data breach
Latest
Federal prosecutors indict four Chinese military officers over Equifax hack
The Justice Department has charged four Chinese People's Liberation Army (PLA) officers in relation to the 2017 Equifax hack in which the personal details of some 145 million US consumers and nearly a million UK and Canadian citizens were stolen. The data included names, addresses, birth dates, Social Security numbers and some drivers license details.
Facebook says it will tighten account security following 2018 hack
Facebook is promising to bolster its security processes in the wake of a 2018 hack that exposed data for 29 million users. The social network has proposed a settlement in a lawsuit over the breach that would see the company check more often for suspicious activity around the digital access tokens that let people use their accounts. There are other measures as part of the lawsuit, Bloomberg said.
Phishing scams leveled up, and we didn’t
More than a bit of "I'm smarter than you" politics creates the divide between hacking headlines and what we actually need to worry about. On one side, researchers present findings at conferences hoping someone will raise the alarm and practical things will get done before things get worse. On the other, we have Jeff Bezos and his iPhone.
Hackers are selling card info stolen in last year's Wawa breach
If you purchased anything at the East Coast gas station and convenience store chain Wawa between March and December last year, there's a chance your credit and debit card info is being sold on the dark web. Earlier this week, fraud intelligence company Gemini Advisory discovered stolen payment card data being uploaded to Joker's Stash, an online cybercrime marketplace. It seems the data was obtained during the Wawa breach discovered in December.
Microsoft accidently exposed 250 million customer service records
While most people were out celebrating the start of a new year, Microsoft's security teams were working overtime to close a potentially enormous security loophole. On Thursday, the company disclosed a database error that temporarily left approximately 250 million customer service and support records accessible to anyone with a web browser.
Guardian: Saudi prince’s account used to hack Jeff Bezos via WhatsApp
Amazon spends millions of dollars each year physically protecting CEO Jeff Bezos, but his personal data remained all too vulnerable. According to a bombshell report published in The Guardian this afternoon, Bezos was the victim of a hacking operation conducted via WhatsApp that potentially involved Saudi crown prince Mohammed bin Salman.
Wyze leaks personal data for 2.4 million security camera users
You buy a home monitoring camera to improve your security, but Wyze customers might have wound up achieving the opposite. The company, which makes $20 security cameras to pepper around your home, has admitted that data on more than 2.4 million users has been exposed. A database was left exposed, allowing people to access key pieces of data, although financial information was not included.
FBI program helps companies fool hackers with 'decoy data'
The FBI thinks it has a way for companies to limit the damage from data breaches: lure thieves into taking the wrong data. Ars Technica has learned of an FBI program, IDLE (Illicit Data Loss Exploitation), that has companies plant "decoy data" to confuse intruders looking to steal valuable info. Think of it as a honeypot for would-be fraudsters and corporate spies.
T-Mobile confirms customers' personal data accessed in hack
It's been a rough month for customers who care about their privacy, with data breaches affecting businesses as diverse as high-end department stores, camgirl websites and online domain registrars. Yet another cybersecurity issue has allowed hackers to access data about prepaid customers of popular US and European telecom brand T-Mobile, as revealed by blog TmoNews.
Macy's says its website leaked credit card info to hackers for a week
The constant stream of card skimming hacks just claimed a particularly high-profile target. Macy's has warned customers that intruders slipped code (believed to be JavaScript) into two pages on its website on October 7th, letting them collect data from shoppers that included names, addresses and payment info. Macy's shut down the attack soon after discovering it on October 15th, but it's unclear just how many people were affected. The company told Bleeping Computer that a "small number" of people were victims, and that it had both implemented "additional security measures" and offered free credit monitoring.
Nearly everyone in Ecuador is the victim of a data breach
A massive data breach exposed sensitive data of nearly every individual in Ecuador. The breach impacted an estimated 20 million people -- for reference, Ecuador has a population of about 17 million. According to ZDNet, it exposed data on 6.7 million minors, as well as the country's president and WikiLeaks founder Julian Assange, who was granted political asylum by Ecuador in 2012.
Alleged JPMorgan hacker set to plead guilty
Andrei Tyurin, one of the key suspects in the huge JPMorgan Chase hack in 2014, is set to plead guilty, according to a court filing obtained by Bloomberg. The Russian reportedly struck a deal with federal prosecutors and will appear at a plea hearing next week in New York.
XKCD forum breach exposes details from over 560,000 user accounts
XKCD, the sarcastic webcomic revered by science and tech geeks, is now the butt of someone else's joke. Hackers breached the forum of the 14-year old site, stealing over 560,000 usernames, emails, IP addresses and hashed passwords. Security researcher Troy Hunt, who owns the data breach website Have I Been Pwned, alerted the site's administrators over the weekend. Hunt was originally tipped off about the breach by white hat hacker Adam Davies.
Online sneaker reseller StockX faces lawsuit over data breach
StockX is now facing legal action over a data breach that led to the theft of more than 6.8 million customer records. A class-action lawsuit filed in US District Court this week alleged that the online sneaker marketplace compromised the data of minors. According to The Detroit News, the plaintiff in the case is a Kansas minor identified as "I.C.", whose personal information was stolen and re-sold by hackers. The lawsuit is being bought on behalf of all youth who were impacted by the breach.
CafePress resets passwords months after reported data breach
StockX isn't the only company that appears to have warned users about a data breach through password resets. T-shirt seller CafePress has been asking customers to choose new passwords as part of an updated "password policy," but the news came soon after reports that the site had been the victim of a data breach in February. Have I Been Pwned claimed that over 23.2 million accounts had been exposed, including email addresses, names, physical addresses and phone numbers.
StockX confirms it was hacked (updated)
StockX's warning of "suspicious activity" appears to have stemmed from a serious data breach. TechCrunch has learned through a black market data seller that a hacker stole 6.8 million records from the shoe trading site in May, including names, email addresses and (thankfully hashed) passwords. The data also included less vital info like shoe sizes, trading currencies and device version profiles.
E3 data breach leaks info for thousands of registered journalists
Thanks to a staggering bit of negligence on the part of the organization that manages E3, the last and worst "leak" this year affects people from the media who covered the event. As pointed out on YouTube by Sophia Narwitz, a spreadsheet was available on the E3 website listing detailed contact information for over 2,000 journalists, content creators, analysts and others who applied for and received credentials to the event this year. The list apparently existed so that videogame companies could reach news media and content creators they wanted to contact about coverage, but it's obviously not intended to become publicly available. In a statement, the ESA said "Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again." That doesn't do much to help the people who are now at risk for targeted harassment, and, as VentureBeat points out, may cause an issue with Europe's GDPR. Narwitz noted that the list was pulled within hours of the ESA being notified, which was not soon enough to avoid people downloading and spreading the information. ESA: ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public. Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.
Clothing resale site Poshmark suffers data breach
Clothing resale site Poshmark has been hacked. Data from users in the US, including full names, usernames, genders, email addresses, hashed passwords, clothing size preferences and social media profile information, were accessed by "an unauthorized third party."
FTC warns Equifax claimants will get 'nowhere near' $125 cash payout
When the FTC and other government agencies reached a settlement deal with Equifax over its massive data breach, people affected were offered as much as $125 in cash. Now, the FTC is encouraging claimants to choose the free credit monitoring option instead, because there's absolutely no way everyone is getting $125. Apparently, the money earmarked for cash payments is only $31 million -- a tiny fraction of the $700 million settlement all the parties agreed on.
32 million patient records were breached in the first half of 2019
More than 32 million patient records were breached between January and June 2019. That's more than double the 15 million medical records breached in all of 2018, says healthcare analytics firm Protenus. According to the company, the number of disclosed incidents rose to 285 in the first half of the year, and the longstanding trend of at least one health data breach per day shows no signs of slowing down.
