Welcome to the FlashRouters Privacy News Center, your one-stop shop for news on worldwide Internet privacy.
Whether it is a hardware vulnerability potentially exposing the privacy of users, a draconian government snooping in on their citizens, or even big company’s data breach, FlashRouters provides a solution for online safety in a constantly changing world. Now, let’s check in on this latest Internet privacy top stories.
Table Of Contents
- Amazon Leaks Names And Email Addresses In “Technical Error”
- How The NSA Is Responsible For A Recent Attack On Home Routers
- Hackers Bypass Crucial And Samsung SSD Encryption With Ease
- 500 Million Guests’ Data Exposed By Marriott International
Just last week Amazon emailed users to inform them of a “technical error” that exposed their names and email addresses publicly available. Amazon has not revealed how many users have been affected by the mistake and has began to reach out to those affected.
However, these emails that Amazon has sent are surprisingly brief and offer little to no insight on how the leak happened. While Amazon claims that the error has been fixed and no actions need to be taken on the users’ end, this leak leaves users exposed to phishing attacks and false password reset attempts.
Amazon’s legit been sending out notices saying sorry we exposed your email address. Seems likely related to this https://t.co/21cRB2dHTk… Besides the brevity, what’s giving people pause is they sign the email https://t.co/KDiteRFaeR Why cap the “a” and why no https://? Strange pic.twitter.com/mwty3GmCN1
— briankrebs (@briankrebs) November 21, 2018
Do you have an older home router? Does it have the Universal Plug and Play (UPnP) protocol activated? If you answered “yes” to these questions, then you may be infected with malware developed by the NSA.
Fortunately, the NSA is not behind the plot to infect your router. The malware attack is being sent out by various cyber criminals and hacker groups. This malware has been dubbed “UPnProxy: EternalSilence” by researchers at Akamai, a data management firm. Essentially, this malware can infect old routers via the UPnP protocols and gain direct access to Windows PCs on home and small-business networks.
The best way to combat this attack if you aren’t already infected is to factory reset your router, disable UPnP, and then update your router to the latest firmware.
Researchers at Radboud University in The Netherlands have recently reported that hackers could easily bypass Microsoft’s default encryption on Crucial and Samsung solid state drives. The researchers were able to reverse engineer the firmware on multiple drives and discovered a “pattern of critical issues.”
One issue happens to be that the default master password to decrypt the data was just an empty string. This means that someone could decrypt the drive by just hitting the Enter key on the keyboard. Another issue happened to be that the drive’s password validation check did not work, allowing any password to unlock the drive.
The drives that the researchers found to have these issues include, but are not limited to, Crucial’s MX100, MX200, and MX300 SSDs, Samsung’s T3 and T5 portable SSDs, as well as Samsung 840 EVO and 850 EVO SSDs. These issues likely affect other products, considering that many share the same firmware.
The Marriott International hotel chain stated the Starwood reservation database system had been hacked. This database contained details of up to 500 million guests going as far back as 2014. The hotel group was informed i September that an attempt to access the database was made. An investigation taking place this month confirms that unauthorized access had been made.
The hackers also obtained encrypted credit-card information for some customers, but it is not clear if they will be able to use the payment details. The hack affects customers who made reservations for Starwood hotel brands from 2014 to September of this year. Some of these hotels include Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Meridien, tribute, Design Hotels, Elements, and the Luxury Collection.
Marriott International has since set up a dedicated website and call center for those affected in the breach. They will also be offering a year of free enrollment to Web Watcher to customers that live in the United States, Canada, and Britain. This service will alert people if their information is being sold online.
More Steps To Secure Your Home Network
A FlashRouter provides open-source firmware such as DD-WRT, OpenWRT and TomatoUSB to secure and protect your home network from exploits, whether they come from hackers or snooping governments.