Welcome to our weekly dose of critical cyber stories. So what are the top cybersecurity stories from the third week of July 2023?
In this week’s cybersecurity roundup, we delve into a series of significant incidents and reports that have made headlines. From a major data leak at OpenAI to significant threats to UK’s airport operations systems, the landscape of cyber threats continues to evolve and expand. Here are this week’s top stories:
Thousands of OpenAI Credentials Stolen and Sold on the Dark Web
In a shocking disclosure, thousands of OpenAI credentials have been stolen and are being sold on the dark web. The stolen credentials reportedly belong to OpenAI’s GPT-3 models, which are widely used for various applications, including drafting emails, writing code, creating written content, and more. The theft was discovered by researchers at Cyble, a cybersecurity firm, who found an advertisement on a dark web forum offering the stolen credentials. The seller claimed to have “thousands” of OpenAI API keys and was selling them for $10 each. OpenAI has been notified of the breach and is investigating the matter.
Instagram Settles $68.5M Illinois Biometric Lawsuit
Instagram has agreed to settle a $68.5 million lawsuit over alleged violations of Illinois’ Biometric Information Privacy Act (BIPA). The lawsuit, filed in 2020, claimed that Instagram collected, stored, and used the biometric data of more than 100 million users without their informed consent, in violation of BIPA. The settlement, which still requires court approval, would resolve the claims of approximately 7 million Illinois residents who used Instagram between 2010 and 2021.
UK Amends Encrypted Message Scanning Plans
The UK government has made amendments to its powers that could be used to compel tech firms to scan encrypted messages for child abuse images. Tech firms such as Signal, WhatsApp, and Apple have opposed these powers due to privacy concerns. The amendments to the Online Safety Bill now require a report to be written before the powers are used by the regulator, Ofcom. However, campaigners argue that this extra safeguard fails to adequately protect privacy.
UK Airports Targeted by Coordinated Russian Cyber Attack Groups
UK airports are reportedly being targeted by Russian hacker groups. London City Airport’s website experienced a downtime, coinciding with a claim of a hack by pro-Russia UserSec. Shortly after, Anonymous Russia claimed to have launched a similar attack on Birmingham Airport’s website. While the claims are yet to be verified, it is clear that the intention behind these alleged hacks and the specific targeting of UK airports remains uncertain.
Russian Hackers Threaten to Release Masses of Private Data Stolen from Irish Communications Regulator
A notorious Russian cybercriminal gang, known as Cl0p, has threatened to publish a large amount of private information stolen from ComReg, the Irish communications regulator. The group claims to have 143 gigabytes of ComReg data, stolen in a ransomware attack on the Government agency in May. The data includes sensitive information relating to the telecommunications industry. The attack is being investigated by the National Cyber Security Centre (NCSC), the Garda National Cyber Crime Bureau, and a private cybersecurity company.