Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Breach
2018
The Los Angeles Times Cryptojacking Incident of February 2018

The Los Angeles Times Cryptojacking Incident of February 2018

Table of Contents

Incident Details

In February 2018, a cryptojacking script was found running on The Los Angeles Times website, which utilized a Coinhive Monero Miner to mine cryptocurrency using the CPU power of the site's visitors.

Incident

How Did the Breach Happen?

The breach was made possible due to a misconfigured AWS S3 bucket that belonged to The Los Angeles Times. This misconfiguration allowed public write access, which let an unauthorized third party add the Coinhive mining script into a Javascript file within the bucket.

What Data has been Compromised?

No direct mention of personal data being compromised was made; instead, the mining script exploited the processing power of visitors' computers to mine Monero cryptocurrency.

Why Did the company's Security Measures Fail?

The LA Times failed to implement sufficient cloud security measures, such as a Cloud Security Posture Management (CSPM) tool. Additionally, there was no file integrity monitoring in place to ensure the authenticity and security of the JavaScript code being served to their visitors.

What Immediate Impact Did the Breach Have on the company?

The immediate impact was the unauthorized use of visitors' CPU resources for mining Monero cryptocurrency, which could potentially damage trust and the reputation of The Los Angeles Times, as well as affect the performance and operation of affected computers.

How could this have been prevented?

This incident could have been prevented by correctly configuring the AWS S3 buckets, enforcing stringent bucket policies, regularly auditing and reviewing AWS configurations, implementing a CSPM tool, and setting up file integrity monitoring.

What have we learned from this data breach?

This data breach has emphasized the importance of proper cloud storage configurations, regular security audits, the necessity of implementing integrity checking mechanisms, and the need for proactive security measures to detect and prevent unauthorized access or modifications.

Summary of Coverage

The Los Angeles Times website was compromised in February 2018 through a misconfigured AWS S3 bucket, allowing a cryptojacking script from Coinhive to be injected into their website. This script mined Monero using the processing power of the site's visitors. The incident showcased the need for better security practices like employing CSPM tools and integrity checks for web resources.

Is your System Free of Underlying Vulnerabilities?
Find Out Now