Following a hack that resulted in leaking about 808,000 email addresses and over 1.8 million usernames and passwords, a social network website in Germany received a fine of EUR 20,000 from the Baden-Württemberg Data Protection Authority. In July this year, flirty chat platform Knuddels.de suffered a data breach and the information stolen from its servers was published online in clear form. A member of the staff said at the time that the incident affected all users that had an account with the service or a username for the chat platform on July 20, 2018. According to a post from another team member, 330,000 of the leaked email addresses were verified, and once Knuddels learned of the leaks (one on Pastebin, another on Mega cloud storage service), it improved security measures, alerted the users and reset their passwords. It was later discovered that the website did not apply any form of protection for sensitive information such as passwords and stored them in plain text. If you think that we made a type about the penalty to be paid and it is missing zero, it is not. To remove all confusion, converted to other currencies, the fine incurred by Knuddels.de is $23,000, or around £18,000. This is the first penalty in Germany under the European Union General Data Protection Regulation (GDPR), which entered into force in May this year. Get more involved and read more on OUR FORUM.

With the shopping season underway, cybercriminals are making efforts to capitalize from key holidays and users' craze for Black Friday and Cyber Monday discounts. Scams and malicious email campaigns are in full swing, and so are web-skimming operations that steal payment card information from vulnerable online stores.  The US-CERT released a warning this week about the growing number of emails with malicious links or attachments, malvertising campaigns, and donation requests from fake charitable outfits. The alert is backed by findings from cloud security company Zscaler that say they've "seen a steady rise in phishing attacks leading up to Black Friday and Cyber Monday". Between mid-October and mid-November, the company observed 723,942 targeted phishing campaigns and almost half a million generic spam attacks. In total, the company recorded almost 1.3 million events of this type. The research reveals that with some targeted attacks the purpose is to compromise Amazon accounts and steal payment card data. Two examples of fake pages for logging into Amazon and for billing verification show that cybercriminals have become adept social engineers, leaving few tells for the scam. To an unsuspecting user, the fake login page is indistinguishable from the original, but a look at the URL in the address bar gives away the fraud attempt since the domain name is not from Amazon. The absence of a secure http connection is another tale of mischievous activity, which browsers like Chrome will mark with a 'Not Secure' indicator. "The best defense is to always be conscious of the address bar. A store like Amazon is never going to ask you for sensitive information away from the Amazon site," advises Chris Mannon, a senior security researcher at Zscaler. There's more detailed information posted on OUR FORUM.