breach
Latest
US government payment site leaks 14 million customer records
Government Payment Service Inc -- the company thousands of local governments in the US use to accept online payments for everything from court-ordered fines and licensing fees -- has compromised more than 14 million customer records dating back to 2012, KrebsOnSecurity reports. According to the security investigation site, the leaked information includes names, addresses, phone numbers and the last four digits of credit cards.
Rachel England09.18.2018
British Airways hackers used same tools behind Ticketmaster breach
The British Airways web hack wasn't an isolated incident. Analysts at RiskIQ have reported that the breach was likely perpetrated by Magecart, the same criminal enterprise that infiltrated Ticketmaster UK. In both cases, the culprits used similar virtual card skimming JavaScript to swipe data from payment forms. For the British Airways attack, it was just a matter of customizing the scripts and targeting the company directly instead of going through compromised third-party customers.
Jon Fingas09.11.2018
Key suspect in JPMorgan hack is now in US custody
Closure might be coming for victims of the massive JPMorgan Chase hack in 2014. The country of Georgia has extradited the alleged (and until now mysterious) hacker at the core of the crime, Andrei Tyurin, to the US. The Russian citizen pleaded not guilty in a New York court to charges that included conspiracy, hacking, identity theft and wire fraud. He reportedly worked with mastermind Gery Shalon to steal personal data from JPMorgan and other banks for use in a pump-and-dump stock scheme that may have made hundreds of millions of dollars.
Jon Fingas09.08.2018
British Airways website hack exposed customer financial data
While we've gotten used to regular data breaches, it's been awhile since news of one hit the airline industry. But customers who booked flights on British Airways' website or app between 22:58 BST on August 21st and 21:45 BST on September 5th had their personal and financial data compromised due to a cybersecurity breach. The company's post announcing the event unwaveringly stated that anyone who made a booking in that time frame had their information stolen.
David Lumb09.06.2018
Hackers gain access to millions of T-Mobile customer details
T-Mobile has fallen foul of yet another cybersecurity issue. In a statement released this week the company said that an unauthorized entry into its network may have given hackers access to customer records, including billing ZIP codes, phone numbers, email addresses and account numbers. According to T-Mobile, the intrusion was quickly shut down, and no financial data, social security numbers or passwords were compromised.
Rachel England08.24.2018
Australian teen pleads guilty to hacking Apple
An Australian teenager pleaded guilty today to charges over repeatedly hacking into Apple's computer systems, The Age reports. He reportedly was able to access authorized keys, view customer accounts and download 90GB of secure files before being caught. Once alerted to the repeated intrusions, Apple blocked the teen and notified the FBI of the breaches. The agency in turn contacted the Australian Federal Police who raided the teenager's home last year, seizing two Apple laptops, a mobile phone and a hard drive.
Mallory Locklear08.16.2018
Uber hires former NSA counsel as new security head
Uber has hired a new chief security officer, the New York Times reports, filling the role that has remained vacant since Joe Sullivan was fired last year. Sullivan was fired for his role in covering up a data breach that exposed the personal info of around 57 million Uber customers and drivers. Instead of reporting the breach, Uber paid the hackers that stole the information $100,000 to delete the data. Matt Olsen, former general counsel of the National Security Agency and former director of the National Counterterrorism Center, stepped in to help the company structure its security processes following the disclosure and he has now been named as its new chief security officer.
Mallory Locklear08.14.2018
Reddit hacker snagged email addresses and old passwords
Earlier this month, a hacker accessed a few of Reddit's systems, grabbing some current email addresses and a database backup from 2007 that contained account passwords. The company assured its users that the attacker did not gain write access to any systems, and was not able to alter any information. The company has since locked down their production systems and API keys while enhancing its monitoring system and logs.
Rob LeFebvre08.01.2018
Robocall company exposes hundreds of thousands of voter records
Hundreds of thousands of voter records were left exposed on an Amazon S3 bucket, ZDNet reports, this time by Virginia-based robocalling firm Robocent. Among the information that was left accessible were names, home addresses, gender, phone numbers, age, birth years, ethnicity, education and language spoken as well as state-provided or inferred political leanings such as "weak Democrat," "hard Republican" and "swing" voter. The cache contained nearly 2,600 files, including audio recordings of political messages.
Mallory Locklear07.18.2018
US military drone documents are selling for $150 on the dark web (updated)
Last month, while tracking dark web marketplaces, threat intel team Insikt Group of the security firm Recorded Future discovered that someone was selling alleged US military documents. A hacker was asking for "$150 to $200" for non-classified yet sensitive materials on the US Air Force's Reaper drone, and posted an additional bundle of information on US Army vehicles and tactics for sale.
David Lumb07.12.2018
Timehop's breach included user birthdate and gender data
It turns out that more than just names, usernames, email addresses and phone numbers were pilfered in the recent Timehop breach. You can add "birthdate" and "gender" to the list of data stolen in last week's hack, too. The company apologized for the piecemeal way it has delivered the information to customers, and has published a timeline of the events, which started last December and concluded July 5th.
Timothy J. Seppala07.11.2018
Adidas warns US customers about a possible data breach
Adidas announced this week that its systems might have suffered a data breach and that millions of customers' data could have been exposed. The company became aware of the issue on Tuesday and on Thursday, it reported that "an authorized party claims to have acquired limited data associated with certain Adidas consumers." Those potentially affected are believed to be customers who made purchases on Adidas' US website. Contact information, usernames and encrypted passwords might have been exposed, according to the company's preliminary investigation, but as of now, credit card and fitness information aren't thought to be included in any stolen data.
Mallory Locklear06.29.2018
Let's hope Trump didn't give Kim Jong Un the wrong ‘direct number’
President Trump's historic meeting with Kim Jong-Un may not have resulted in the complete de-nuclearization of the Korean Peninsula, but it did lead to a fascinating exchange in which the President claims to have given Kim a "very direct number" if the North Korean leader "has any difficulty." Wired raises an interesting point about the situation, though: given President Trump's attempts to keep his own smartphones away from security-minded staffers, is it possible he inadvertently created a potential security nightmare by giving Kim his personal phone number?
Chris Velazco06.15.2018
Cortana can be used to hack Windows 10 PCs
Cortana might be super helpful at keeping track of your shopping lists, but it turns out it's not so great at keeping your PC secure. Researchers from McAfee have discovered that by activating Cortana on a locked Windows 10 machine, you can trick it into opening up a contextual menu which can then be used for code execution. This could deploy malicious software, or even reset a Windows account password.
Rachel England06.13.2018
Major UK electrical retailer Dixons Carphone confirms it was hacked
One of Europe's largest electrical retailers has been the subject of a cyber attack that's compromised more than 5.9 million card records and as many as 1.2 million personal accounts. Dixons Carphone, the owner of Currys PC World and Dixons Travel stores, says that most of these cards have chip and pin protection and noted that the data accessed doesn't include PIN numbers, card verification values (CVV) or any authentication data "enabling cardholder identification or a purchase to be made." However, some 105,000 cards were from non-EU countries and do not have the chip and pin feature.
Rachel England06.13.2018
White House confirms its chief of staff was hacked
A personal email account of White House Chief of Staff John Kelly was hacked, according to an email obtained by Buzzfeed via a Freedom of Information Act (FOIA) request. "As we discussed ... my folks are nervous about the emails you send and ask that you no longer include them on any postings," Kelly wrote. "Then there is hacking which one of my own personal accounts has suffered recently. I do almost everything now by phone or face-to-face comms."
Steve Dent06.11.2018
Attacker involved in 2014 Yahoo hack gets five years in prison
The hacker-for-hire involved in the 2014 Yahoo security breach that affected 500 million users has been sentenced to five years in prison. Karim Baratov aka Karim Taloverov aka Karim Akehmet Tokbergenov said he didn't know he was working for Russian spies, since he didn't research his customers. His name first came up when two Russian nationals were charged with orchestrating the Yahoo breach -- according to the DOJ, those nationals were the ones who gave him data from the breach, which he then used to hack into the email accounts of American and Russian journalists, government officials and employees of financial services and private businesses, as well as other persons of interest.
Mariella Moon05.30.2018
Teen phone tracking app exposed thousands of Apple accounts
Parents understandably pour a lot of trust into apps that monitor their kids' activity. That makes it all the more painful when there's a lapse in security, and that's unfortunately the case today. Security researcher Robert Wiggins discovered that TeenSafe, a mobile app that lets parents track teens' locations and text messaging habits, left the data thousands of accounts exposed on two Amazon servers. One of them held nothing but test data, but the other included kids' Apple ID email addresses and passwords, not to mention the email addresses of the parents.
Jon Fingas05.20.2018
Tidal investigates possible data breach amid streaming stats allegations
Tidal recently came under fire for allegedly inflating play-counts on Lemonade and The Life of Pablo, which in turn resulted in higher payouts for Beyoncé and Kanye West, respectively. The streaming service vehemently denied the allegations, but now it's doing something rather curious: hiring a third-party data security company to investigate a possible breach.
Timothy J. Seppala05.18.2018
Equifax confirms data breach included driver's licenses and passports
Equifax has been dribbling out updates to the scope of its 2017 data breach for months, but how much information was compromised, exactly? You now have a better idea. The credit reporting firm has submitted a statement to the SEC explaining how much data was compromised across numerous categories. And... it's not pretty.
Jon Fingas05.08.2018