data breach
Latest
Hackers obtain millions of cards from Planet Hollywood's parent company
More than a few restaurant-goers in the US will want to check their bank statements. Earl Enterprises has confirmed that hackers used point-of-sale malware to scoop up credit and card data at some of its US restaurants between May 2018 and March 2019, including virtually all Buca di Beppo locations, a few Earl of Sandwich locations and Planet Hollywood's presences in Las Vegas, New York City and Orlando. It's a fairly large data breach -- KrebsOnSecurity discovered that a trove of 2.15 million cards were on sale in the black market as of February.
Iranian hackers stole terabytes of data from software giant Citrix
Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company's internal network, swiping business documents in an apparent "password spraying" attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn't shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.
500px reveals 2018 breach that exposed user data
Photo-sharing platform 500px has revealed that it suffered a security breach that exposed its users' data and profile information. While the company's engineers have only just discovered the unauthorized entry, it actually happened way back on July 5th, 2018 -- just a few days after the company closed its in-house Marketplace that helped photographers sell their work. Simply put, everybody who signed up for a 500px account on or before that day has been compromised.
Target's proposed data breach settlement pays victims up to $10k
Target has agreed to a $10 million settlement with lawyers for victims of its 2013 data breach, and CBS News reports it could pay individuals up to $10,000 each in damages. It has yet to be approved by a judge, but Target spokesperson Molly Snyder says the company is "pleased to see the process moving forward." In case you've already forgotten, the retailer discovered in December 2013 that hackers had stolen information for some 40 million credit and debit cards, while its security ignored breach alerts for 12 days. The company's CEO stepped down in May saying he felt "personally accountable" for the lax security. KSTP TV5 in Minnesota has posted a copy of the form victims will fill out to receive their damages if the settlement is approved, which you can see here.
Sony drops appeal for ICO-issued 2011 data loss fine
Sony dropped its appeal and will therefore have to pay a £250,000 fine issued by the UK Information Commissioner's Office related to a massive data breach on PSN in April 2011. ICO issued the fine in January 2013, calling the hack a "serious breach of the Data Protection Act." "After careful consideration we are withdrawing our appeal. This decision reflects our commitment to protect the confidentiality of our network security from disclosures in the course of the proceeding," a Sony representative told V3. "We continue to disagree with the decision on the merits."
Yahoo confirms server breach, over 400k accounts compromised
Online account security breaches are seemingly commonplace these days -- just ask LinkedIn or Sony -- and now we can add Yahoo's name to the list of hacking victims. The company's confirmed that it had the usernames and passwords of over 400,000 accounts stolen from its servers earlier this week and the data was briefly posted online. The credentials have since been pulled from the web, but it turns out they weren't just for Yahoo accounts, as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login info was also pilfered and placed on display. The good news? Those responsible for the breach said that the deed was done to simply show Yahoo the weaknesses in its software security. To wit: We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage. In response, Yahoo's saying that a fix for the vulnerability is in the works, but the investigation is ongoing and its system has yet to be fully secured. In the meantime, the company apologized for the breach and is advising users to change their passwords accordingly. You can read the official party line below. At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.
Vlingo co-founder explains data-collection issues
With Carrier IQ and O2's most recent data-snooping, people's vigilance about what information cellphones transmit is increasing. Using a Galaxy Note, AndroidPit found that every four minutes, Vlingo's voice-recognition app was sending a packet of data to an unencrypted server. The packet contained your GPS co-ordinates, IMEI (unique device identifier), contact list and the title of every song stored on your device -- without proper warning in the privacy policy you agree to when starting up the app. We spoke with co-founder John Wynn, product marketing head TJ Leonard and communications manager Erin Keleher, who gave us a full and frank discussion about what's going on and the steps it's taking to remedy the situation, which we've got for you after the break.
PlayStation Store, Qriocity returning to Japan this week, completing global PSN restoration
Sony's 'Welcome Back' campaign may have drawn to a close a bit early, but the PlayStation Network won't make its full return to Japan until later this week. As of July 6th, Japanese gamers will once again be able to access the PlayStation Store and Qriocity, bringing an end to a nearly three-month suspension enacted after April's widespread data breach. These services have already been reintroduced across other parts of the globe, but Sony encountered notably stiffer resistance in its homeland, where authorities demanded assurance of the PSN's security before allowing it to relaunch within their borders. The PlayStation Store remained down throughout Sony's negotiations with government officials, but company spokesman Satoshi Fukuoka says those discussions have advanced far enough for full services to resume. The PSN's long-awaited return to Japan will also signal its full global restoration, meaning that Sony may finally be able to put the saga to rest -- and try to forget about that $170 million it lost in the process.
Sony promises global PSN restoration by week's end, except in some parts of Asia
It looks like Sony's long, PSN nightmare is finally coming to an end -- almost. Today, the company announced that it will restore PlayStation Network and Qriocity services in the Americas, Europe and most of Asia by week's end. The only exceptions are Hong Kong, South Korea and Japan, where users will have to await further details before regaining full access. Speaking to the Wall Street Journal, spokeswoman Yuki Kobayashi added that Sony is in the process of finalizing an agreement to protect credit card owners in these three countries, where authorities have taken a particularly cautious approach to the data breach. This means that the company won't see global restoration by the end of May, as previously hoped, but Kobayashi said the plans were delayed simply because Sony needed more time to fully secure its infrastructure (sound familiar?). You can read a lengthier explanation in the press release after the break.
Talking Sony and identity protection with LifeLock
As Sony continues to struggle to restore service to both the PlayStation Network and Sony Online Entertainment's MMOs following a hacking intrusion that resulted in millions of customer identities being compromised, players are understandably concerned about how secure their information is with similar companies. Even though Sony promised to provide a year's worth of identity theft protection for affected customers, part of the responsibility for safeguarding against such theft lies with us. As such, we spoke with Mike Prusinski, the Senior Vice President of Corporate Communications for LifeLock, an identity theft protection service. We asked him about what we should be doing to protect our identities online -- and what Sony could have done better in the first place. Massively: What are the most common ways that people have their identities stolen? Mike Prusinski: Though there are no statistics that point to one way over another, consumers get their personal information lost through stolen laptops, hackers, stolen mail, trash, skimming devices, scams (email, phone calls and personal visits), peer-to-peer networks and public websites.
SOE games down until Friday at the earliest, class action suit launched, Anonymous denies involvement [Updated]
The latest news in the Sony Online Entertainment debacle finds the besieged MMORPG maker turning to outside sources for help. According to MSNBC, SOE has hired security experts from Data Forte, Guidance Software, and Robert Half International to assist in plugging the holes in its IT infrastructure. Legal issues are waiting in the wings as well, and Tuesday brought the first hint of a proposed class-action suit. McPhadden Samac Tuovi LLP is preparing a $1.05 billion suit on behalf of a 21-year old PlayStation customer from Mississauga, Ontario. In other related news, SOE's Taina Rodriguez told the San Diego Union-Tribune that the company's game services will remain offline through Friday and possibly longer. [Update: In its most recent update, SOE commented further on the delay between the attacks and SOE's becoming aware of them, noting that "Essentially the perpetrators used sophisticated means not only to access the data, but also to cover their tracks. We committed to continue the investigation and in doing so, uncovered further information that we did not have when we initially believed the data was not stolen." Meanwhile, our sister publication Joystiq is among news agencies reporting that SOE has suggested to Congress that Anonymous is responsible for the attacks. Anonymous has denied involvement.]
SOE answers our questions about the recent database incursion
After PSN's data breach a couple of weeks back, questions and rumors spread across the internet, including speculation about the source of the incursion and how many records were actually taken. However, we still did not have all the answers. Customers of Sony Online Entertainment have been curious about the details of the recent intrusion into SOE servers, so Massively teamed up with our sister site, Joystiq, to get some direct statements from Sony. We put only our best detectives on the job. Joystiq Contributing Editor Ben Gilbert fired up the communicator with SOE PR Representative Ryan Peters to discuss the issues plaguing the MMO developer. Admittedly, many of the answers given were reiterated from a press release on SOE's website, but he was able to extract a few nuggets of information regarding the depth of the incident, which we've compiled past the break. Rest assured that our team will continue to keep you up to date on the latest information.
Sony executive to address media regarding PlayStation Network debacle
If you're curious what Sony higher-ups have to say about the recent PlayStation Network security debacle, you'll want to check out Kazuo Hirai's remarks to the media at 2:00 p.m. Sunday in Tokyo (1:00 a.m. EDT). Hirai, Sony Corp's executive deputy president, is expected to field questions from journalists as well as use his considerable PR skills to put a positive spin on the situation and its aftermath. Much is at stake for the global entertainment giant, including possible legal actions resulting from the compromise of 77 million user accounts (and the company's delayed response and acknowledgment of the problem well after the fact). It's a big moment for Hirai as well; the executive is considered the front-runner in the race to supplant current Sony president Howard Stringer -- who has "been vague about his plans from the next financial year that starts in April 2012" according to Reuters.
The Lawbringer: The system is down
Pop law abounds in The Lawbringer, your weekly dose of WoW, the law, video games and the MMO genre. Running parallel to the games we love and enjoy is a world full of rules, regulations, pitfalls and traps. How about you hang out with us as we discuss some of the more esoteric aspects of the games we love to play? For PlayStation Network users, this past week has been a harrowing one. The security breach and subsequent dismantling of the online network was a huge blow to Sony, which prided itself on being able to provide the service free of charge and expand into sales, downloads, and everything else synonymous with a next-gen online network. This past week's events, however, prove that these networks are fragile and have everyone asking the question, "What is next?" What would happen if World of Warcraft were down for a week -- not due to some prescribed downtime or voluntary upgrades, mind you, but a comprehensive security breach that affected every single member of our online community? From the PlayStation Network incident, we can see the hostile environment that these security breaches foster, from political ramifications to financial consequences and even legal trouble. Shall we muse about the stability of online networks?
Second Life's user database breached
Hackers broke into the Second Life user databases on Thursday, according to this post on the official blog of Second Life parent company Linden Labs. Intruders gained access to Second Life account names, real life names, contact information, encrypted account passwords and encrypted payment information. So what? Well, there's something scarier about this theft. Name, address and credit card information is stolen daily from various inept ecommerce sites. We're kind of accustomed to that level of theft. But how many of us are really comfortable with data stolen from the place where we spend our leisure time? To put a finer point on it, what happens when archived MMOG chat logs are breached? It's going to be ugly, like AOL ugly: "I swear honey, that Furry meant nothing to me. It was totally just research for my new book. I'll sell the teledildonics equipment on eBay first thing tomorrow." Gamers haven't been paying much attention to privacy of in-game communications. Given how intimate some of those communications have become, maybe it's time for more scrutiny of privacy protection measures taken by MMOG providers. [Via Techcrunch] [Image via furry.wikia.com]
