Hacker posts ransom demand on Dublin's Luas tram system site

The website for Dublin’s tram system Luas was hacked, with the hacker threatening to leak the company’s private data if the ransom was not paid within the next five days.

Visitors to the website for Dublin’s tram system Luas were met with a message that the site had been hacked. The hacker threatened to leak the company’s private data if the ransom demand of one bitcoin was not paid within the next five days. One bitcoin currently equals about $3,836.87.

The hacker’s note/ransom demand defacing the site on Thursday read: “You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the reply button. You must pay 1 bitcoin in 5 days, otherwise I will publish all data and send emails to your users.”

On Twitter, Luas asked users not to click onto the Luas website, explaining that it had been compromised.

Luas said it would update customers via Twitter, Facebook, AA Road Watch, and the media if there was a change to Luas services today.

Other cybersecurity news

Privacy and security company Abine discloses potential breach of Blur password manager

Abine, the privacy and security company behind the Blur password manager, disclosed that Blur users may have had their personal information exposed. Blur has just shy of 24 million users, according to the header, which reads, “Join 23,743,798 users that trust Blur to protect their passwords, payments, and privacy.”

The security notice said Abine first became aware that Blur users’ information had potentially been exposed on Dec. 13, 2018. A file from Jan. 6, 2018, was potentially exposed. It contained each user’s email address, some users’ names, some users’ password hints from an old MaskMe product, the last and second-to-last IP addresses each user used to login to Blur, as well as each user’s encrypted Blur password.

Law enforcement was notified of the breach. Abine added, “As a privacy and security focused company, this incident is embarrassing and frustrating. These incidents should not happen and we let our users down.”

Dataresolution.net hit with Ryuk ransomware attack

Major U.S. newspapers were not the only ones to recently battle Ryuk ransomware, as Krebs on Security reported that attackers broke into cloud hosting provider Dataresolution.net on Christmas Eve through a compromised login account and then started infecting servers with Ryuk ransomware.

After hijacking thousands of Chromecasts and Smart TVs, hacker calls it quits

Peace out, said TheHackerGiraffe, as he or she could no longer handle the fear of potentially getting busted. Granted, that announcement came after a hacking campaign that targeted vulnerable Chromecast, Smart TVs, and Google Home devices. The hijacked devices would play a video asking users to subscribe to PewDiePie’s YouTube channel — much like the previous hacks, which forced printers exposed online to print a subscribe-to-PewDiePie-plea.  

TheHackerGiraffe told Bleeping Computer that after teaming up with another hacker, @j3ws3r, they found 100,000 vulnerable devices that could be renamed and forced to play the video. There was even a CastHack site that provided real-time information on the attack.

Much like the previous hacks that forced printers exposed online to print a subscribe-to-PewDiePie-plea, the new hijackings were to raise security awareness, TheHackerGiraffe claimed. The CastHack campaign took advantage of routers that had been incorrectly configured to have the UPnP (Universal Plug and Play) service enabled.

After admitting to being afraid of being busted, TheHackerGiraffe seems to have ghosted; his or her Twitter and YouTube accounts were deleted. If this all blows over without getting busted, TheHackerGiraffe claimed, “I’ll probably never touch a computer again.”

Town of Salem hack impacts over 7 million users

The security firm DeHashed disclosed a hack that compromised the data of over 7.6 million video game players. BlankMediaGames, the developer of the browser-based role-playing game Town of Salem, later confirmed it had been hacked.

Forbes added, “According to the DeHashed disclosure, the compromised data contained email addresses, usernames, IP addresses, game and forum activity, passwords (phpass, WordPress and phpBBstolen), as well as payment information. It also stated ‘some of the users who paid for certain premium features having their billing information/data breached as well’ although this has been disputed by BlankMediaGames.”

Astronaut accidentally calls 911 from space

From the oops department, a Dutch astronaut accidentally called 911 from space. From the lighter side, check out this hacked digital billboard in Washington. Lastly, the actor behind Netflix’s “choose your own adventure” Bandersnatch video said he is done with Twitter, although he may still occasionally tweet about anti-bullying organizations.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.