th - Hut Six

Ragnar Locker threatens victims with possible data leaks. UK student jailed for "cynical" cyber crime. ProtonMail faces criticism.

Infosec Round-Up Sep 3rd

Infosec Round-Up Sep 3rd - Hut Six

Insider threat destroys 21GB of credit union data. Hackers leak UK firearms marketplace data. Coinbase accidentally sends 125K warning emails.

Infosec Round-Up Aug 27th

Infosec Round-Up Aug 27th - Hut Six

Ethical hacker rewarded with $500K after returning stolen crypto. Japanese exchange attacked. US loses $2.3 million to BEC scam.

Infosec Round-Up Aug 20th

Infosec Round-Up Aug 20th - Hut Six

48 million T-Mobile customers' data breached. Secret 'no-fly' list exposed on internet. Brazil Government hit with another ransomware attack.

Infosec Round-Up Aug 13th

Infosec Round-Up Aug 13th - Hut Six

Apple responds to CSAM scanning criticism. Crypto hacker returns over $300 million worth of tokens. Crytek game developer confirms data leak hack.

Infosec Round-Up Aug 6th

Infosec Round-Up Aug 6th - Hut Six

Zoom to pay $86 million on privacy lawsuit. LockBit 2.0 cyber criminals recruiting insider threats. Isle of Wight schools hit with ransomware attack.

InfoSec Round-Up July 30th

InfoSec Round-Up July 30th - Hut Six

Israeli government raids NSO Group offices. Biden warns cyber breach could lead to "hot-war". Irish DoH data leak.