Today, we’re discussing the lawsuits coming out of AT&T’s massive data breach affecting 73 million, a critical flaw in the LayerSlider WordPress plugin jeopardizing 1 million sites, and a preventable hack into Microsoft Exchange highlighting cybersecurity’s critical stakes. Experts weigh in on the ramifications and preventive strategies, ensuring you stay informed and ahead in the cybersecurity game. Your feedback on these issues is crucial; join the conversation and help shape a more secure digital future.

References:

• For insights on the AT&T lawsuits and data breach impacts: https://www.bleepingcomputer.com/news/security/atandt-faces-lawsuits-over-data-breach-affecting-73-million-customers/
• Understanding the critical vulnerability in the LayerSlider WordPress plugin: https://www.bleepingcomputer.com/news/security/critical-flaw-in-layerslider-wordpress-plugin-impacts-1-million-sites/
• Analysis of the Microsoft Exchange hack and recommended security reforms: https://www.cybersecuritydive.com/news/microsoft-exchange-hack-china-preventable/712146/ and https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf

Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Tags for the Episode:

AT&T data breach, cybersecurity, legal actions, LayerSlider WordPress plugin, SQL injection, plugin security, Microsoft Exchange hack, cloud service security, cybersecurity reforms, identity theft, data privacy, security protocols, cyber risk management, plugin vulnerabilities, security best practices, cyber attack prevention, digital security, cybersecurity insights, technology law, security updates

Search Phrases:

• AT&T 73 million data breach details
• Legal consequences of cybersecurity failures
• How to secure WordPress sites from SQL injection
• Impact of LayerSlider plugin vulnerability
• Preventing Microsoft Exchange cyber attacks
• Enhancing cloud service cybersecurity
• Best practices in digital security updates
• Addressing identity theft and data breaches
• Cybersecurity insights for tech professionals
• Cyber risk management strategies
• Lawsuits following major data breaches
• Plugin security for WordPress administrators
• Learning from cybersecurity breaches
• Updates and security in technology law
• Prevention strategies for cyber attacks

Transcript:

Apr 4

Welcome back to the Daily Decrypt. AT&T is grappling with the fallout of a data breach that impacted 73 million customers.

As class action lawsuits begin to mount,

also, over 1 million WordPress sites are at immediate risk due to a critical vulnerability in the Layerslider plugin, which can expose these sites to SQL injection attacks.

How can WordPress admins protect themselves from this vulnerability?

And finally, the Cyber Safety Review Board has declared the massive intrusion into Microsoft’s Exchange Online entirely preventable. And just a reminder, this mega intrusion led to over 60, 000 U. S. State Department officials emails being compromised. How the heck is Microsoft gonna restore trust and confidence from the consumers in their security protocols? Stick around to find out.

So it’s been two days since my last episode, in which I highlighted the most recent AT& T breach. Well, it’s been a long couple of days, the reason there were no new episodes is because I lost internet, and you might be thinking, Hey,

you just finished slandering AT& T on this podcast on Monday, and then your AT& T internet goes out? That’s correct. There’s really no other explanation other than aT& T is seeking revenge against the Daily Decrypt. But I digress.

To recap what has happened, AT& T has admitted to a data breach exposing sensitive information of 73 million customers this breach included usernames, social security numbers, email addresses, and AT& T PINs used to make secure account changes on AT& T customer accounts. The timeline reveals that AT& T’s initial denial of the breach, which was first alleged by ShinyHunters in 2021, and their recent admission after a second threat actor leaked the data in 2024, raises questions about the effectiveness of corporate data breach detection and response strategies.

The leaked data isn’t from the past year or even couple of years. The leaked data is from 2019.

And it includes 7. 6 million current customers and 65. 4 million former AT& T account holders, which I guess says a lot about AT& T’s churn rate, that they have 65 million former customers and only 7 million current customers.

Needless to say, a lot of data was breached. Now, what’s fascinating about this is that this was brought to AT& T’s attention in early 2021 and they denied it. And then another threat actor group

released the same data from 2019 and early 2024 AT& T also denied that. They’re just saying that they don’t know this data doesn’t belong to them. This data wasn’t stolen from their systems when clearly it was.

So only in the last week did AT& T finally admit that that data from 2019 belongs to them and was breached from their networks. So because of this negligence, multiple class action lawsuits have spun up very recently. Most notably, there’s one from Morgan Morgan, which is the same law firm that’s been suing Google over the fact that it tracks users data even when they’re in incognito mode. And I believe Google paid out a settlement. So this is the same law firm that did that.

And they’re accusing AT& T of negligence, breach of implied contract, and unjust enrichment. And they’re aiming for compensatory damages and improved data security protocols. Their lawsuit criticizes AT& T for not acting on known vulnerabilities and delaying breach acknowledgement, jeopardizing customer data privacy and confidence.

I’m really glad to see these lawsuits are being spun up. As you heard in Monday’s episode, I was calling for multiple class action lawsuits.. So yeah, I hope you get the crap suit out of you. And yes, I am an AT& T customer.. If you are also an AT& T customer and you’re concerned about your data being in one of these breaches or this main breach from 2019, I believe the site haveibeenpwned. com has acquired the data from this breach. And so you can just search your email addresses in that site to see if it was compromised.

Listen to the episode released this past Monday for some tips on how to stay safe when attackers have all of this information. All the information needed to open up new credit cards, take out new lines of credit in your name, and do a whole lot of stuff.

All right. Well, there’s another WordPress vulnerability out there with a CVSS score of 9. 8 out of a 10 max. The name of the plugin? Layerslider.

This plugin is used by over 1 million sites. and exposes these sites to SQL injection attacks. This flaw allows attackers to potentially extract sensitive data, including password hashes, leading to site takeovers or data breaches. This vulnerability was discovered on March 25th, and was promptly reported to WordFence, earning the researcher 5, 500 bounty.

The vulnerability affects layer slider version 7. 9. 11 through 7. 10, which as mentioned before, allows for SQL code injection.

And just to quickly discuss what SQL code injection is, it’s when data is queried from a database to be populated on a website.

Those databases use a language called SQL or SQL that uses a query language, which is what the QL stands for, to query that data. This vulnerability allows attackers to query that data by injecting malicious commands. using SQL. They can essentially pull anything they want out of the databases.

So that includes, yeah, password hashes, names, emails, whatever data is on the website. If that’s social security numbers, that’s vulnerable too. Despite the severity though, the attack is limited to a time based blind SQL injection, which relies on observing response times to infer data.

And this type of SQL injection is hard to detect, but it’s also hard for the attacker to get large amounts of data. It’s more of an inferred sort of data attack. For more information on this attack, check out the article in the show notes by Bleeping Computer.

The good news is that the flaw was quickly addressed by the plugin’s developers, Creatura, who released an update to version 7. 10. 1 on March 27th, so within 48 hours of being notified. If you are a layer slider user, please go update immediately to mitigate this risk.

WordPress is built on the use of plugins. That’s what makes it so marketable. The more plugins you have, the more plugins you use, the higher your risk is. And I personally am a WordPress user. The DailyDecrypt. com is a WordPress site, and I’m having a hard time setting up notifications for outdated plugins.

It’s not very intuitive. Granted, I don’t use any plugins other than the podcast plugins hosts this podcast and I’m constantly on the site making sure everything’s updated and posting new podcasts, but a lot of people with WordPress sites will set it and forget it. Like they’ll put up their site. It’s a shop.

They respond to orders they get, but they don’t actually go onto the WordPress site too much. And a lot of WordPress users are less tech savvy than me. So they probably don’t have alerts set up for outdated plugins. I highly encourage you to just set up a reminder that goes off once a week, once a month, whatever interval you think is appropriate for the risk of your website.

and just go check to make sure all the plugins are up to date. It’s a really quick check, and if they’re not up to date, you just press a little button and update them. You’re likely not doing advanced programming on your WordPress site that might break with an update, so just, just press the little button.

All right, and our final story comes from the Cyber Safety Review Board, where they have officially declared, which is a pretty bold stance, they’ve officially declared that the intrusion into Microsoft Exchange Online that exposed about 60, 000 U. S. State Department emails, was entirely preventable.

This report criticizes Microsoft’s corporate culture for insufficient investment in security and risk management and calls for widespread security reforms within Microsoft and among all cloud service providers to prioritize cybersecurity. The Cyber Safety Review Board, or CSRF, urges Microsoft to publicly outline its security reforms and outlines a series of operational decisions that encourages cloud service providers and government partners to make security focused changes.

The report, released by CSRF, details the compromise of key U. S. officials mailboxes by China affiliated actors and criticizes Microsoft for charging extra for essential security features like enhanced logging. Which, in the recent past, has since been reversed. Microsoft no longer charges extra. But still, why did they do that in the first place?

Microsoft has responded and announced plans for major security reforms, including better infrastructure and security processes. It’s worth noting that Microsoft has been very cooperative throughout the CSRB’s investigation, and are definitely willing to listen to the suggestions and make some changes, so That’s step one, that’s Way better than what AT& T did when confronted.

Microsoft is looking into this. They want to maintain consumer confidence as much as anybody. They’re at the center of our tech universe

and even more so than most consumers might even know. A lot of servers and digital infrastructure is hosted on Windows server and Windows machines.

And if you’ve been listening for a while, you’ve heard DogeSpan and I discuss another recent breach amongst senior developers and executives at Microsoft without multi factor authentication on their development accounts. Attackers were able to get in. So all of these incidents are starting to pile up and really pointing fingers at Microsoft.

We got to get this fixed. They’re starting to crack down. We’re going to keep an eye on them. We’re going to keep reporting what happens at Microsoft. Hopefully nothing else big because they hold a lot of data.

in their cloud services, Exchange, Azure. Microsoft is a pretty big powerhouse in the cloud service provider.

So yeah, hopefully they’re throwing some money at this. They’re spinning up some new teams and they’re really looking at legacy infrastructure. It’s a pretty old product that they’re continually building on. So they need to start peeling away these layers of this product and

figure out how they can boost up security. They need to be leading. and setting a good example for smaller companies by being so secure.

Well, that’s the show. That’s all we got for you. Again, sorry about the quick hiatus. Internet went out. Hopefully it will stay on for the remainder of the week and maybe I can put an episode out on Saturday, recapping some stuff. But if you like what you hear, please go find us on Instagram or The Daily Decrypt and send us a comment or a DM.

We’d love to hear from you. Until then, we’ll talk to you some more tomorrow.