Joe Anglesatri owned two small magazine shops in Chicago, both of which were hacked after someone unknowingly planted a software program on his cash registers. The software sent his customer’s credit card information to Russia, and MasterCard was the first to inform him of the data breach. The entire fiasco cost Anglesatri $22,000 for his two small newstands.
This is an interesting data breach, as the exposure of this data also shed light on an Amazon review scam. The exposed 7GB database contained over 13 millions records related to how an Amazon scam review system works. In a bid to gain 5-star reviews for products, sellers contact Amazon users, tell them which products to buy, then refund them the cost through PayPal once a positive, 5-star review has been posted to Amazon. The seller gets a 5-star review for their products, and the customer gets fully refunded for the items they buy.
The database potentially implicates more than 200,000 people in the scam, according to Safety Detectives, which discovered the database on an ElasticSearch server with no password or encryption. Exposed data includes the email addresses and phone numbers of vendors, as well as PayPal account details, email addresses and usernames of reviewers. Over 230,000 Gmail email addresses were also exposed by the unprotected server.
April 6, 2021: Over 500 million LinkedIn user profiles were discovered on the Dark Web. The hackers shared two million of these LinkedIn records for only $2 total to prove the legitimacy of the information in the stolen data. The LinkedIn account users’ data was scrapped or imported from the website into a database, and includes names, LinkedIn account IDs, email addresses, phone numbers, gender, LinkedIn profile links, connected social media profile links, professional titles, and other work-related personal data.
June 21, 2021: A third-party vendor accidentally posted an unsecured database containing more than a billion search records of CVS Health customers. The 204 GB leaked database was not password protected and included visitor and session IDs, device information, configuration data, as well as multiple records for medications, including COVID-19 vaccines and CVS products.