Infosec Round-Up Oct 8th
Twitch Leak, A.I. Ban & Rogue IT Technician
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
Twitch Data Leak
The game streaming platform Twitch has fallen victim to a breach in which a reported 125GB of confidential data has been leaked.
Shared via the imageboard 4chan, the leak contained not only large amounts of financial information relating to its users, but also allegedly the source code from around 6,000 internal Git repositories.
Along with the data, the anonymous user posted referring to Twitch as “a disgusting toxic cesspool” and cited ‘greater competition in the online video streaming space’ as the motivation for the leak.
With Twitch confirming that no login credentials or credit card numbers were contained within the leak, the company noted: “We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party”.
Adding, “Our teams are working with urgency to investigate the incident. As the investigation is ongoing, we are still in the process of understanding the impact in detail”.
School Insider Threat
A former IT technician for a Leicestershire school has admitted to causing serious disruption by breaking into the computer systems of former employers, deleting data and changing passwords.
Adam Georgeson, 29, who had at the beginning of this year been fired from his role at Welland Park Academy, and was subsequently employed at a Rutland IT firm, gained unauthorised access to the IT systems reportedly out of ‘boredom’.
Appearing in Leicester Crown Court this Monday, the insider threat admitted changing passwords and deleting data, resulting in school systems being no longer accessible and remote learning being negatively impacted.
Detective Constable Anthony Jones, has stated: “There was a great deal of resentment towards both his former employers – but that’s no excuse for his actions which caused significant problems for both and could’ve had more damaging consequences.”
Adding, “I hope this case will serve as an example that Leicestershire Police takes all reports of cyber crime seriously and will fully investigate them in order to bring the perpetrators to justice.”
EU A.I. Ban
The European Union Parliament has voted in favour of a resolution which effectively bans the use of artificial intelligence-powered biometric mass surveillance technologies.
In a resolution adopted by 377 in favour, 248 against and 62 abstentions, MEPs cited the risk of algorithmic bias, as well as asking for a permanent ban on the automated recognition of individuals in public spaces, noting that citizens should only be monitored when suspected of a crime.
Petar Vitanov, the lead MEP on the issue, stated on the matter, “Fundamental rights are unconditional. For the first time ever, we are calling for a moratorium on the deployment of facial recognition systems for law enforcement purposes, as the technology has proven to be ineffective and often leads to discriminatory results.”
Adding, “We are clearly opposed to predictive policing based on the use of A.I. as well as any processing of biometric data that leads to mass surveillance. This is a huge win for all European citizens.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
iPhone contactless flaw could allow locked phone payments. China warns crypto “seriously endanger the safety of people’s assets”. Ethereum research facing 20 years in prison.
REvil steals loot from affiliate criminals. Lithuania warns of Chinese made phones. UK MoD exposes the data of Afghan interpreters.
Irish DPA investigates TikTok data collection. NSO Group flaw fixed. Microsoft announces passwordless future.
Ragnar Locker threatens victims with possible data leaks. UK student jailed for "cynical" cyber crime. ProtonMail faces criticism.
Insider threat destroys 21GB of credit union data. Hackers leak UK firearms marketplace data. Coinbase accidentally sends 125K warning emails.
Ethical hacker rewarded with $500K after returning stolen crypto. Japanese exchange attacked. US loses $2.3 million to BEC scam.
48 million T-Mobile customers' data breached. Secret 'no-fly' list exposed on internet. Brazil Government hit with another ransomware attack.
Apple responds to CSAM scanning criticism. Crypto hacker returns over $300 million worth of tokens. Crytek game developer confirms data leak hack.
Zoom to pay $86 million on privacy lawsuit. LockBit 2.0 cyber criminals recruiting insider threats. Isle of Wight schools hit with ransomware attack.
Israeli government raids NSO Group offices. Biden warns cyber breach could lead to "hot-war". Irish DoH data leak.