Weekly Update 395

Data breach verification: that seems like a good place to start given the discussion in this week’s video about Accor. Watch the vid for the whole thing but in summary, data allegedly taken from Accor was published to a popular hacking forum and the headlines inevitably followed. However, per that story:

Cybernews couldn’t confirm the authenticity of the data. We reached out to Accor for clarification and are awaiting a response.

I couldn’t confirm the authenticity of the data either and I wrote a short thread about it during the week:

I’m not convinced this data is from Accor. There are barely any references to “accor” in the data and the ones that are there just look like records where Accor is a customer of another service. https://t.co/4rT17eNQ7J

— Troy Hunt (@troyhunt) April 11, 2024

Yet that headline very clearly stated there’d been a breach, as did the SC News one a few days later: Accor database exposed by IntelBroker. So… no independent verification and no statement from the company, yet a headline stating a publicly listed multinational with billions of dollars of annual revenue has had customer data exposed. That’s, uh, “brave” 😲

References

1. Sponsored by: Kolide ensures only secure devices can access your cloud apps. It’s Device Trust tailor-made for Okta. Book a demo today.
2. I’m on Hamilton Island! (that’s a Google search for Whitehaven Beach 😍)
3. Indian service boAt had 7.5M records breached (apparently the breach was carried out by “shopifyGUY”, who seems to be quite good at this…)
4. …hence the breach I made live during the stream, Canadian retailer Giant Tiger (and there’s one more in the pipeline from shopifyGUY too)
5. Just about everyone in El Salvador also ended up in a breach (the presence of what looks like passport photos for everyone is also a bit worried)
6. Accor allegedly had a breach which really didn’t look like Accor when I first reviewed it (but the suggestion during the live stream about it possibly being sourced from an Accor event facility was a really interesting one which deserves more investigation)