hacked
Latest
The most followed account on Twitter has been hacked
Social media accounts get hacked all the time, but last night the victim list included the current most-followed (at 89 million, the @Twitter account itself only has 55 million) Twitter user: Katy Perry. After briefly spewing a few vulgar and racist tweets the incident was quickly cleaned up, with no indication of exactly what went down. The first tweet indicating anything was amiss pointed to a still-active account (@sw4ylol) that posted a few email screenshots, while also dismissing a claim the hack occurred as a result of an old MySpace leak. The pictures posted included password resets (with one by Twitter itself) and the screenshot of a SoundCloud takedown notice for a song "Witness 1.3" that could be an unreleased track.
TalkTalk hacked in 'significant and sustained cyberattack'
TalkTalk subscribers are this morning waking up to news that the company has been the subject of another hack. Following an intrusion at the end of last year, which saw some customer data stolen, the broadband provider announced today that its website was the target of a "significant and sustained cyberattack" that may have captured personal details including names, addresses, account information and credit card/bank data.
ICYMI: Gameroulette, 3D-glass printing and more
#fivemin-widget-blogsmith-image-356435{display:none;} .cke_show_borders #fivemin-widget-blogsmith-image-356435, #postcontentcontainer #fivemin-widget-blogsmith-image-356435{width:570px;display:block;} try{document.getElementById("fivemin-widget-blogsmith-image-356435").style.display="none";}catch(e){}Today on In Case You Missed It: An MIT group built a 3D printer that extrudes glass rather than plastic; they believe the technology could be used to make cheaper fiber optic cables. Chatroulette users were treated to a surprise live first-person shooter game that pitted them against creepy zombies. The rest of us totally missed out. A new tech-enabled bartending buddy would sync with its smartphone app and walk you through making the perfect cocktail: All for $39.
Ashley Madison leaked data is now searchable (but don't)
If you just returned from an isolated island vacation (or perhaps you live under a particularly sweet and naïve rock structure), you may not have heard that notorious "dating service" Ashley Madison was hacked. The controversial site is billed as a social network and dating service for married people looking for extramarital affairs. The hacked data has been publicly released, and services that search for the email addresses used on Ashley Madison's site immediately began to populate the web.
Makers of controversial government surveillance software hacked
When you call your enterprise "Hacking Team" you'd like to think you're pretty on top of that whole, well, hacking thing. Yet here we are, telling you about how the aforementioned organization has just seen 400GB of data pilfered from its servers, and put onto BitTorrent for all to see. Hacking Team is known for its controversial "Da Vinci" software that allows governments and law enforcement agencies to monitor encrypted communications such as email and Skype conversations, and collect evidence on citizens. It's fair to say it's not popular with journalists and privacy advocates.
Facebook tests a new Security Checkup to keep your account safe
Over the last few years Facebook has made a number of tweaks to make it easier to protect your account from hackers, but that doesn't mean individual users are keeping up. Since there's no point to security features if people don't use them, and hacked accounts are annoying for everyone (why are they always selling sunglasses? Who wants cheap Oakleys that much?) it's testing a new Security Checkup feature. The idea is that it's a simple and straightforward walkthrough for some of the things everyone should keep an eye on in regards to their account -- update the password, double check connected apps and devices, activate login alerts -- and if the response is good, more people will see the prompt soon. If you (or your friend/relative with the account that's constantly pushing spam) aren't seeing it yet, a visit to the Privacy Basics page is another way to make sure things are locked down.
Twitter's CFO is not very good at using Twitter (update)
A hacked account can happen to the best of us, but it's a bit embarrassing when you're an executive of the service in question. Enter Anthony Noto, Chief Financial Officer of Twitter. He's already suffered a "DM fail" -- accidentally tweeting a message instead of sending it privately -- that revealed a possible acquisition in the works, and today his account appears to have been hijacked by a URL spammer (as seen here, but obviously you should not click the links). Usually these things happen when a user clicks on a phishing link and enters their login details on a webpage spoofing the original service, but there are several ways (besides intense vigilance and never clicking on anything, ever) to prevent this.
Anthem health insurance hack exposes data of over 80 million
Hackers have accessed millions of customer and employee details from US-based health insurance firm Anthem, including name addresses and social security numbers. The database that was accessed included details for roughly 80 million people, but Anthem, the second biggest insurer in the country, believes that the hack likely affected a fraction in the "tens of millions". Its Chief Information Officer said that they didn't yet know how hackers were able to pull off the attack. In a statement on Anthem's site, CEO Joseph Swedish said that the company was the target of "a very sophisticated external cyberattack" -- although medical and financial details were apparently not breached.
The Daily Grind: Have you ever been hacked in an MMO?
The Massively tip line frequently receives notes from MMO gamers who are upset about being hacked in one MMO or another. Sometimes it's the result of a serious security flaw in the game, but sometimes it's just a lapse in a player's personal security. One way or another, it sucks. I've never had an MMO account of mine hacked, but a guildie or two of mine has in the past, which has resulted in our guild vault being cleaned out. Fortunately, the studio (Blizzard, in this case) restored the accounts and every scrap of loot and gold that was taken. But I know not all studios respond that way when it's not their fault but ours, and some folks find they've lost their accounts and characters forever. Have you ever had an MMO account hacked? How did the studio handle it? And what did you do to safeguard yourself afterward? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
China suspected in US Postal Service hack that exposed data on 800,000 workers
The United States Postal Service's computer networks were breached, the USPS announced this morning. The breach was discovered back in September -- it's not clear when the actual attack(s) took place -- and the Washington Post is reporting that Chinese government is responsible. The US Federal Bureau of Investigation is leading investigations into the breach; FBI officials aren't saying who they believe is responsible. The entire USPS staff of over 800,000 employees is affected by the breach: "names, dates of birth, Social Security numbers, addresses, dates of employment and other information" were all taken, according to USPS officials. The breach reportedly doesn't affect USPS customers, both in-store and online via USPS.com, though some customer information (names, email addresses and phone numbers) was also taken -- if you "contacted the Postal Service Customer Care Center via phone or email between January 1st and August 16th." Officials are saying no other customer info was taken. "At this time, we do not believe that potentially affected customers need to take any action as a result of this incident," a statement from the USPS says. All USPS employees are being offered one free year of credit monitoring in wake of the information breach, though we're guessing that a few of those approximately 800,000 people are seeking employment elsewhere after today's news.
Kmart's registers were hacked, credit and debit card numbers at risk
Get ready to call your credit card provider again -- another major US retailer has reported that its payment system has been compromised. Kmart's IT team quietly announced that malware has been found in its stores' register systems, noting that both debit and credit card numbers have been stolen. The breach seems to have occurred in early September, meaning any purchase made at the chain in the last month and a half is potentially at risk. Security experts say attackers have enough information to possibly duplicate payment cards, but not necessarily steal your identity: personal information, pin numbers, addresses and social security data have not been compromised. Still, it's a big enough breach that Kmart shoppers will want to call their financial providers. Ugh. Happy Friday news dump, everyone. [Image credit: Shutterstock]
Hospital network hackers nab personal info of 4.5 million US patients
In April and June, one of the largest hospital networks in the US was hacked. Community Health Systems says that cyber attacks originating in China stole the personal details of 4.5 million patients including names, addresses, telephone numbers, birth dates and Social Security numbers. In a regulatory filing, the company explained that an investigation into the breach showed "methods and techniques" used were similar to those employed by a group that's been active in the country. Said group usually goes after intellectual property (like medical equipment data) according to the report, so the company doesn't believe that the personal info would be exploited. What's more, both credit card numbers and clinical data weren't touched. Community Health Systems says it's removed the hackers' malware, and is in the process of notifying patients involved across its 206 hospitals that span 29 states. [Photo credit: Jonathan Wiggs/The Boston Globe via Getty Images]
Aura Kingdom hacked and emails stolen... or maybe not [Updated]
Recent hacking of Aura Kingdom apparently resulted in stolen email addresses that are being used to pester users players are reporting that they're getting invitations sent to their Aeria Games email address from an individual asking them to join an Aura Kingdom private server. Fortunately Aeria Games does not store credit card information, so it seems as though that information is safe. An Aeria Games GM responded to the claims by saying that the company is investigating the issue: "Thanks for reporting this. We'll look closely into this reports. We will let you know if we need more information. Also note, we do not process any payments, this is done through the service you utilize to buy AP. So this is not something we store." [Thanks to Thomas for the tip!] [Update: Aeria has contacted us to update us about the situation and provide an official statement: "We have investigated this issue and would like to confirm that we have found no evidence of our servers or players' account information being compromised. This includes the email addresses that were reported to have been affected in this article. We have, however, found potential security vulnerabilities through third parties unaffiliated with Aeria Games. We caution against providing contact information to these unaffiliated entities and encourage all players to change their passwords on a regular basis to maintain account security."]
Kickstarter hacked, customer information accessed
If you've logged in to use Kickstarter, perhaps to support an up-and-coming MMO, then pay attention: earlier today, the site reported to users that it was hacked this past week and customer data was accessed. In a security notice posted on the site, Kickstarter said that it was notified by authorities this past Wednesday that hackers gained access to the site. The company has since closed the breach, bolstered its security, and notified customers to change their passwords. Credit card information was not part of the accessed information, but user names, email addresses, and encrypted passwords were. "We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come," the company posted.
Blizzard Customer Support warns of dangerous Trojan [Updated]
Blizzard Customer Support Agent Jurannok has taken to the forums to warn players of a dangerous Trojan -- a virus that can enter players' accounts even if they have an authenticator. Update -- A solution has been found. Jurannok Hello, We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them. If your account has been compromised recently, I'd recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64". It will usually appear like this: Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup source
Hacker cracks indie's PayPal account, orders PS4s with crowdfunded cash
With three days left in the Secrets of Rætikon Indiegogo campaign, developer Broken Rules discovered its PayPal account had been hacked and someone had spent $2,500, in part to order three PS4 consoles, studio co-founder Martin Pichlmair told Joystiq. Broken Rules contacted PayPal and put a stop to the spending, and PayPal assured the studio that all of its money would be returned. Pichlmair said he believed the account's password was cracked. Broken Rules since regained full control over its own account, making it safe for backers to continue donating. "This feels like someone breaking into your house and we were super-stressed out for a whole day," Pichlmair says. "We're on the last stretch of our crowdfunding campaign and this incident is really taxing .... Gladly there wasn't too much money on our PayPal account at that point." Secrets of Rætikon has a $40,000 campaign on Indiegogo and has raised $10,900 with three days to go – but it's a Flexible Funding project, meaning Broken Rules gets to keep whatever money it makes, regardless of reaching its goal. Secrets of Rætikon was a stylish exploration and puzzle game that we dug at GDC Europe this year. All that Broken Rules had to identify the hacker was a "dodgy Gmail address," so there wasn't much chance of catching anyone, Pichlrmair said. As for the return of its stolen money, he said he'd believe it when he saw it. Pichlmair planned to update backers no matter how the hack shook out. "We try to be honest even if it is to our detriment," he said. "That's us."
TUG suffers from DDOS attack
"Relentless" attacks against fledgling sandbox TUG are being addressed by the team and its security measures, Nerd Kingdom wrote in a forum post yesterday. Players noticed something wrong when they couldn't log into the game yesterday, and a developer confirmed that a DDOS attack was in the works and was being combated. She said that there is no ETA for a fix but that players who have applied for testing keys need not worry about losing theirs due to the issue. "Yeah, the attacks started during the weekend and they've been pretty relentless. Luckily our security measures are working. We just need to do some tweaking now," developer Dee posted. "While it sucks that it's happening, it's better to have these things happen now, while we're in the alpha stage when stuff's supposed to break, than later when it might've been much more of a problem to iron out." [Thanks to Sounder for the tip!]
LA officials may delay school iPad rollout after students hack them in a week
Just a week after it began the first phase of putting iPads in the hands of all 640,000 students in the region, the Los Angeles school district already has a fight on its hands. In a matter of days, 300 children at Theodore Roosevelt High School managed to work around protective measures placed on the Apple tablets, giving them complete access to features -- including Facebook, Twitter and other apps -- that should otherwise have been blocked. Students bypassed the security lock on the device by deleting a personal profile preloaded in the settings -- a simple trick that has the school district police chief recommending the board limit the $1 billion rollout (including hardware and other related expenses) before it turns into a "runaway train scenario." For now, officials have banned home use of the iPads while they assess ways to better restrict access -- they would have gotten away with it, too, if it wasn't for those meddling kids. [Original image credit: flickingerbrad, Flickr]
Automotive takeover schemes to be detailed at Defcon hacker conference
It's not like Toyota hasn't already faced its fair share of Prius braking issues, but it appears that even more headaches are headed its way at Defcon this week. Famed white hats Charlie Miller and Chris Valasek are preparing to unleash a 100-page paper at the annual hacker conference in Las Vegas, and notably, hacks that overtake both Toyota and Ford automotive systems will be positioned front and center. The information was gathered as part of a multi-month project that was funded by the US government, so it's important to note that the specifics of the exploits will not be revealed to the masses; they'll be given to the automakers so that they can patch things up before any ill-willed individuals discover it on their own. Using laptops patched into vehicular systems, the two were able to force a Prius to "brake suddenly at 80 miles an hour, jerk its steering wheel, and accelerate the engine," while they were also able to "disable the brakes of a Ford Escape traveling at very slow speeds." Of course, given just how computerized vehicles have become, it's hardly shocking to hear that they're now easier than ever to hack into. And look, if you're really freaked out, you could just invest in Google Glass and walk everywhere.
Apple's developer site partially restored after hack
Apple has partially restored access to its developer services, which went down for maintenance on Thursday, July 18 after being hacked. "We appreciate your patience as we work to bring our developer services back online," an update on Apple's developer site reads. "Certificates, Identifiers & Profiles, software downloads, and other developer services are now available." According to Apple's system status page, the member center, Xcode automatic configuration, pre-release documentation, program enrollment and renewals, developer forums, videos, App Store resource center and technical support services are still offline. Apple will extend program membership and keep developers' apps on the App Store if their membership "expired or is set to expire during this downtime."
