hacked
Latest
European police hacked encrypted phones used by thousands of criminals
In one of the largest law enforcement busts ever, European police and crime agencies hacked an encrypted communications platform used by thousands of criminals and drug traffickers.
Houseparty says it wasn't hacked, offers $1 million for 'smear campaign' proof
Popular video-calling app Houseparty is offering a $1 million bounty to anyone that can prove the app has been a victim of reputational sabotage. The announcement, made by the company over Twitter, comes amid swiftly circulating rumors that the app has been hacked -- Houseparty believes these rumors have been circulated as part of a "paid commercial smear campaign," and says there is no evidence to back up claims that the app has been compromised in any way.
MoviePass confirms breach that leaked credit card numbers
On Tuesday TechCrunch reported that security researcher Mossab Hussein, with the firm SpiderSilk, found an exposed, unencrypted MoviePass database with millions of records. Some of those included numbers for its custom debit cards that are used when subscribers purchase tickets, while others listed customer's personal information including their credit card numbers, expiration dates and billing information. Another researcher had located the vulnerable information back in July and notified the company, but neither was able to get a response, while yet another found evidence the database had been public since May of this year. MoviePass took the database offline yesterday after the report, and today finally publicly responded with a statement from a spokesperson. MoviePass recently discovered a security vulnerability that may have exposed subscriber records. After discovering the vulnerability, we immediately secured our systems to prevent further exposure and to mitigate the potential impact of this incident. MoviePass takes this incident seriously and is dedicated to protecting our subscribers' information. We are working diligently to investigate the scope of this incident and its potential impact on our subscribers. Once we gain a full understanding of the incident, we will promptly notify any affected subscribers and the appropriate regulators or law enforcement. The company put its services "on hold" in July while saying it was working on its app, but couldn't close this security hole -- despite apparent attempts at notifications before restoring access "to a substantial number of our current subscribers."
32 million patient records were breached in the first half of 2019
More than 32 million patient records were breached between January and June 2019. That's more than double the 15 million medical records breached in all of 2018, says healthcare analytics firm Protenus. According to the company, the number of disclosed incidents rose to 285 in the first half of the year, and the longstanding trend of at least one health data breach per day shows no signs of slowing down.
Facebook says recent data breach wasn't 'related to the midterms'
Even though the number of users affected by Facebook's most recent hack was lowered to 29 million, from 50 million, it's still safe to say the attack was worse than originally thought. That's because we now know that the breach, which Facebook revealed a couple of weeks ago, exposed very detailed information of 14 million of those users, including their username, birthdate, gender, location, relationship status, religion, hometown, self-reported current city, education, work, the devices they used to access Facebook and the last 10 places they checked into (or were tagged in) on the site. The attackers, whose identities Facebook won't reveal because of an ongoing FBI investigation, were also able to view which people/Pages were followed by these 14 million users, as well as their 15 most recent searches on Facebook.
The company that helps police track phones was reportedly hacked
Securus is known for allegedly helping prisons violate Sixth Amendment protections by recording "at least" 14,000 phone calls between inmates and lawyers. There was also a report at The New York Times that a former sheriff in Mississippi County used the service to track cellphones, including those of other officers, without court orders. Now, an unidentified hacker has apparently provided Motherboard data from Securus, which includes usernames and "poorly secured" passwords for thousands of the company's customers in law enforcement.
Spotify cracks down on free users that steal Premium service
Spotify may have 159 million active users, but only 71 million of those are paid subscribers. It makes sense that the company would want to maximize the number of paying customers, especially in light of the company's recent moves to go public. Now, it appears that Spotify is cracking down on free users that take advantage of hacked apps in order to remove the restrictions of unpaid accounts, according to TorrentFreak.
2017’s biggest cybersecurity facepalms
2017 was a year like no other for cybersecurity. It was the year we found out the horrid truths at Uber and Equifax, and border security took our passwords. A year of WannaCry and Kaspersky, VPNs and blockchains going mainstream, health care hacking, Russian hackers, WikiLeaks playing for Putin's team, and hacking back. In 2017 we learned that cybersecurity is a Lovecraftian game in which you trade sanity for information. Let's review the year that was (and hopefully will never be again).
Hackers slipped malware into popular PC software CCleaner
A popular PC-cleaning software used by over 130 million people put users at risk after hackers were able to insert malware into legitimate downloads. Piriform's CCleaner, owned by antivirus provider Avast, was found to be hosting a "multi-stage malware payload" that could install ransomware or keyloggers and further infect target computers on command.
Equifax blames breach on a server flaw it should've patched
Equifax's latest update on its unprecedented security breach notifies the public that its investigation has found the cause of the theft. Along with an unnamed security firm (ZDNet and others have reported it's Mandiant) the company confirmed rumors that attackers exploited a flaw in the Apache Struts Web Framework. That bug, CVE-2017-5638, was revealed in March, but the criminals were still able to use it against Equifax to steal personally identifiable information (PII - including names, birth dates, social security numbers and more) for 143 million people in the US in mid-May.
Equifax tries to explain its response to a massive security breach
A day after announcing that hackers stole personal information tied to 143 million people in the US, Equifax's response to the breach has come under scrutiny. Language on the website where people could find out if they were affected seemed to say that by signing up they would waive any right to join a class action suit against the company -- something New York Attorney General Eric Schneiderman said is "unacceptable and unenforceable." The company has since explained it does not apply to the data breach at all, but that hasn't stopped misinformation from spreading.
VP Mike Pence used AOL email for state business while governor
The Indianapolis Star reports that in response to a public records request, the current governor of Indiana has released 30 pages of emails from the AOL (which is the parent company of Engadget) account of Mike Pence. The former governor and current Vice President is said to have used his personal email account for state business on a number of occasions, which the paper notes is not against Indiana law. It also notes that a number of emails were not released because the state considered them "confidential."
Teenage TalkTalk hacker sentenced
The teenage hacker that played a key role in the 2015 TalkTalk data breach has been sentenced to a 12-month youth rehabilitation order today, after pleading guilty to seven charges under the Computer Misuse Act last month. Alongside a nominal fine, the 17-year-old has also surrendered his iPhone and a computer hard drive to police. As The Guardian reports, the rehabilitation order is intended to "draw him from the lonely confines of a bedroom and that lonely world of computing to a family where his knowledge and skills could be put to good use and to project that out to the wider world."
Spammers compromised Twitter accounts for @PlayStation and others
If you noticed something odd on Twitter tonight, you weren't alone. Around 1AM ET, accounts like @PlayStation, @Viacom, @XboxSupport, @NTSB, @TheNewYorker, @TheNextWeb, the Red Cross (@ICRC) and @Money started aggressively pushing ways to help you obtain more followers for free. Most of the tweets have been scrubbed, however, a look at Tweetdeck revealed they were all posted via Twitter Counter (@thecounter).
TalkTalk hacker pleads guilty to role in 2015 data breach
One of the hackers involved in last year's major TalkTalk breach, which saw over 150,000 customer details stolen including over 15,000 bank details, admitted his role in the attack in Norwich Youth Court today. The seemingly remorseful 17-year-old plead guilty to seven charges under the Computer Misuse Act, though not all were related to the TalkTalk hack.
It's not easy being Yahoo
Remember when Yahoo was great? Yeah, I'm having a hard time, too. Especially in light of the past few weeks, during which the company's house of cards collapsed -- and afterward those cards were set on fire and then pooped on by a passing flock of seagulls who'd had some bad curry.
TalkTalk scraps line rental to repair hack-damaged brand
TalkTalk's image has suffered since it was hit by a "significant and sustained cyberattack" in June 2015. The hack affected its bottom line too, cutting profits from £32 million to £14 million last May. To aid its recovery, the quad-play provider is attempting a mass reboot today that includes retooled packages, new guarantees and a fresh marketing campaign. The biggest change is an "all-in" pricing model which, similar to Vodafone, bundles in your line rental fee. The company telegraphed this move back in May, and says it'll put "an end to complex, confusing packages."
Twitter remains quiet about OurMine attack on its CEO's account
Early Saturday morning the team that has been breaking into high-profile social media accounts managed to temporarily hijack Twitter accounts for the CEOs of Yahoo and Twitter. Despite repeated requests from Engadget, Twitter has not commented on the incident and Jack Dorsey has not tweeted about it. Twitter's Trust & Info Security Officer Michael Coates did take time to refute a claim made by the OurMine hackers, after they posted a screenshot they claimed proves Vine has access to its users passwords.
Twitter CEO Jack Dorsey's account was compromised by hackers
We suppose it was inevitable, but the latest hacking of a high-profile Twitter account has occurred, and it's hit the company's CEO Jack Dorsey. After the hackers posted a few benign video clips, a tweet went up at 2:50AM ET saying "Hey, its OurMine,we are testing your security" and linking to their website. That tweet was quickly deleted, but it also linked to a short Vine clip which we've embedded below, and identical tweets continued to replace it. Hackers using the name OurMine have previously taken over some social media accounts of other CEOs, like Google's Sundar Pichai (via a Quora account) and Facebook's Mark Zuckerberg, but going after this CEO on his own platform -- he sent the first public tweet -- seems new.
Time Inc. confirms Myspace has been hacked
Time Inc. only got the keys to Myspace.com a few months ago, but it's already having to confirm some bad news: the social network has been the target of a hack. In a press release, the company says that just before the Memorial Day weekend (or Spring Bank Holiday in the UK), its technical teams were notified of someone trying to sell Myspace usernames, passwords and email addresses that were registered before June 2013.
