Medibank has urged its customers to be on high alert after cybercriminals began leaking sensitive medical records stolen from the Australian health insurance giant.
A ransomware group with ties to the notorious Russian-speaking REvil gang began publishing the stolen records early Wednesday, including customers’ names, birth dates, passport numbers, and information on medical claims. This comes after Medibank said it would not pay the ransom demand, saying, “We believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published.”
The cybercriminals selectively separated the first sample of Australian breach victims into “naughty” and “good” lists, with the former including numerical diagnosis codes that appeared to link victims to drug addiction, alcohol abuse, and HIV, according to Agence France-Presse. For example, one record carries an entry that reads “F122,” which corresponds with “cannabis dependence” under the International Classification of Diseases published by the World Health Organization.
It’s also believed the leaked data includes the names of high-profile Medibank customers, which likely includes senior Australian government lawmakers, like prime minister Anthony Albanese and cybersecurity minister Clare O’Neil.
The portion of data leaked so far, seen by TechCrunch, also appears to include correspondence of negotiations between the cybercriminals and Medibank CEO David Koczkar. Screenshots of WhatsApp messages suggest that the ransomware group also plans to leak “keys for decrypting credit cards” despite Medibank’s assertion that no banking or credit card details were accessed.
“Based on our investigation to date into this cybercrime we currently believe the criminal did not access credit card and banking details,” Medibank spokesperson Liz Green told TechCrunch in an emailed statement on Wednesday, who deferred to its blog post.
The cybercriminal gang behind the Medicare ransomware attack, whose identities are not known but has relied on a variant of REvil’s file-encrypting malware, has so far leaked the personal details of around 200 Medibank customers, a fraction of the data that the group claims to have stolen. Medibank confirmed on Tuesday that the cybercriminals had accessed roughly 9.7 million customers’ personal details and health claims data for almost 500,000 customers.
What should victims do?
In light of the data leak, which exposed highly confidential information that could be abused for financial fraud, Medibank and the Australian Federal Police are urging customers to be on high alert for phishing scams and unexpected activity across online accounts. Medibank is also advising users to ensure they are not re-using passwords and have multi-factor authentication enabled on any online accounts where the option is available.
Medibank also launched a “cyber response support package” for affected customers, Medibank’s Green told TechCrunch. This includes hardship support, identity protection advice and resources, and reimbursement of government ID replacement fees. The health insurance giant is also providing a wellbeing line, a mental health outreach service, and personal duress alarms.
Australia’s federal police are investigating the breach in collaboration with agencies from around the Commonwealth, as well as from the other members of the “Five Eyes” group of intelligence-sharing governments, including the U.K., U.S., Canada, and New Zealand. Operation Guardian, the Australian government’s response to the recent wave of cyberattacks that began with the data breach at telco giant Optus, will be extended to Medibank to protect its customers from “financial fraud and identity theft.”
“Operation Guardian will be actively monitoring the clear, dark and deep web for the sale and distribution of Medibank Private and Optus data,” said AFP Assistant Commissioner Cyber Command Justine Gough. “Law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank Private data.”
In its latest update, Medibank is bracing for the situation to worsen, saying that it “expects the criminal to continue to release files on the dark web.” On its dark web leak site, the cybercriminals said they planned to “continue posting data partially, including confluence, source codes, list of stuff and some files obtained from medi filesystem from different hosts.”
Medibank says it will continue to contact all affected customers with specific advice and details of what data the attackers have accessed. However, customers at a heightened risk of being targeted by fraudulent emails should ensure that emails are coming from Medibank. Medibank said it would not ask for personal details over email. If in doubt, don’t click any links.
It’s not yet known whether Medibank customers will receive compensation following the breach or whether Medibank will face action for failing to protect users’ confidential medical data. The breach comes just weeks after Australia confirmed an incoming legislative change to the country’s privacy laws, following a long process of consultation on reforms. The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 will increase the maximum penalties that can be applied under the Privacy Act 1988 for serious or repeated privacy breaches and greater powers for the Australian information commissioner.
A network of knockoff apparel stores exposed 330,000 customer credit cards
If you recently made a purchase from an overseas online store selling knockoff clothes and goods, there’s a chance your credit card number and personal information were exposed.
Since January 6, a database containing hundreds of thousands of unencrypted credit card numbers and corresponding cardholders’ information was spilling onto the open web. At the time it was pulled offline on Tuesday, the database had about 330,000 credit card numbers, cardholder names, and full billing addresses — and rising in real-time as customers placed new orders. The data contained all the information that a criminal would need to make fraudulent transactions and purchases using a cardholder’s information.
The credit card numbers belong to customers who made purchases through a network of near-identical online stores claiming to sell designer goods and apparel. But the stores had the same security problem in common: any time a customer made a purchase, their credit card data and billing information was saved in a database, which was left exposed to the internet without a password. Anyone who knew the IP address of the database could access reams of unencrypted financial data.
Anurag Sen, a good-faith security researcher, found the exposed credit card records and asked TechCrunch for help in reporting it to its owner. Sen has a respectable track record of scanning the internet looking for exposed servers and inadvertently published data, and reporting it to companies to get their systems secured.
But in this case, Sen wasn’t the first person to discover the spilling data. According to a ransom note left behind on the exposed database, someone else had found the spilling data and, instead of trying to identify the owner and responsibly reporting the spill, the unnamed person instead claimed to have taken a copy of the entire database’s contents of credit card data and would return it in exchange for a small sum of cryptocurrency.
A review of the data by TechCrunch shows most of the credit card numbers are owned by cardholders in the United States. Several people we contacted confirmed that their exposed credit card data was accurate.
TechCrunch has identified several online stores whose customers’ information was exposed by the leaky database. Many of the stores claim to operate out of Hong Kong. Some of the stores are designed to sound similar to big-name brands, like Sprayground, but whose websites have no discernible contact information, typos and spelling mistakes, and a conspicuous lack of customer reviews. Internet records also show the websites were set up in the past few weeks.
Some of these websites include:
If you bought something from one of those sites in the past few weeks, you might want to consider your banking card compromised and contact your bank or card provider.
It’s not clear who is responsible for this network of knockoff stores. TechCrunch contacted a person via WhatsApp whose Singapore-registered phone number was listed as the point of contact on several of the online stores. It’s not clear if the contact number listed is even involved with the stores, given one of the websites listed its location as a Chick-fil-A restaurant in Houston, Texas.
Internet records showed that the database was operated by a customer of Tencent, whose cloud services were used to host the database. TechCrunch contacted Tencent about its customer’s database leaking credit card information, and the company responded quickly. The customer’s database went offline a short time later.
“When we learned of the incident, we immediately contacted the customer who operates the database and it was shut down immediately. Data privacy and security are top priorities at Tencent. We will continue to work with our customers to ensure they maintain their databases in a safe and secure manner,” said Carrie Fan, global communications director at Tencent.
All Raise CEO steps down again
Less than a year after assuming the role, All Raise CEO Mandela SH Dixon has stepped down from her position at the nonprofit. The entrepreneur, who previously ran Founder Gym, an online training center for underrepresented founders, said in a blog post that the decision was made after she realized “being in the field working directly with entrepreneurs everyday” is her passion. Dixon said that she will be exploring new opportunities in alignment with that.
Her resignation is effective starting February 1st, 2023. She will remain an advisor to the Bay Area-based nonprofit.
This is the second chief executive to leave All Raise since it was first founded in 2017. In 2021, Pam Kostka resigned as the helm of the nonprofit to rejoin the startup world as well; Kostka is now an operator in residence and limited partner at Operator Collective, according to her LinkedIn. With Dixon gone, Paige Hendrix Buckner, who joined the outfit as chief of staff nine months ago, will step in as interim CEO. In the same blog post, Buckner wrote that “Mandela leaves All Raise in a strong position, and I’m grateful for the opportunity to continue the hard work of diversifying the VC backed ecosystem.”
Dixon did not immediately respond to comment on the record. It is unclear if All Raise is immediately kicking off a permanent CEO search.
The nonprofit has historically defined its goals in two ways: first, it wants to increase the amount of seed funding that goes to female founders from 11% to 23% by 2030, and, second, it wants to double the percentage of female decision-makers at U.S. firms by 2028.
In previous interviews, Dixon said that the company will work on creating explicit goals around what impact it wants to have for historically overlooked individuals. The data underscores the challenge ahead. Black and LatinX women receive disproportionately less venture capital money than white women; non-binary founders can also face higher hurdles when seeking funding, as All Raise board member Aileen Lee noted in the blog post. The nonprofit has created specific programs for Black and Latinx founders but has not disclosed a specific goal for the cohort yet. These disconnects can be lost if not tracked. All Raise’s last impact report was published in 2020 and they’re working on bringing that analysis back, Lee tells TechCrunch in an interview.
“All Raise is in great hands with Paige as interim leader and we’ve got a lot of exciting things that we’re shaping and scaling,” Lee said. “We have to all continue to link arms to try and continue to make improvements for our industry…we’ve made good progress that we can’t let up.”
Since launch, the nonprofit has raised $11 million in funding, and opened regional chapters in New York, Boston, Los Angeles, Chicago, DC and, soon, Miami.
Shopping app Temu is using TikTok’s strategy to keep its No. 1 spot on App Store
Temu, a shopping app from Chinese e-commerce giant Pinduoduo, is having quite the run as the No. 1 app on the U.S. app stores. The mobile shopping app hit the top spot on the U.S. App Store in September and has continued to hold a highly-ranked position in the months that followed, including as the No. 1 free app on Google Play since December 29, 2022. More recently, Temu again snagged the No. 1 position again on the iOS App Store on January 3 and hasn’t dropped since — even outpacing competitor Shein’s daily installs in the U.S.
Offering cheap factory-to-consumer goods, Temu provides access to a wide range of products, including fast fashion, and pushes users to share the app with friends in exchange for free products, which may account for some of its growth. However, the large majority of its new installs come from Temu’s marketing spend, it seems.
When TechCrunch covered Temu’s rise in November, the app had then seen a little more than 5 million installs in the U.S., according to data from app intelligence firm Sensor Tower, making the U.S. its largest market. Now, the firm says the app has seen 5 million U.S. installs this January alone, up 19% from 4.2 million in the prior 22 days from December 10 through December 31.
According to Sensor Tower estimates, Temu has managed to achieve a total of 19 million lifetime installs across the U.S. App Store and Google Play, more than 18 million of which came from the U.S.
The growth now sees Temu outpacing rival Shein in terms of daily installs. In October, Temu was averaging around 43,000 daily installs in the U.S., the firm said, while Shein averaged about 62,000. In November, Temu’s average daily installs grew to 185,000 while Shein’s climbed to 70,000 and last month, Temu averaged 187,000 installs while Shein saw about 62,000.
The shopping app’s fast rise recalls how the video entertainment platform TikTok grew to become the most downloaded app worldwide in 2021, after years of outsized growth. The video app topped 2 billion lifetime downloads by 2020, including sister app Douyin in China, Sensor Tower said. Combined, the TikTok apps have now reached 4.1 billion installs.
Like Temu, much of TikTok’s early growth was driven by marketing spend. The video app grew its footprint in the U.S. and abroad by heavily leveraging Facebook, Instagram, and Snapchat’s own ad platforms to acquire its customers. TikTok was famously said to have spent $1 billion on ads in 2018, even becoming Snap’s biggest advertiser that year, for instance.
By investing in user acquisition upfront, TikTok was able to gain a following which then improved its ability to personalize its For You feed with recommendations. Over time, this algorithm became very good at recognizing what videos would attract the most interest thanks to this investment, turning TikTok into one of the most addictive apps in terms of time spent. As of 2020, kids and teens began spending more time watching TikTok than they did on YouTube. And earlier this month, Insider Intelligence data indicated all TikTok users in the U.S. were now spending an average of nearly 1 hour per day on the app (55.8 minutes), compared with just 47.5 minutes on YouTube, including YouTube TV.
While Temu is nowhere near TikTok’s sky-high figures, it appears to be leveraging a similar growth strategy. The company is heavily investing in advertising to acquire users, which it uses to personalize the shopping experience. One of Temu’s key features, in fact, is its own sort of For You page that encourages users to browse trending items “Selected for You.” In addition to gamification elements, Temu also puts heavy emphasis on recommending shops and products on its home page, which is informed by its user data.
But the app’s growth doesn’t seem to be driven by social media. While the Temu hashtag (#temu) on TikTok is nearing 250 million views, that’s not really a remarkable number for an app as big as TikTok where something like #dogs has 120.5 billion views. (Or, for a more direct comparison, #shein has 48.3 billion views.) That suggests Temu’s rise isn’t necessarily powered by viral videos among Gen Z users or influencer marketing, but rather more traditional digital advertising.
According to Meta’s ad library, for instance, Temu has run some 8,800 ads across Meta’s various platforms just this month. The ads promote Temu’s sales and its extremely discounted items, like $5 necklaces, $4 shirts, and $13 shoes, among other deals. These ads appear to be working to boost Temu’s installs, allowing the app to maintain its No. 1 slot on the App Store’s “Top Free” charts, which are heavily influenced by the number of downloads and download velocity, among other things.
Of course, having a high number of downloads doesn’t necessarily mean Temu’s app will maintain a high number of monthly active users. Nor does it mean those users won’t churn out of the app after their initial curiosity has been abated. Still, Temu’s download growth saw it ranking as the No. 1 “Breakout” shopping app by downloads in the U.S. for 2022, according to data.ai’s year-end “State of Mobile” report. (Data.ai calculates “Breakout” apps in terms of year-over-year growth across iOS and Google Play.)
Because Temu’s growth is more recent, the app did not earn a position on the Top 10 apps in 2022 in either the U.S. or globally in terms of downloads, consumer spend, or monthly active users, on this report. Instead, most of those spots still went to social media apps, streamers, and dating apps like Bumble and Tinder. The only retailer to find a spot on these lists was Amazon, which was the No. 7 app worldwide by active users and the No. 8 most downloaded in the U.S.
Temu’s marketing investment may not pay off as well as TikTok’s did, though, as other discount shopping apps saw similar growth only to later fail as consumers found that, actually, $2 shirts and jeans were deals that were too good to be true. Wish famously fumbled as consumers grew frustrated with long delivery times, fake listings, missing orders, poor customer service, and other things consumers expect from online retail in the age of Amazon.
Temu today holds a 4.7-star rating on the U.S. App Store, but those ratings have become less trustworthy over the years due to the ease with which companies can get away with fake reviews. Dig into the reviews further and you’ll find similar complaints to Wish, including scammy listings, damaged and delayed deliveries, incorrect orders and lack of customer service. Without addressing these issues, Temu seems more likely to go the way of Wish, not TikTok, no matter what it spends.
Interviews12 months ago
Interview with Jean-Francois Desormeaux, Real Estate Investor
Business News8 months ago
NFTMagazine.com Is Bringing NFTMag Conference 2022 to Miami this Year Says JetSetFly
Technology4 months ago
General Atlantic buys out SoftBank’s 15% stake in edtech Kahoot, now valued at about $152M vs the $215M SoftBank ponied up 2 years ago
Interviews10 months ago
Paying it Forward — Meet Dr. Jonathan Kenigson, the Founder of the World’s Leading Think-Tank in the Quadrivium
Entrepreneurship1 year ago
600% In Under 5 Years, Financial Advisors Grow Business By Podcasting And YouTube
Interviews2 months ago
Interview with Justice Mitchell, A 16-year-old Student-Athlete Who Received a Basketball Scholarship Offer from Pennsylvania University Greater Allegheny
Entrepreneurship11 months ago
Muminovic Benjamin E-commerce on Shopify the Course of the Business Man
Community7 months ago
The Bassnectar Community – It Belongs to All of Us