SecurityBreach
Latest
Amazon sent 20 order confirmations to the wrong people
Twenty Amazon customers in the US had their order updates sent via email to the wrong person thanks to a "technical issue." Amazon confirmed the snafu after a report from TechCrunch exposed the issue. In addition to an individual's order, these emails included other sensitive information, including names and delivery addresses. For what it's worth, Amazon says email and credit card information was not included in the updates.
NASA discloses October security breach
In an internal memo obtained by Spaceref, NASA's chief human capital officer Bob Gibbs has revealed that the agency suffered a security breach a few months ago. Investigators discovered the breach on October 23rd, and they found that an intruder gained access to a server containing the personal information (including their Social Security numbers) of current and former employees. It's not entirely clear if the data itself was compromised, and the agency still doesn't know the full scope of breach, but Gibbs wrote that "NASA does not believe that any Agency missions were jeopardized by the cyber incidents."
Uber hackers also reportedly breached LinkedIn's training site
The hackers who were responsible for the Uber data breach that affected 57 million users around the world have been indicted... for another hack altogether, according to TechCrunch. Canadian citizen Vasile Mereacre and Florida resident Brandon Glover have been indicted for stealing account information from LinkedIn training site Lynda.com, but a TechCrunch source said they were also behind the massive Uber breach back in 2016. If true, then they got caught for a much smaller scheme: the Lynda cyberattack only compromised 55,000 accounts.
Proposed Senate bill could send execs who conceal breaches to jail
A re-introduced Senate bill is addressing a timely topic, by making it a crime -- punishable by up to five years in prison -- if companies knowingly conceal a breach of customer information. After a slew of cyber attacks (like the one on Equifax) and news that Uber concealed a breach impacting some 57 million people, Sen. Bill Nelson, the ranking Democrat on the commerce committee, is reviving a bill he tried to pass during the last session called the "Data Security and Breach Notification Act (PDF)."
Five state attorneys general are investigating Uber breach
Uber's latest security breach, which exposed 57 million customers' and drivers' personal information, has come under more and more scrutiny since it was revealed earlier this week. The Federal Trade Commission has already confirmed that it's looking into the breach as well as how Uber handled it. A number of agencies abroad are investigating the incident as well. But it doesn't stop there. Uber is also now under investigation by at least five state Attorney General offices and has been named in multiple lawsuits.
IRS freezes its fraud prevention contract with Equifax
The IRS got a lot of flak from both ordinary citizens and lawmakers when it awarded Equifax a fraud prevention contract earlier this month. After all, they forged their partnership after the credit reporting agency revealed that it recently suffered a massive security breach that affected 145 million Americans. Now, after reports came out that an adware installer lived in the agency's website, IRS has decided to temporarily suspend the $7.2 million, no-bid contract.
Equifax breach included 10 million US driving licenses
10.9 million US driver's licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers' records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver's licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency's system.
Disqus reveals it suffered a security breach in 2012
Another day, another security breach (and another, and another...). This time it's Disqus, which is revealing that in 2012 -- around the time when Engadget used Disqus for comments -- hackers made off with some of its data, covering a snapshot of usernames and associated email addresses dating back to 2007, as well as "sign-up dates, and last login dates in plain text for 17.5mm [sic] users." More distressing is news that it also coughed up passwords for a third of those accounts, which were in hashed (SHA1) form but it's possible the attackers could have decrypted them.
Equifax to launch a free lifetime credit lock service
Equifax's new chief knows it'll take a lot of effort to make people trust the credit reporting agency again. He started by penning a letter of apology published by The Wall Street Journal, wherein he admitted that the company wasn't able to live up to people's expectations. Equifax was hacked, he wrote -- its website "did not function as it should have," and its "call center couldn't manage the volume of calls" the company received after the security breach was made public. The interim CEO has also revealed that Equifax will launch a new service on January 31st that will give you the power to lock and unlock your credit anytime. Best thing about the offer? It will be free for life to all its customers in the US.
Major accounting firm Deloitte reports extensive cybersecurity breach
Deloitte, a major US and global accounting firm, revealed that it was hit with a cybersecurity breach that may have extended from October of last year through this past March, the Guardian reports. The company -- one of the world's Big Four accounting firms -- which works with large banks, global firms and government agencies, among others, provides tax and auditing services, operations consulting, merger and acquisition assistance and, wait for it, cybersecurity advice.
Experian makes it easy for someone to undo your credit freeze (updated)
Turns out Equifax isn't the only credit reporting agency with garbage security, which probably shouldn't come as a surprise at this point. As Brian Krebs reports on his security news website, Experian has a few issues too, namely some incredibly lax barriers to obtaining a PIN used to unlock a credit freeze.
Equifax stock sales prompt DOJ investigation for insider trading
Things are about to get even worse for Equifax, and rightfully so. According to reports from Bloomberg, the US Department of Justice (DOJ) has opened a criminal investigation into Equifax officials' stock sales just before the announcement of the security breach that exposed data from 143 million US consumers. Equifax CFO John Gamble, President of US Information Solutions Joseph Loughran and President of Workforce Solutions Rodolfo Ploder dumped nearly $1.8 million in stock just after the company discovered the breach and about a month before it was announced. Equifax has maintained that the three didn't know about the breach when they sold the stock.
Senators call for credit report changes after Equifax breach
In light of the Equifax breach that exposed personal information of over 143 million US citizens, a handful of senators have reintroduced legislation that would put more power in the hands of consumers when it comes to their credit reports. Senators Brian Schatz (Hawaii), Elizabeth Warren (Massachusetts), Claire McCaskill (Missouri), Richard Blumenthal (Connecticut), Bernie Sanders (Vermont) and Jeff Merkley (Oregon) have reintroduced the Stop Errors in Credit Use and Reporting (SECURE) Act.
Equifax security breach leaks personal info of 143 million US consumers
One of the largest security breaches ever has come to light today as Equifax revealed attackers used an exploit on its website to access records for 143 million US citizens (for reference, the US has a population for 323 million or so, that's about 44 percent). The oldest of the three major US credit bureaus, it maintains information on over 800 million people for credit and insurance reports, which is also a juicy target for anyone trying to steal data. Equifax says the breach lasted from mid-May through July 29th when it was detected. The criminals had access to information that could allow them to create or take over accounts for many of the people impacted since they have names, addresses, birth dates, social security numbers and "in some cases" drivers license numbers. An unspecified number of UK and Canadian residents were hit, plus the credit card numbers for 209,000 people and certain dispute documents for 182,000 people in the US.
Hackers leak HBO episodes, 'Game of Thrones' info online
Netflix isn't the only video service suffering form a hack: HBO has been breached as well. Hackers have gotten their mitts on 1.5 terabytes of data according to Entertainment Weekly, which apparently includes an episode of Ballers and Room 104 in addition to what may or may not be text related to next week's Game of Thrones installment. The hackers promise more will be leaked.
Over 1,000 Intercontinental hotels hit by a data breach
The Intercontinental Hotels Group (IHG) thought only a handful of Holiday Inns were affected by a data breach that happened last year, but it turned out to be a much bigger deal. In a statement posted on its website, IHG has admitted that it found signs of malware designed to access credit card data used at front desks in a lot more locations. It didn't mention a specific number, but it linked to a tool where you can look up which Holiday Inns, Intercontinentals and Crowne Plazas were affected. A Krebs on Security reader did some digging, though, and found 1,175 properties in IHG's tool. That's a sizeable chunk of the 5,000 hotels it has worldwide.
Three caught up in another embarassing data breach
A technical issue has given some Three customers access to another person's account information, including their name, address, phone number and call history. The scale of the problem isn't clear, but it's likely to be small. Three says it's received "less than 20" reports so far from customers, and is now investigating the matter. As the Guardian reports, the mistake has allowed a number of Three customers to view other people's personal information after logging in to their account online.
Trading card maker Topps hit by security breach in 2016
Topps, the iconic maker of Star Wars, Frozen and various sports-related trading cards, has just notified its customers of security breaches that happened earlier this year. In it, the company has admitted that one or more intruders infiltrated its system and "may have gained access to [customers'] names, addresses, email addresses, phone numbers, debit or credit card numbers, card expiration days and card verification numbers." Topps said it didn't find out about the intruders until October 12th, but anyone who bought items through its website from June 30th to that date could be affected. Upon discovering the breaches, it worked with a security firm to fix the vulnerability the hackers exploited and to fortify its system.
Dropbox hacker stole 70 million log-ins in 2012
Back in 2012, Dropbox admitted someone hacked into the cloud storage service and stole log-in details, but it didn't reveal the extent of the breach. Well, apparently, it was a huge one. Motherboard has obtained a number of files containing 60 million username and password combinations that came from that incident. A senior Dropbox employee who chose to remain anonymous confirmed the files' contents to the publication. Microsoft Regional Director Troy Hunt verified the details by finding his and his wife's log-ins in the mix, as well.
ATM hacking spree nets thieves $12.7 million in two hours
Normally when your data is part of a haul from some security breach your most immediate worry is about how it can be used to steal your identity online. Well, sometimes that information is instrumental in physical heists. On May 15th, a team of hackers coordinated to withdraw $12.7 million from about 1,400 convenience store ATMs across Japan in under two hours.