Here are this week’s highlights in cybersecurity:

  • TruthFinder and Instant Checkmate background check services confirmed they suffered a data breach after hackers leaked a 2019 database containing the info of 20 million customers. More
  • The Dutch police announced that they dismantled the Exclu encrypted communications platform after hacking into the service to monitor the activities of criminal organizations. 42 arrests were made, 2 owners and 40 users of the service, including drug lab operators holding significant amounts of narcotics, firearms, and over 4 million euros in cash. More
  • Security researchers discovered a flaw in Cl0p’s Linux ransomware which allows victims to decrypt their files for free. The malware encrypts the RC4 key used to encrypt files with another RC4 master key that can be recovered from the malware. This is different from the Windows version which uses asymmetric encryption (RSA) as the master key. More
  • Security researcher breached Toyota’s supplier portal having information on 14,000 partners. The breach was possible because the endpoint that generated a JWT authentication token required only a valid email and no password. More
  • Weee! grocery delivery service was breached leaking the personal information of 1.1 million customers. More
  • Large Canadian bookstore Indigo shuts down its website after cyberattack. According to the incident report, the company is unable to process electronic payments. More
  • Reddit was hacked via a spear-phishing attack. Attackers gained access to some internal documents, code, and some internal business systems. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.