databreach
Latest
An early test of the GDPR: taking on data brokers
Major data brokers Acxiom and Oracle are among seven companies accused of violating GDPR laws on personal information privacy. Advocates hope the complaints will shed light on the opaque ways that personal data is traded through third parties online both in the EU and the US. The General Data Protection Regulation is a sweeping personal data privacy law that came into force in late May in the EU. For the rest of the world, it's viewed as a bellwether for whether Big Tech can be held in check when immense data leaks seem to happen with painful regularity.
Cathay Pacific data breach affects up to 9.4 million customers
Cathay Pacific, the primary airline of Hong Kong known for its high-speed WiFi, was hit with a major data breach that affects up to 9.4 million passengers. The company said that personal information including passport numbers, identity card numbers, credit card numbers, frequent flyer membership program numbers, customer service comments and travel history had been compromised. No passwords were compromised, which may not be any consolation.
Facebook’s confusion about its Portal camera is concerning
Facebook couldn't have picked a worse time to introduce Portal, a camera-equipped smart display designed to make video chatting in your home easier. And, if the rumors are true, the company is reportedly also preparing to launch a video chat camera for your TV, based on the same system as Portal. Not only does news of this hardware come at a time when when Facebook is under major scrutiny after suffering a massive data breach in September, which exposed private information of 29 million users, including usernames, birth date, gender, location, religion and the devices used to browse the site. But the most concerning part about Portal, is that Facebook's own executives don't seem to have a basic understanding of what types of data the company will be collecting or what it will be using it for.
WSJ: Facebook believes spammers were behind its massive data breach
More than two weeks after Facebook revealed a massive data breach, we still don't know who was using the flaw in its site to access information on tens of millions of users. Now the Wall Street Journal reports, based on anonymous sources, that the company believes spammers perpetrated the hack in an attempt to make money via deceptive advertising.
After Math: Every robot was parkour fighting
What a week it's been! Between Google's Pixel 3 event, the lucky landing by the Soyuz crew, and Facebook's latest data breach, it feels like we almost didn't have time to talk about Waymo's self-driving cars, Amazon's new line of picker bots and Boston Dynamic's gymnastic droids. But that's where the After Math comes in.
Pentagon data breach compromises up to 30,000 workers
The Pentagon still has to grapple with data security woes despite efforts to harden its sites and networks. Defense Department officials have revealed that a travel record data breach at an unnamed contractor exposed the personal info of military and civilian staffers, including credit cards. An AP source said that this didn't compromise classified material, but it affected "as many as" 30,000 workers. There's a chance that number might get larger, according to the source.
Here’s how to see if you were affected by Facebook’s breach
Today, Facebook provided additional information on the data breach it disclosed last month. Whereas it initially said up to 50 million users might have been affected, it now reports that 30 million were impacted by the breach. By exploiting a system vulnerability, attackers were able to steal digital keys called access tokens from those 30 million users, and Facebook has now laid out how those users were affected. The company is also notifying those impacted, but if you don't want to wait to be notified, you can check if your account was affected through this link.
Facebook says recent data breach wasn't 'related to the midterms'
Even though the number of users affected by Facebook's most recent hack was lowered to 29 million, from 50 million, it's still safe to say the attack was worse than originally thought. That's because we now know that the breach, which Facebook revealed a couple of weeks ago, exposed very detailed information of 14 million of those users, including their username, birthdate, gender, location, relationship status, religion, hometown, self-reported current city, education, work, the devices they used to access Facebook and the last 10 places they checked into (or were tagged in) on the site. The attackers, whose identities Facebook won't reveal because of an ongoing FBI investigation, were also able to view which people/Pages were followed by these 14 million users, as well as their 15 most recent searches on Facebook.
Facebook’s recent hack exposed private information of 29 million users
Late last month, Facebook announced a data breach that affected up to 50 million of its users. The issue involved access tokens -- digital keys that let people remain logged into Facebook -- and a vulnerability allowed attackers to steal those tokens and hijack other users' Facebook accounts. The company has now released an update on that report and it now says fewer people were affected that it originally thought. "Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen," it said.
Germany is investigating the Google+ data exposure
Yesterday Google disclosed that it had inadvertently exposed Google+ users' personal data and that up to 500,000 accounts might have been affected. But the issue, which was discovered in March, was kept under wraps -- a decision Google said was made because there was no evidence that the data had been misused and no way to fully determine which users were affected. However, it appears that concerns over regulatory scrutiny and bad press may have played into that decision as well. Well now the company is being put under that magnifying glass it had been looking to avoid, as Germany's data protection commissioner has announced an investigation into the incident.
The worst part about the Google+ security flaw was the silence
Google+ was the search giant's attempt to build a Google-owned social network that could take on Facebook. Despite the obvious benefits of Google's scale and reach, Google+ was a ghost town, and quickly became a punchline. The gag became that the only people who ever used it were Google employees and the company's die-hardest fans.
After Math: Hello Darkness, my old friend
Well, this week lasted years. While we weren't being bludgeoned by the cantankerous Kavanaugh confirmation hearings, we were learning about how 50 million Facebook users had their accounts hacked, that Elon Musk is being sued by the SEC for his Twitter posts (the ones about privatizing Tesla, not the ones wherein he libels a rescue diver), and that Red Dead Redemption 2 will rustle the remainder of your hard drive's free space.
Facebook will never be completely secure
Yesterday, Facebook announced that it found -- and fixed -- a stunning security breach that put 50 million people's accounts at risk. In the words of Facebook executives, the attack was "sophisticated" and its reach was "broad." And, more chillingly, we don't know who was behind it or what they intended to do with that account data.
Facebook hack exposed info on up to 50 million users
Facebook announced on Friday that it has suffered a data breach affecting up to 50 million users. According to a report from the New York Times, Facebook discovered the attack on Tuesday and have contacted the FBI. The exploit reportedly enables attackers to take over control of accounts so, as a precaution, the social network has automatically logged out more than 90 million potentially compromised accounts.
Uber will pay $148 million for 2016 data breach coverup
Last year, reports surfaced that Uber had been hit with a data breach, but instead of reporting it to the government or to those affected, it chose to cover it up. Now, the company will pay $148 million as part of a settlement, and the money will be disbursed between each US state and Washington, DC. After the hack and Uber's response to it became public, a number of states launched investigations into the incident while others filed lawsuits.
Newegg fell victim to month-long card skimming hack
It's not just British companies succumbing to large-scale payment data breaches in recent weeks. RiskIQ and Volexity have discovered that hackers inserted Magecart card skimming code into Newegg's payment page between August 14th and September 18th, intercepting credit card data and sending it to a server with a similar-looking domain.
British Airways hackers used same tools behind Ticketmaster breach
The British Airways web hack wasn't an isolated incident. Analysts at RiskIQ have reported that the breach was likely perpetrated by Magecart, the same criminal enterprise that infiltrated Ticketmaster UK. In both cases, the culprits used similar virtual card skimming JavaScript to swipe data from payment forms. For the British Airways attack, it was just a matter of customizing the scripts and targeting the company directly instead of going through compromised third-party customers.
Key suspect in JPMorgan hack is now in US custody
Closure might be coming for victims of the massive JPMorgan Chase hack in 2014. The country of Georgia has extradited the alleged (and until now mysterious) hacker at the core of the crime, Andrei Tyurin, to the US. The Russian citizen pleaded not guilty in a New York court to charges that included conspiracy, hacking, identity theft and wire fraud. He reportedly worked with mastermind Gery Shalon to steal personal data from JPMorgan and other banks for use in a pump-and-dump stock scheme that may have made hundreds of millions of dollars.
British Airways website hack exposed customer financial data
While we've gotten used to regular data breaches, it's been awhile since news of one hit the airline industry. But customers who booked flights on British Airways' website or app between 22:58 BST on August 21st and 21:45 BST on September 5th had their personal and financial data compromised due to a cybersecurity breach. The company's post announcing the event unwaveringly stated that anyone who made a booking in that time frame had their information stolen.
A spying service leaked personal data on millions of customers
This week, Krebs on Security revealed that mSpy leaked the data of millions of paying customers online, including passwords, call logs, text messages, contacts, notes, location data and even Apple iCloud usernames and authentication tokens. mSpy is software that can be installed on devices and used to snoop on kids, partners and more. The company has since taken the database down.
