breach
Latest
Brazil hits Facebook with $1.6 million Cambridge Analytica fine
The Cambridge Analytica data scandal may have come to light nearly two years ago, but the former company -- and as a result, Facebook -- is still feeling the effects of the fall out. Brazil's government has imposed a $1.6 million fine on Facebook for its role in the fiasco -- a considerably higher sum than the $644,000 fined by the UK, where the incident took place.
Over 267 million Facebook users reportedly had data exposed online
More than 267 million Facebook users allegedly had their user IDs, phone numbers and names exposed online, according to a report from Comparitech and security researcher Bob Diachenko. That info was found in a database that could be accessed without a password or any other authentication, and the researchers believe it was gathered as part of an illegal scraping operation or Facebook API abuse.
Former Apple exec claims the company spied on his text messages
A former Apple executive is claiming the company spied on his text messages before suing him. In February, Gerard Williams III, who spent almost 10 years working on mobile device chips at Apple, left the company. The same month, he joined NuVia Inc -- a company founded to develop processors for data centers -- with several other Apple developers. In August, Apple sued Williams for breach of contract. Now, Williams is disputing the lawsuit and claims Apple illegally snooped on his texts and phone records.
Macy's says its website leaked credit card info to hackers for a week
The constant stream of card skimming hacks just claimed a particularly high-profile target. Macy's has warned customers that intruders slipped code (believed to be JavaScript) into two pages on its website on October 7th, letting them collect data from shoppers that included names, addresses and payment info. Macy's shut down the attack soon after discovering it on October 15th, but it's unclear just how many people were affected. The company told Bleeping Computer that a "small number" of people were victims, and that it had both implemented "additional security measures" and offered free credit monitoring.
Hackers breached some of the web's most popular domain registrars
Attackers have breached Web.com and two top domain name registrars that it owns, NetworkSolutions.com and Register.com, according to Krebs on Security. Web.com issued a security notice advising customers that they will be forced to reset their passwords the next time they log on. Such breaches are particularly worrying, because domain name registrar customers are website owners, and around 8.7 million of them are registered with those companies, according to Krebs.
NordVPN admits to 'isolated' server breach in Finland
Virtual private network provider NordVPN has confirmed an attacker breached one of its servers, though the tangible impact of the breach seems to be pretty limited. There were no user activity logs on the server -- the company says it doesn't track, collect or share people's private data. There was also no way for the hacker to access usernames and passwords and nor could the attacker have decrypted VPN traffic to other servers.
Nearly everyone in Ecuador is the victim of a data breach
A massive data breach exposed sensitive data of nearly every individual in Ecuador. The breach impacted an estimated 20 million people -- for reference, Ecuador has a population of about 17 million. According to ZDNet, it exposed data on 6.7 million minors, as well as the country's president and WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012.
Alleged JPMorgan hacker set to plead guilty
Andrei Tyurin, one of the key suspects in the huge JPMorgan Chase hack in 2014, is set to plead guilty, according to a court filing obtained by Bloomberg. The Russian reportedly struck a deal with federal prosecutors and will appear at a plea hearing next week in New York.
Massive biometric security flaw exposed more than one million fingerprints
A biometrics system used by banks, UK police and defence companies has suffered a major data breach, revealing the fingerprints of more than one million people as well as unencrypted passwords, facial recognition information and other personal data.
Binance cryptocurrency exchange blackmailed over customer data 'hack'
Cryptocurrency exchange Binance is being blackmailed by hackers that claim to have access to customer passport and identity documents. In a statement, Binance said that "an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data."
CafePress resets passwords months after reported data breach
StockX isn't the only company that appears to have warned users about a data breach through password resets. T-shirt seller CafePress has been asking customers to choose new passwords as part of an updated "password policy," but the news came soon after reports that the site had been the victim of a data breach in February. Have I Been Pwned claimed that over 23.2 million accounts had been exposed, including email addresses, names, physical addresses and phone numbers.
StockX confirms it was hacked (updated)
StockX's warning of "suspicious activity" appears to have stemmed from a serious data breach. TechCrunch has learned through a black market data seller that a hacker stole 6.8 million records from the shoe trading site in May, including names, email addresses and (thankfully hashed) passwords. The data also included less vital info like shoe sizes, trading currencies and device version profiles.
32 million patient records were breached in the first half of 2019
More than 32 million patient records were breached between January and June 2019. That's more than double the 15 million medical records breached in all of 2018, says healthcare analytics firm Protenus. According to the company, the number of disclosed incidents rose to 285 in the first half of the year, and the longstanding trend of at least one health data breach per day shows no signs of slowing down.
Facebook will pay $5 billion fine for Cambridge Analytica data breaches
The Federal Trade Commission has announced that Facebook will pay a massive fine in the wake of the Cambridge Analytica scandal. The social network will pay $5 billion to settle the charge that it broke a 2012 FTC order concerning the privacy of user data. And, as part of the settlement, Facebook has had to agree to a new management structure and new rules about how it manages user data.
Equifax settlement for data breach will only cost it $4 per person
The reports of an impending Equifax settlement were true. The company has agreed to settle with the Federal Trade Commission, the Consumer Financial Protection Bureau, attorneys general and New York's Department of Financial Services over its massive 2017 data breach. It will pay between $575 million to $700 million to victims, states and regulators, including a restitution fund that will pay up to $425 million to provide credit monitoring for up to 10 years. About $300 million is guaranteed for the monitoring payout, with $125 million more waiting if that initial amount runs low.
Equifax reportedly close to $700 million data breach settlement
Remember that time Equifax had a data breach and leaked an incredible amount of information -- addresses, social security numbers and even driver's licenses -- on more than 143 million people in the US alone? That was revealed nearly two years ago, and tonight media reports suggest the company is closing in on a settlement with federal and state agencies including the FTC, Consumer Financial Protection Bureau and state attorneys general. The New York Times and Wall Street Journal reported it could pay between $650 and $700 million, near the $690 million figure Equifax told investors it had set aside for a penalty. According to the reports, details will be announced on Monday, and the amount could vary depending on how many people file claims. It's not clear how much those affected could expect in compensation, but the settlement supposedly includes terms to create a fund for that purpose. The Equifax breach came after hackers exploited a known flaw in unpatched software that its former CEO pinned on one employee instead of flawed policies. The data broker already agreed to new rules on security policies in some earlier settlements, and it remains to be seen if or how this will add additional oversight.
Marriott faces $123 million UK fine over data breach
Marriott might soon face a stiff penalty for the massive November 2018 data breach. The UK's Information Commissioner's Office plans to fine the hotel chain £99,200,396 (about $123.7 million) for allegedly violating the EU's General Data Protection Regulation through the incident. Marriott didn't conduct "sufficient due diligence" when it bought Starwood, according to the regulator, and "should also have done more" to improve security.
7-Eleven Japan's weak app security led to a $500,000 customer loss
7-Eleven Japan's mobile payment app had such poor security measures, the company had to shut it down just a couple of days after its release. In an announcement explaining the issue, the company admitted that hackers were able to break into 900 users' accounts and to charge 55 million yen ($507,000) in illegal purchases to their debit and credit cards on file within that period, from July 1st when the 7pay app rolled out to July 3rd when the service was shut down.
Hackers steal traveler photos and license plates from US Customs
If you were wondering why it can be risky for governments to collect traveler images en masse on connected systems... well, here's why. US Customs and Border Protection has confirmed that hackers stole traveler images from a subcontractor, including photos of people entering or leaving the country as well as copies of their license plates. In a statement, CBP said that the subcontractor had "violated mandatory security and privacy protocols" by transferring the data to its own network.
Hackers turn tables on account hijackers by stealing forum data
Online account hijackers received a taste of ironic punishment this week. KrebsOnSecurity has learned that hackers stole the database from the popular hijacker forum OGusers on May 12th, obtaining email addresses, hashed passwords, IP addresses and private forum messages for 112,988 accounts. The administrator initially told users that a hard drive failure had wiped out the information and forced the use of a backup, but that tall tale fell apart when the administrator of a rival forum made the data public.
