CyberSecurity news

FlagThis - #customers

@cyberinsider.com //
Adidas has confirmed a data breach impacting customer data via a third-party customer service provider. According to Adidas, the compromised data primarily consists of contact information of customers who had previously contacted their customer service help desk. The company assures that sensitive information like passwords, credit card, or any other payment-related information were not affected in the incident.

Adidas became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider. Adidas has immediately taken steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts. The company is currently notifying affected customers and is cooperating with data protection authorities and investigators as required by law.

This breach marks the third publicly acknowledged incident involving the sportswear giant’s customer service systems recently. The company is working to clarify the situation, reinforcing the importance of securing third-party providers to prevent them from becoming a gateway for attackers to access target systems. Adidas expressed that they remain fully committed to protecting the privacy and security of their consumers and sincerely regret any inconvenience or concern caused by this incident.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyberinsider.com: Adidas Hit by Third Customer Data Breach Linked to Support Systems
  • The Register - Security: Adidas confirms criminals stole data from customer service provider
  • The420.in: Adidas Falls Victim to Cyberattack Amid Retail Industry Wave
  • BleepingComputer: Adidas warns of data breach after customer service provider hack
  • www.it-daily.net: Data leak at Adidas: contact data tapped via third-party providers
  • bsky.app: German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data.
  • Graham Cluley: Adidas customers’ personal information at risk after data breach
  • hackread.com: Adidas Confirms Cyber Attack, Customer Data Stolen
  • hackread.com: Adidas Confirms Cyber Attack, Customer Data Stolen
  • www.bleepingcomputer.com: Adidas warns of data breach after customer service provider hack
  • Graham Cluley: Adidas customers' personal information at risk after third-party data breach.
  • bsky.app: Adidas customers' personal information at risk after third-party data breach.
  • techinformed.com: Adidas becomes latest consumer brand to be hit with a cyber breach
  • www.techradar.com: Adidas confirms customer data stolen in worrying cyberattack
  • www.techdigest.tv: Adidas customer data stolen in latest retail cyber attack
  • PCMag UK security: Adidas Confirms Data Breach, Customer Contact Details Exposed
  • Rescana: April 2025 Adidas Data Breach: Supply Chain Attack via Third-Party Customer Service Provider
  • ComputerWeekly.com: Adidas confirms customer data was accessed during cyber attack
Classification:
  • HashTags: #DataBreach #Adidas #CyberSecurity
  • Company: Adidas
  • Target: Adidas Customers
  • Product: Customer Data
  • Feature: Data theft
  • Type: DataBreach
  • Severity: Medium
@www.silentpush.com //
A China-based eCrime group known as the Smishing Triad has expanded its operations, targeting users across more than 121 countries with sophisticated SMS phishing campaigns. Originally focused on impersonating toll road operators and shipping companies, the group has now pivoted to directly target customers of international financial institutions. This expansion is accompanied by a dramatic increase in their cybercrime infrastructure and support staff, signaling a significant escalation in their activities. The group's operations span a diverse range of industries, including postal, logistics, telecommunications, transportation, finance, retail, and public sectors.

The Smishing Triad's infrastructure is vast, utilizing over 8,800 unique IP addresses and stretching across more than 200 Autonomous System Numbers (ASNs). Recent data from server logs analyzed by Silent Push reveal that the group's infrastructure has been highly active, with over one million page visits logged in just 20 days. This suggests that the actual number of SMS phishing messages sent may be significantly higher than the previously estimated 100,000 per day. A large portion of the group's phishing sites are hosted by major Chinese companies, Tencent and Alibaba, indicating a strong connection to Chinese cyberspace.

The group's latest tactic involves the introduction of the "Lighthouse" phishing kit, unveiled on a Telegram channel by the developer identified as Wang Duo Yu. This kit targets numerous financial institutions, particularly in Australia and the broader Asia-Pacific region, as well as major Western financial institutions like PayPal, Mastercard, and HSBC. The Lighthouse kit boasts advanced features such as one-click setup, real-time synchronization, and mechanisms to bypass multiple layers of security like OTP, PIN, and 3DS verification, making it a formidable tool for stealing banking credentials. Smishing Triad boasts it has “300+ front desk staff worldwide” supporting the Lighthouse kit, and continues to sell its phishing kits to other threat actors via Telegram.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • krebsonsecurity.com: China-based SMS Phishing Triad Pivots to Banks - Krebs on Security
  • www.silentpush.com: Silent Push blog on Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit
  • gbhackers.com: GBHackers article on Smishing Triad
  • Cyber Security News: CyberPress report on Chinese eCrime Group Launches Global Attack to Steal Banking Credentials from Users in 120+ Countries
  • securityonline.info: Smishing Triad: eCrime Group Targets 121+ Countries with Advanced Smishing
  • Security Latest: Smishing Triad: The Scam Group Stealing the World’s Riches
Classification:
  • HashTags: #Smishing #Phishing #eCrime
  • Company: Apple, Google
  • Target: Customers
  • Attacker: Smishing Triad
  • Product: SMS
  • Feature: SMS Phishing
  • Malware: Lighthouse
  • Type: Phishing
  • Severity: Medium
Aninda Chakraborty@Tech Monitor //
Western Alliance Bank recently disclosed a data breach impacting 21,899 customers. The incident stemmed from a vulnerability in third-party secure file transfer software, highlighting the risks associated with relying on external vendors for critical operations. Attackers exploited a zero-day vulnerability to exfiltrate sensitive files from the bank's systems, prompting an internal investigation after stolen files were leaked online. The breach occurred between October 12 and October 24 of the previous year, but the vulnerability wasn't disclosed by the vendor until October 27, highlighting the time it can take to discover these issues.

The compromised data included names, Social Security numbers, dates of birth, financial account details, driver’s license numbers, tax identification numbers, and even passport information in some cases. The Clop ransomware gang has been attributed to the breach, adding Western Alliance Bank to its leak site after exploiting vulnerabilities in Cleo Harmony and related software. The bank is offering affected customers one year of credit monitoring as a precaution, while urging heightened vigilance for potential identity theft and fraud.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • bsky.app: Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached.
  • Secure Bulletin: Western Alliance Bank data breach: 21,899 customers impacted
  • The DefendOps Diaries: Understanding the Western Alliance Bank Data Breach: Lessons in Cybersecurity
  • BleepingComputer: Western Alliance Bank notifies 21,899 customers of data breach
  • Tech Monitor: Western Alliance Bank confirms data breach affecting over 21,000 customers
  • BleepingComputer: Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached.
  • Information Security Buzz: Western Alliance Bank has announced a data breach affecting 21,899 people, that was caused by an October 2024 cyberattack on a third-party file transfer software.
  • www.itpro.com: Western Alliance Bank admits cyber attack exposed 22,000 customers
Classification: