The private login information belonging to tens of millions of people was compromised after malware infiltrated over 3.2 million Windows-based computers during a two-year span.
According to a report by cybersecurity provider NordLocker, a custom Trojan-type malware infiltrated the computers between 2018 and 2020 and stole 1.2 terabytes (TB) of personal information.
As a result, hackers were able to get their hands on nearly 26 million login credentials including emails, usernames and passwords from almost a million websites, according to Nordlocker’s report, which was conducted in partnership with a third-party company specializing in data breach research.
The targeted websites include major namesakes such as Amazon, Walmart, eBay, Facebook, Twitter, Apple, Dropbox and LinkedIn.
The malware was transmitted through email and “illegal software” which included a pirated version of “Adobe Photoshop 2018, a Windows cracking tool, and several cracked games,” according to the report.
To steal the personal information, the malware was reportedly able to take screenshots of a person’s information and also photograph “the user if the device had a webcam.”
Among the stolen database were 2 billion browser cookies and 6.6 million files, including 1 million images and more than 650,000 Word and .pdf files.
“Cookies help hackers construct an accurate picture of the habits and interests of their target,” the report read. “In some cases, cookies can even give access to the person’s online accounts.”
Making up the bulk of the stolen database was “3 million text files, 900,00 image files, and 600,000+ Word files.”
What was of most concern, according to Nordlocker, was that “some people even use Notepad to keep their passwords, personal notes, and other sensitive information,” according to the report.
But now McDonald’s is the latest victim.
“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” a McDonald’s spokesperson said, adding that based on the company’s investigation so far, only Korean and Taiwanese customers were impacted.
The Wall Street Journal initially reported that U.S. markets were also impacted and that the breach exposed some U.S. business and employee contact information.
Those markets “will be taking steps to notify regulators and customers listed in these files,” which did not include customer payment information, the McDonald’s spokesperson said.
“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the spokesperson said.
The fast-food chain said it was able to “quickly identify and contain” threats on its network. It also conducted a “thorough investigation” and worked with “experienced third parties” to do so.
McDonald’s did not share any additional details about the breach.
From Cyberscoop in part:
In other cases, by compromising payment machines, cybercriminals have swept up troves of customer data. That’s what happened in a 2019 breach of Checkers Drive-In Restaurants, when hackers accessed data such as payment card numbers and verification codes in an incident that affected more than 100 Checkers locations. The most notorious group to use the tactic is known as FIN7, a multibillion dollar criminal enterprise that has targeted payment data at Chipotle, Red Robin and Taco’s John.
McDonald’s defended its cybersecurity practices on Friday.
“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the company’s statement reads.
“Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures.”