Data Breaches, Thursday Threats

Millions of records exposed in Twitter, Neopets data breaches

Cybercriminals are constantly looking to steal personal information, and thus, their targets will often be organizations that hold a vast amount of data. When such cyberattacks are successful, you will see news stories detailing that hundreds of millions of records have been compromised by hackers. This week’s Thursday Threat Update covers two incidents worthy of the national news that each has garnered, one affecting Neopets and the other impacting Twitter. 

Neopets data breach affects 69 million users

What we know: The virtual pet website Neopets reported having experienced a data breach affecting 69 million users. The hackers behind the cyberattack claimed to have have stolen users’ names, usernames, email addresses, dates of birth, and other data points., while Neopets has confirmed that passwords were also compromised in the breach.

Recommendations: Neopets users should immediately change the password to their accounts, and those of any family members. If you use that particular password for other online services, change those immediately as well. You can use this as an opportunity to create wholly unique passwords for each of your accounts, as you should never reuse passwords across. In addition, be extra cognizant of suspicious messages that you may receive, as cybercriminals can use the compromised email accounts to launch phishing attacks. Jellyneo, a Neopets fan site, has set up a webpage dedicated to posting updates on the breach.

Twitter breach results in exposure of 5.4 million accounts

What we know: Cybercriminals exploited a Twitter security vulnerability to steal the contact information of 5.4 million accounts. The vulnerability had been discovered in January, and had been patched by Twitter, but not before cybercriminals were able to exploit it. The compromised data includes phone numbers and email addresses, and it has been confirmed that the stolen information is for sale on a hacking forum.

Recommendations: Be on the lookout for any suspicious messages you may receive. While you may see phishing emails in your inbox, you should also be cautious of phishing attacks targeting your phone. “Smishing” and “Vishing” attacks are when cybercriminals try to trick targets into turning over personal information through phony text messages and phone calls, respectively. If you receive a suspicious text message, do not respond or click any links in the text. You should delete and block the sender, and file a complaint with the FCC. You can also forward the text by sending it to 7726, a service that is free of charge.

Stay on top of cyber hygiene, for yourself and your family

As these breaches show, cybercriminals will target just about any entity that houses personal data, whether it’s a social media platform such as Twitter, or it’s a child-oriented online experience with Neopets. Fortunately, you can take steps today to minimize the risk for everyone in your family.

Learn how you can protect your children’s online privacy, why poor password practices can be costly, and how digital executive protection can help reduce you and your family’s risk of getting caught up in a data breach.