Hackers successfully exploited Meta’s AI-powered support chatbot to gain unauthorized access to numerous high-profile Instagram accounts, including those belonging to former government entities and prominent brands. The method involved manipulating the AI assistant into initiating password resets by sending verification codes to attacker-controlled email addresses, bypassing standard security protocols in some instances. Meta has since confirmed the issue has been resolved and is working to secure affected accounts, though the full extent of the breach remains unknown and highlights potential vulnerabilities in relying on AI for critical security functions.
Read More
Clorox has filed a lawsuit against Cognizant, alleging the IT provider’s negligence led to a significant cyberattack in 2023. The lawsuit claims hackers, identified as the Scattered Spider group, gained access by simply requesting employee passwords from Cognizant’s service desk. According to the suit, Cognizant staff provided credentials without proper verification, leading to a breach that caused $380 million in damages due to remedial costs and disrupted product shipments. Clorox also cited additional failures by Cognizant in containing the attack, further contributing to the severity of the situation.
Read More
Coinbase revealed a data breach resulting from compromised overseas support agents who were bribed by cybercriminals. The attackers obtained sensitive customer data, including names, addresses, and partial financial information, to conduct social engineering attacks. While no passwords or funds were compromised, Coinbase estimates remediation costs could reach $400 million. The company is cooperating with law enforcement and offering a $20 million reward for information leading to arrests, refusing to pay the extortion demand. Despite this incident, Coinbase maintains its commitment to enhancing security measures and customer reimbursement.
Read More
John Q. Hosedrinker