News Heading - 1

Pharma Giant Cencora Confirms Data Breach During Cyberattack

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Global healthcare solution provider Cencora disclosed a cybersecurity incident where unknown threat actors stole from its corporate IT systems.

The breach, which was discovered on February 21, 2023, is believed to contain some personal information. However, the company has not yet disclosed any details regarding the exfiltrated data.

In its SEC filing , the company said that it had immediately implemented remediation measures to contain the incident. “Upon initial detection of the unauthorized activity, the Company immediately took containment steps and commenced an investigation with the assistance of law enforcement, cybersecurity experts and external counsel,” the filing revealed.

In the filing, Cencora further went on to say that the incident has not yet had any material impact on its operations, and its internal network systems continue to operate as normal.

“The Company has not yet determined whether the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” Cencora said.

Formerly AmerisourceBergen, Cencora an American pharmaceutical services company specializes in providing pharma solutions to healthcare organizations, animal care, and pharmacies, worldwide. With more than 46,000 employees, in fiscal year 2023, the company earned $262.2 billion in revenue.

In recent times, healthcare organizations have been quite susceptible to cyberattacks, due to the significant usage of IoT solutions.

In mid-December 2023, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA,) and the US Department of Health and Human Services (HHS), disclosed in a joint advisory that 70 leaked victims of ALPHV were affected from the healthcare industry.

Although the call is believed to be in response to the operational action against the group and its infrastructure by US law enforcement authorities, in early December 2023, ALPHV is steadfast in its onslaught against healthcare organizations.

On February 21, 2024, the group claimed to be behind the cyberattack against Change Healthcare. The incident which severely affected the healthcare services, across the US.

News Heading - 2

In Three Years, Millions of AI & Gaming Credentials Leaked on Dark Web

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Over the years, billions of login credentials have been circulating on the dark web; occupying a significant portion of the buyer and seller market.

Among these, most notable have been login credentials of gaming platforms. According to the data from the latest report of Kaspersky Digital Footprint Intelligence , a popular children’s gaming platform, Roblox, has witnessed a marked increase in compromise of user accounts.

Between 2021 and 2023, nearly 34 million Roblox credentials were found circulating on the dark web. The number of accounts compromised increased by 231%, from nearly 4.7 million in 2021 to 15.5 million in 2023.

Additionally, the average number of compromised accounts across 11 popular games or gaming platforms including Twitch, Steam, Sony PlayStation, and Electronic Arts, among others, witnessed a rise by 112% since 2021.

According to Kaspersky’s cybersecurity expert, the trusting nature of young gamers makes them easy targets for various social engineering attacks. Often cybercriminals employ deceptive tactics, like hiding infostealers in cheat code files, or posting malicious download links on popular social media sites like YouTube.

While Roblox accounts continue to be exploited for in-game currency and other valuable items, platforms like Steam are more appealing to the criminals, as they offer an opportunity for real-money theft.

The study also disclosed the rising trend witnessed in theft of AI-services credentials. In the last three years, nearly 2.6 million AI- services (Grammarly, Canva, OpenAI) credentials were compromised. OpenAI services, including ChatGPT’s users’ credentials leak increased nearly 33 times year-on-year, reaching approximately 664,000.

The steady increase in account compromise of AI and gaming platforms make it imperative that organizations deploy robust solutions to safeguard against infostealers and other social engineering attacks, said Yuliya Novikova, head of Kaspersky Digital Footprint Intelligence.

‘’While users must exercise caution, platform owners can bolster protection by tracking and promptly blocking compromised accounts through specialized services”, Novikova said in conclusion.