This Week in Hacks: ShinyHunters Hit 7-Eleven, Trump Mobile Exposes Data, and Scammers Target World Cup Fans

This Week in Hacks: ShinyHunters Hit 7-Eleven, Trump Mobile Exposes Data, and Scammers Target World Cup Fans | PCMag

Skip to Main Content

PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

(Credit: Getty Images)

I get it, it feels like cybersecurity news is nothing but bad news. And some weeks, it is! But this week, thankfully, there’s some good news in the mix. For example, Discord users can rejoice, as voice chats and video calls are now end-to-end encrypted. And remember a few weeks ago when Microsoft was in hot water for plaintext passwords in Edge? Well, it’s decided to stop doing that. Sometimes there’s reason to breathe a sigh of relief. OK, now let’s get to the bad news.This shouldn’t surprise anyone following the Trump Phone saga, but reportedly, the Trump Mobile site was exposing users' private data en masse, which is par for the course, I suppose. The issue has reportedly been fixed, but only after it was reported by media outlets, which means the data’s probably already long gone, and probably on the dark web. Also this week, GitHub was breached, this time through a compromised, employee-owned device. GitHub has had its share of security woes recently, including everything from massive leaks to people using the platform to spread malicious code.  You May Also Like

Even so, while the leaks and hacks continue, we’re here to help you secure your devices and protect your data as much as possible. For example, you might be considering planning a trip this summer, right? Well, as soon as the weather gets warmer, the scammers come out to play, and we have tips to help you avoid hotel booking scams, fake toll texts, and more. If your summer travel plans include the FIFA World Cup, you should pay extra attention to the many, many World Cup-related scams out there, and people eager to separate fans from their money. We have your back.Now, let’s see what else is happening in the infosec sphere this week.Bitwarden Scrubs ‘Always Free’ and ‘Inclusion’ Values From Its Site as Longtime Execs Step DownWhen you trust a company with your information security, you want to believe it will treat all its customers fairly and equally, unless it has a clear empirical or legal reason not to, such as its products not being legally available. When one of those companies starts removing language from its website stating that inclusion is a company value and that it has a commitment to ensuring that some protection will always be free and available to its customers, people take notice. Fast Company reported that  Bitwarden, which announced a significant price hike in February and was already dealing with high-profile executive departures, did exactly this. In the wake of its longtime CEO stepping aside for an advisory role and the rise of a new CEO with more background in finance than in infosec, Fast Company notes that these and other changes to the company’s website have raised concerns among observers. Additionally, considering none of these changes, including the change in leadership, were announced publicly, you can understand why. After Fast Company reported the change, Bitwarden restored the “Always Free” part to the free version of its password manager, but didn’t change anything else.ShinyHunters Hack 7-Eleven: Franchisee Data and Salesforce Records ExposedListen, I know that by no means should I hand it to the cybercriminals, but you do have to acknowledge that the ShinyHunters ransomware gang targets targets of varying types and sizes, from high-profile to somewhat ironic. Well, the group managed to obtain over 600,000 Salesforce records containing 7-Eleven convenience store franchisee data through a breach last month, according to Security Affairs.  Recommended by Our Editors Trump Mobile Site Reportedly Exposing Customers' Private Data Hackers Infiltrate GitHub by Compromising Employee Device Fraud Is Always a Red Card: How Scammers Are Exploiting World Cup Fever

According to ShinyHunters’ Tor site, it reached out to 7-Eleven to ransom the data, didn’t get anywhere by the deadline, and published the data. Considering Canvas paid up for ransomed data last week, and ShinyHunters just went after a cybersecurity firm for advising clients not to pay, there’s no real way to tell who’ll pay up for their data versus who lets it get leaked.Disney Accused of Misusing Facial Recognition TechnologyWe’ve said before that if you can decline or opt-out of facial recognition, you should. The trade-off between privacy and convenience just doesn’t add up in your favor, and even when you use it for your own devices, it’s actually less secure than other options, and it’s easily fooled. Even so, building massive databases of people’s faces is profitable and useful for huge companies, and the downstream effects on individuals often aren’t part of the equation. Enter Disney, one of the biggest companies in the world, and the fact that, according to The L.A. Times, the giant is facing a $5 million lawsuit accusing it of failing to disclose to guests that it uses facial recognition technology in its parks and venues. The lawsuit alleges that the company either doesn’t disclose or doesn’t clearly notify guests that face scanning is optional and that guests can opt out. It points out that among the many lines to get into Disney properties, only a few allow entry without face scanning. While they state the use of the tech is optional, it’s framed as a positive, obfuscating the choice and failing to inform guests of the privacy trade-off involved. 

About Our Expert Alan Henry Managing Editor, Security Experience I've been writing and editing stories for almost two decades that help people use technology and productivity techniques to work better, live better, and protect their privacy and personal data. As managing editor of PCMag's security team, it's my responsibility to ensure that our product advice is evidence-based, lab-tested, and serves our readers. I've been a technology journalist for close to 20 years, and I got my start freelancing here at PCMag before beginning a career that would lead me to become editor-in-chief of Lifehacker, a senior editor at The New York Times, and director of special projects at WIRED. I'm back at PCMag to lead our security team and renew my commitment to service journalism. I'm the author of Seen, Heard, and Paid: The New Work Rules for the Marginalized, a career and productivity book to help people of marginalized groups succeed in the workplace. Areas of Expertise Security VPN Malware Protection & Removal