The Weekly Hack: Tesla, Facebook founder’s college roommate, and Fortune 500 companies under attack

Photo (c) weerapatkiatdumrong - Getty Images

A bizarre breach sent Australians to the page of an early Facebook user

A local news channel in Australia reported that a bizarre hack prevented people from accessing its own Facebook page. When viewers tried to visit the Channel 7 Facebook page, they were automatically redirected to the profile page belonging to Arie Hasit, Mark Zuckerberg's former college roommate.

Hasit was an early adopter of the social media platform, but does not work for the company. He currently lives in Jerusalem and became a rabbi last year.

Individual Facebook users also reported being redirected to his page when trying to access their own profiles. A Facebook spokesman confirmed the instances but denied it was a breach.

The spokesman told The West Australian newspaper “this was due to a misconfiguration, not a hack or a security issue. We promptly fixed the matter, and the affected Pages are working normally.”

Tesla

Tesla is the latest entity to fall victim to crypto-jacking, a hack in which a victim unknowingly mines cryptocurrency on behalf of a hacker. Such breaches have become more common with the rising value of cryptocurrencies. A similar breach last week affected consumers who visited government websites in the United States, the U.K., and Canada.

Crypto-jacking allows hackers to put someone else on the hook for the expensive process of “mining” for cryptocurrencies like Bitcoin, a process that is so energy-intensive that experts warn it could worse global warming.

It costs between $3,000 to $7,000 to produce a single Bitcoin in energy and hardware expenses, according to research conducted by Morgan Stanley.

Tesla confirmed that its Amazon cloud network had been breached by crypto-jackers following an investigation and discovery initially made by the security from RedLock. Tesla added that customer data had not been compromised.

"Our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way,"  a company spokeswoman told the BBC.

Fortune 500 companies

Last fall, the security firm IBM Security noted a “significant increase” in reports of fraudulent wire transfers from its corporate clientele.

Hackers had apparently convinced accounting personnel at “some Fortune 500 companies” to transfer money into their accounts, “resulting in the theft of millions of dollars.”

The firm investigated and, in a report published on Wednesday, detailed the sophisticated measures hackers took to defraud corporations. They used stolen email credentials so that they appeared to work for the company, infiltrated existing conversations taking place online between company employees, and imitated vendors that companies did business with.

“In cases in which additional approval or paperwork was needed, the attackers found and filled out appropriate forms and spoofed supervisor emails to get required approvals,” IBM Security writes.

The report highlights the ability of hackers to defraud corporations without having to use malware, which law enforcement agencies and companies have been cracking down on.

Tinder

Researchers at the security firm AppSecure found a vulnerability in which hackers would be able to manage a stranger’s Tinder account by simply knowing their phone number. The news prompted Tinder to change its login system.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.