BlogNews25TH JAN 2024
AuthorShayan Naveed
5 min read
News

23andMe, Payoneer Breaches, and WordPress Plugin Vulnerability in the Spotlight

Twitter
Facebook
WhatsApp
Email
LinkedIn
This image is for the security roundup

In a recent surge of cybersecurity challenges, the spotlight falls on three distinct incidents – the data breach at genetic testing provider 23andMe, account compromises in Payoneer, and the exploitation of a critical vulnerability in the widely-used 'Better Search Replace' WordPress plugin. Join us as we explore the latest in cybersecurity.

Cybersecurity News Roundup for Jan 19, 2024


Here are the details regarding the latest cybersecurity news:

23andMe Confirms Data Breach: Hackers Access Data of 6.9 Million Customers

Genetic testing provider 23andMe recently disclosed a significant data breach, revealing that hackers accessed health reports and raw genotype data for a period of five months, from April 29 to September 27. The breach resulted from a credential stuffing attack, utilizing stolen credentials from other data breaches or compromised online platforms.

The compromised data, disclosed in breach notification letters, includes information for 1 million Ashkenazi Jews and 4.1 million individuals in the United Kingdom. 23andMe confirmed that the threat actor downloaded uninterrupted raw genotype data and potentially accessed other sensitive information, including health reports, wellness reports, and carrier status reports.

For users of 23andMe's DNA Relatives feature, the attackers may have scraped DNA Relatives and Family Tree profile information, exposing ancestry reports, matching DNA segments, self-reported locations, ancestor birth locations, family names, profile pictures, birth years, and more.

In response, 23andMe mandated password resets for all users on October 10 and implemented two-factor authentication for added security since November 6. The incident prompted multiple lawsuits, leading to updates in the company's Terms of Use to streamline the arbitration process.

Payoneer Users in Argentina Report Account Breaches 

Payoneer users in Argentina faced a disturbing situation as their 2FA-protected accounts were compromised, resulting in fund losses. Users woke up to unauthorized SMS OTP codes, leading to login issues.

Payoneer, a popular financial services platform, witnessed users losing access or finding empty wallets, with losses ranging from $5,000 to $60,000. Before the breach, users received SMS requests for password reset approval on Payoneer, a request they didn't grant.

Investigations revealed affected users, mostly using Movistar, raising suspicions of a Movistar data leak. Another theory suggests a breach in the SMS provider delivering OTP codes.

Payoneer, acknowledging the issue, attributes it to phishing attempts. Users dispute, claiming they didn't click on phishing links. The attack mechanism is unclear, with suspicions of a 2FA bypass bug. Users are advised to withdraw funds or disable SMS-based 2FA.

In a January 20 update, Payoneer pledged to protect funds, recover losses, and educate users on safety measures. Uncertainty looms as investigations continue, and restitution details remain unanswered.

Hackers Target WordPress Database Plugin Used By 1 Million Sites

A critical vulnerability in the widely-used 'Better Search Replace' WordPress plugin has been exploited by malicious actors, prompting security experts to observe thousands of attack attempts in the last 24 hours. The plugin, boasting over a million installations, assists admins in database search and replace operations during website migrations.

WP Engine, the plugin's vendor, released version 1.4.5 last week to address the severe PHP object injection flaw (CVE-2023-6933). Unauthenticated attackers can exploit this vulnerability by injecting a PHP object, potentially leading to code execution, data access, file manipulation, or an infinite loop denial of service.

Although Better Search Replace isn't directly vulnerable, it can be exploited if another plugin or theme on the same site contains a Property Oriented Programming (POP) chain. WordPress security firm Wordfence has already thwarted over 2,500 attacks targeting this vulnerability, emphasizing the urgency for users to upgrade to version 1.4.5 immediately.

Shayan Naveed
Shayan Naveed / Contributor
Shayan has covered various topics as a journalist with over a decade of experience. She is currently focusing on the ramifications of cybersecurity incidents and their impact on our digital lifestyle as whole. Reach out to her for tips, pitches and stories.
FAQsFrequently Asked Questions
Genetic data holds immense value for various reasons, including personalized healthcare insights and ancestral exploration. Hackers target platforms like 23andMe to exploit this sensitive information for illicit gains, such as identity theft, fraud, or even selling the data on the dark web. As the demand for genetic testing services rises, safeguarding this data becomes crucial. Genetic testing providers implement robust security measures, but breaches can occur due to evolving cyber threats. It underscores the need for continuous advancements in cybersecurity to protect the privacy and confidentiality of individuals' genetic information.