Watching the news this past week was like drinking from a firehose. Speaking of which, you probably missed a busy week in cybersecurity, so here are the big stories from the past week.
THE BIG PICTURE
Blackbaud hack gets worse, as bank account data stolen
Blackbaud, a cloud technology company used by colleges, universities, nonprofits (and far-right organizations), was hit by a data-stealing ransomware attack earlier this year. The attack was one of the biggest of the year in terms of the number of organizations affected, hitting dozens of universities, hospitals and other high-profile organizations like NPR. Blackbaud said in July that it paid the ransom — but also claimed and received “confirmation” that the stolen personal data “had been destroyed,” fooling absolutely nobody.
This week Blackbaud confirmed in a regulatory filing that the stolen data also included bank account data and Social Security numbers — far more personally identifiable information than the company first thought. “In most cases, fields intended for sensitive information were encrypted and not accessible,” the company claimed.
Despite Blackbaud’s claim that the data was deleted, these are malicious hackers driven by financial reward. Hope for the best, but assume the worst — Blackbaud’s data is still out there.
Facebook shuts down malware that hijacked accounts to run ads
Hackers spent about $4 million to run scammy ads on Facebook by hijacking the accounts of unsuspecting users, reports Wired. The hackers used malware, dubbed SilentFade, to compromise Facebook accounts using stolen passwords to use whatever saved credit card details on those accounts to buy ads for diet pills and fake designer handbags.