Pornhub will soon be blocked in five more states as the adult site continues to fight what it considers privacy-infringing age-verification laws that require Internet users to provide an ID to access pornography.
On July 1, according to a blog post on the adult site announcing the impending block, Pornhub visitors in Indiana, Idaho, Kansas, Kentucky, and Nebraska will be "greeted by a video featuring" adult entertainer Cherie Deville, "who explains why we had to make the difficult decision to block them from accessing Pornhub."
Pornhub explained that—similar to blocks in Texas, Utah, Arkansas, Virginia, Montana, North Carolina, and Mississippi—the site refuses to comply with soon-to-be-enforceable age-verification laws in this new batch of states that allegedly put users at "substantial risk" of identity theft, phishing, and other harms.
Two men have pleaded guilty to charges of computer intrusion and aggravated identity theft tied to their theft of records from a law enforcement database for use in doxxing and extorting multiple individuals.
Sagar Steven Singh, 20, and Nicholas Ceraolo, 26, admitted to being members of ViLE, a group that specializes in obtaining personal information of individuals and using it to extort or harass them. Members use various methods to collect social security numbers, cell phone numbers, and other personal data and post it, or threaten to post it, to a website administered by the group. Victims had to pay to have their information removed or kept off the website. Singh pled guilty on Monday, June 17, and Ceraolo pled guilty on May 30.
Impersonating a police officer
The men gained access to the law enforcement portal by stealing the password of an officer’s account and using it to log in. The portal, maintained by an unnamed US federal law enforcement agency, was restricted to members of various law enforcement agencies to share intelligence from government databases with state and local officials. The site provided access to detailed nonpublic records involving narcotics and currency seizures and to law enforcement intelligence reports.
The U.S. Department of Justice (DoJ) recently announced the successful takedown of what is likely the largest botnet ever recorded. This network, known as 911 S5, involved 19 million device botnet disruption across 190 countries and was used by various threat actors for numerous cybercrimes. Let’s have a look at the FBI botnet takedown and […]
Earlier this week, a cybercriminal group posted an alleged database up for sale online which, it says, contains customer and card details of 560 million Live Nation/Ticketmaster users.
The data was offered for sale on one forum under the name “Shiny Hunters”. ShinyHunters is the online handle for a group of notorious cybercriminals associated with numerous data breaches, including the recent AT&T breach.
The post says:
“Live Nation / Ticketmaster
Data includes
560 million customer full details (name, address, email, phone)
Ticket sales, event information, order details
CC detail – customer last 4 of card, expiration date
Customer fraud details
Much more
Price is $500k USD. One time sale.”
The same data set was offered for sale in an almost identical post on another forum by someone using the handle SpidermanData. This could be the same person or a member of the ShinyHunters group.
According to news outlet ABC, the Australian Department of Home Affairs said it is aware of a cyber incident impacting Ticketmaster customers and is “working with Ticketmaster to understand the incident.”
Some researchers expressed their doubts about the validity of the data set:
While others judged it looks legitimate based on conversations with involved individuals, and studying samples of the data set:
Whether or not the data is real remains to be seen. However, there’s no doubt that scammers will use this opportunity to make a quick profit.
Ticketmaster users will need to be on their guard. Read our tips below for some helpful advice on what to do in the event of a data breach.
You can also check what personal information of yours has already been exposed online with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.
All parties involved have refrained from any further comments. We’ll keep you posted.
Protecting yourself after a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
Set up identity monitoring.Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
“Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America.”
UnitedHealth also announced support for affected people.
On Wednesday February 21, 2024, Change Healthcare experienced serious system outages due to the cyberattack. The incident led to widespread billing outages, as well as disruptions at pharmacies across the United States.
The attack on Change Healthcare, which processes about 50% of US medical claims, was one of the worst ransomware attacks against American healthcare and caused widespread disruption in payments to doctors and health facilities.
Despite the ongoing investigation, which expectedly will take several more months of detailed analysis, UnitedHealth said it had decided to immediately provide support. The company says it continues to monitor the regular web and the dark web for any published data.
The chief executive of UnitedHealth Group, Andrew Witty, is expected to testify in Congress in May about the matter. Meanwhile the company says it has made strong progress restoring services impacted by the event and is prioritizing the restoration of services that impact patient access to care or medication.
Affected people can visit a dedicated website at changecybersupport.com to get more information, or call 1-866-262-5342 to set up free credit monitoring and identity theft protection.
Protecting yourself from a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Set up identity monitoring.Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
Check your digital footprint
Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.