Millions of PornHub Users’ Data Stolen in Extortion Hack
▼ Summary
– U.S. Customs and Border Protection is moving from testing to standard operational use of small drones for surveillance, expanding its monitoring capabilities.
– U.S. Immigration and Customs Enforcement plans to expand employee surveillance through a cybersecurity contract amid increased leak investigations.
– The hacker group ShinyHunters stole over 200 million user records from PornHub, likely from old data analytics systems, and is attempting extortion.
– A critical, unpatched vulnerability in Cisco’s email security products has been exploited for weeks by a suspected Chinese state-sponsored hacking group.
– Two former cybersecurity professionals have pleaded guilty to running a ransomware scheme after one worked as an incident responder and the other as a ransomware negotiator.
Recent developments highlight a significant expansion of surveillance capabilities by U.S. border and immigration agencies, alongside a major data breach affecting millions. United States Customs and Border Protection is now moving small drones from testing phases into standard operational use for surveillance, broadening an already extensive monitoring network that sometimes operates beyond the nation’s physical borders. Concurrently, U.S. Immigration and Customs Enforcement is set to implement a wide-ranging cybersecurity contract that will enhance its ability to surveil and monitor employees. This shift occurs as federal authorities intensify investigations into leaks and crack down on internal dissent.
In the realm of digital deception, the AI application Haotian has gained notoriety. This Chinese-language tool can produce “nearly perfect” face swaps during live video chats, making it a preferred instrument for scammers based in Southeast Asia. Investigations reveal the company has reportedly promoted its services directly to these fraudsters, frequently using Telegram as a platform. Following inquiries, Haotian’s primary Telegram channel disappeared. Separately, a different fraud scheme in China involves using AI-generated images, depicting scenarios like dead crabs or torn bedding, to falsely claim defective products and secure refunds from e-commerce platforms.
A significant cybersecurity incident has emerged involving the hacker collective known as the Com, which has a long history of breaching companies. A subgroup called ShinyHunters has allegedly stolen over 200 million user records from PornHub, totaling 94 gigabytes of data. This trove includes email addresses and detailed site history linked to premium accounts. According to PornHub, the data appears to have been taken from MixPanel, a third-party analytics firm the site stopped using in 2021, indicating the information could be four years old or more. The hackers have reportedly sent extortion emails to the company, leaving many users anxious about their private browsing habits being exposed.
In related news, Venezuela’s state-owned oil company, PDVSA, reported a disruptive cyberattack on its administrative systems. The incident occurred shortly after the U.S. military seized a tanker carrying Venezuelan crude. PDVSA claims operations continued but accused the U.S. of orchestrating the intrusion as part of a broader campaign against its energy sector. Independent reports suggest the attack’s impact was more severe than officially acknowledged, potentially halting oil deliveries and taking internal systems offline. This cyber event follows heightened tensions between Washington and Caracas, involving disputes over sovereignty and maritime seizures.
Critical vulnerabilities in network infrastructure are also raising alarms. Hackers are increasingly targeting “edge” devices like routers, VPNs, and firewalls as entry points. A newly revealed, unpatched flaw in several Cisco products has provided such an opportunity, with exploitation reportedly occurring for weeks. Cisco’s Talos team identified a zero-day vulnerability in its Secure Email Gateway and Secure Email and Web Manager products running AsyncOS software. The company attributes the attacks to a likely Chinese state-sponsored group. Notably, a patch is not yet available, though Cisco advises that the flaw exists in a “spam quarantine” feature not typically exposed online and can be temporarily disabled to reduce risk.
Finally, a case underscores the troubling crossover between cybersecurity defense and cybercrime. Two men formerly employed at cybersecurity firms have pleaded guilty to hacking charges after running their own ransomware operation. Ryan Clifford Goldberg, an incident responder at Israeli firm Sygnia, and Kevin Tyler Martin, a ransomware negotiator at U.S. firm DigitalMint, allegedly also worked as an affiliate for the ALPHV ransomware gang. Their scheme successfully extorted a million dollars from a Florida medical device company. A third alleged conspirator was named in court documents but not charged in this particular case.
(Source: Wired)
