Cyber criminals cook up another data breach of 8 million Home Chef customers

May 21, 2020 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
May 21, 2020

Just as Chicago can’t go a whole week without a gang-related shooting, there’s another data breach in the news, sadly this data breach happened down the road from InfoSec News’ office in Chicago Illinois.

In a security alert posted on Home Chef’s website on Wednesday, May 20th, the Chicago-based, Kroger owned meal company had learned of a data breach and the following was stolen, email address, name and phone number, encrypted passwords, The last four digits of credit card numbers and other account information such as frequency of deliveries and mailing address may also have been compromised in the data breach.

Home Chef reports that it does not store complete credit or debit card information and “Protection of customer data is a top priority for Home Chef, and we work hard to safeguard our customers’ information”

The Home Chef data breach statement continues “We are taking action to investigate this situation and to strengthen our information security defenses to prevent similar incidents from happening in the future.”

In early May 2020, BleepingComputer reported a hacking group known as Shiny Hunters were selling over 70 million user records from eleven different companies on a dark web hacking marketplace which included eight million records for Home Chef, the asking price for Home Chef’s list was a mere $2,500.00

While the Home Chef passwords were encrypted, Home Chef recommends their users to change their password in an abundance of caution. InfoSec News recommends all users to seriously consider purchasing and using a password manager like KeePass, LassPass or 1Password to both safely store and create long, complex, hard to crack passwords.

Home Chef was founded in the summer of 2013 by Pat Vihtelic (Now Home Chef’s CEO) who taught himself to code, built a website, and quit his job as an investment banker. Last year, Home Chef delivered over 10 million meals and expanded its delivery to cover more than 97% of the U.S. population.

In May 2018, Cincinnati-based Kroger (NYSE: KR), the nation’s largest operator of traditional supermarkets, agreed to buy Chicago-based Home Chef in a deal worth as much as $700 million.

Texas Department of Transportation reports ransomware attack on agency network

May 16, 2020 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
May 16, 2020

The Texas Department of Transportation in a statement on Twitter says they were the victims of a ransomware attack on their agency network.

On May 14, 2020, there was unauthorized access to the network in a ransomware event and TxDot took immediate steps to isolate the incident and shut down any further unauthorized access.

“We believe we have a duty to inform our fellow Texans and our fellow state agencies of this unfortunate incident,” executive director James Bass said. “We want every Texan to rest assured that we are doing everything we can to swiftly address this issue. We also are working to ensure critical operations continue during this interruption.”

The Texas Department of Transportation says they are working closely with the FBI to find those responsible and prosecute them to the fullest extent of the law.

InfoSec News is trying to find out if this is a separate attack or related to the ransomware attack that crippled the Texas Supreme Court’s website earlier in the week.

Ransomware attack disables Texas Supreme Court’s website

May 13, 2020 By William Knowles

InfoSec News

By William Knowles @c4i
Senior Editor
InfoSec News
May 13, 2020

On Friday, May 8th, the Office of Court Administration (OCA), the information technology (IT) provider for the appellate courts and state judicial agencies within the Texas Judicial Branch, identified a serious security event in the branch network, which was later determined to be a ransomware attack.

The attack began during the overnight hours and was first discovered in the early morning hours on Friday. The attack is unrelated to the courts’ migration to remote hearings amid the coronavirus pandemic.

Immediately upon discovery, OCA IT staff disabled the branch network including websites and servers to prevent further harm. The network has remained disabled since this time and will continue to do so until the breach is remediated.

OCA is working with law enforcement and the Texas Department of Information Resources (DIR) to investigate the breach. DIR and other information security authorities are providing assistance to OCA with recovery support.

OCA was able to catch the ransomware and limit its impact and will not pay any ransom. Work continues to bring all judicial branch resources and entities back online. In the meantime, a temporary web site has been established with critical judicial branch information, including information concerning the COVID-19 pandemic.

In recent years, the majority of the Texas Judicial Branch entities supported by OCA have moved many IT functions to the cloud. These services have not been impacted by the attack. These cloud services include eFileTexas (for filing of documents), reSearchTX (for reviewing filed documents), collaboration tools for editing and sharing documents, and email.

This action will permit many of the courts and judicial branch agencies to continue operations and ensure that filing of documents can continue uninterrupted. At this time, there is no indication that any sensitive information, including personal information, was compromised.

Additionally, due to the structure of the IT function within the state judiciary, individual trial court networks throughout the state were unaffected by the cyberattack. Judicial branch employees supported by OCA have received training in cybersecurity in recent weeks and will continue to receive updated training.

Blake Hawthorne, Clerk of the Supreme Court of Texas, tweeted on Tuesday night “I have a feeling that before long I will be giving a continuing legal education talk on the oddly specific topic “Operating a Court During a Pandemic and a Ransomware Attack.”

In August 2019, 22 Texas towns were hit with a ransomware attack by “one single threat actor” who demanded a $2.5MM ransom.

Potential data breach reported at hard-hit Ontario long-term care home

May 11, 2020 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
May 11, 2020

Ontario’s Minister of Long-term Care Dr. Merrilee Fullerton reported a potential data breach at a Pickering, Ontario long-term care home on Saturday evening on Twitter.

“I’m learning of disturbing news out of Pickering’s Orchard Villa LTC home. There is a possibility of a significant privacy breach regarding individual resident personal health info. My heart goes out to the residents and families, during what is already a very difficult time”

Dr. Fullerton tweets “Our government takes personal privacy very seriously, and we are continuing to monitor this situation closely. I have been in contact with Peter Bethlenfalvy and we both share feelings of frustration and sadness at this recent development.”

“Orchard Villa has informed the Information Privacy Commissioner Office and other authorities as appropriate.”

The Pickering retirement community has been Ontario’s hardest long-term care facility hit by the COVID-19 pandemic. As of Friday, May 8th, 2020, there had been 68 deaths at Orchard Villa, with 63 in the long-term care section and five in the retirement home.

DEF CON 28 in-person conference is CANCELLED

May 8, 2020 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
May 8, 2020

(Via Jeff Moss / The Dark Tangent)

Why? It is not safe for people to gather in large groups for conferences, sports ball events, or clubbing now or in the foreseeable future this year.

To commemorate this (hopefully) once in a lifetime event we, of course, made shirts.

When I wrote my DEF CON vs. COVID-19 blog post-March 12th 2020 I was optimistic that social distancing, sheltering, a robust medical response with wide-scale testing would make it safe to gather in early August. I no longer believe that.

Even if a vaccine were to be discovered tomorrow it would not be soon enough to test, manufacture, distribute, and administer in time for people to safely travel by August.

Too many States have stayed open or are re-opening, people partied for far too long, and the lack of Federal coordination gives me no hope that things will get back to normal this year. I also worry that the conferences that postponed to later this year will be caught up in the “second wave” after restrictions start to ease and they will end up having to cancel. Because of this, postponing for DEF CON was not an option.

The theme for DEF CON 28 is “Discovery,” and 2020 has not disappointed.

While I made the decision to cancel the in-person conference almost a month ago on April 11th, the delay in announcing has been due to learning how to actually cancel. It has taken weeks of working with staff, lawyers, accountants, and Caesars. I didn’t want to endanger the future of the con by tweeting that we were canceling before we understood and were confident we could navigate the process.

Even though our in-person Las Vegas event is canceled, we will run DEF CON 28 Safe Mode August 7-9 (Friday through Sunday) with 101 orientation Thursday – all of it remote. We will use the DEF CON Forums to coordinate all the various ways you to participate. That is where everyone can announce their plans, do signups, post pictures, and videos, and get people involved.

Then on August 6th, we will open the DEF CON discord.io/dc server up for everyone to join and start their con experience!

Expect events like a new on-line Mystery Challenge, a DEF CON is Canceled music album, remote CTFs like Hack-a-Sat, Villages like the Packet Hacking Village, contests like the TeleChallenge, Ham Exams, and more. We are also planning a remote movie night and drink-up.

There are too many different platforms for “one size fits all” so instead of us picking a winner we will act as the coordinator pointing everyone where to go with a planning calendar, links, descriptions, and music.

The good news is DEF CON will survive, and DEF CON 29 is planned for August 5-8 2021, you can reserve your rooms now.

On a personal level this has been the most stressful few months I can remember, between being on home lock-down and having to navigate the future of DEF CON it has felt like there were land mines all around me and the lights were turned off. While cancellation negotiations are still ongoing I’ve been lucky that the DEF CON Goons and community writ large have been amazing, helping me to navigate in a safe direction. I am proud that over the years we have all gotten better at self-care and supporting each other outside of Con and I can’t wait to see everyone when it is less chaotic and uncertain. Hackers do like security.

Thank you for your support and understanding,

The Dark Tangent