databreach
Latest
How a data request turned into a data breach
The process was smooth enough, with the right safeguards apparently in place. I emailed the dating app Coffee Meets Bagel to request personal data. Within 24 hours the company asked for a selfie of me holding an ID card and a piece of paper with the words "Coffee Meets Bagel" scrawled on it. Exactly one month later I received an email from Stephen Brandon, the company's data protection officer.
Who controls your data?
The average American, one study tell us, touches their phone 2,600 times per day. By the end of a given year, that's nearly a million touches, rising to two million if you're a power user. Each one of those taps, swipes and pulls is a potential proxy for our most intimate behaviors. Our phones are not only tools that help us organize our day but also sophisticated monitoring devices that we voluntarily feed with interactions we think are private. The questions we ask Google, for instance, can be more honest than the ones we ask our loved ones -- a "digital truth serum," as ex-Googler and author Seth Stephens-Davidowitz writes in Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are. Hoover up these data points and combine them with all of our other devices -- smart TVs, fitness trackers, cookies that stalk us across the web -- and there exists an ambient, ongoing accumulation of our habits to the tune of about 2.5 quintillion (that's a million trillion) bytes of data per day.
Timehop's breach included user birthdate and gender data
It turns out that more than just names, usernames, email addresses and phone numbers were pilfered in the recent Timehop breach. You can add "birthdate" and "gender" to the list of data stolen in last week's hack, too. The company apologized for the piecemeal way it has delivered the information to customers, and has published a timeline of the events, which started last December and concluded July 5th.
Timehop admits attacker stole 21 million users' data
Timehop, a popular app that reminds you of your social media posts from the same day in past years, is the latest service to suffer a data breach. The attacker struck on July 4th, and grabbed a database which included names and/or usernames along with email addresses for around 21 million users. About 4.7 million of those accounts had phone numbers linked to them, which some people use to log in with instead of a Facebook account.
Adidas warns US customers about a possible data breach
Adidas announced this week that its systems might have suffered a data breach and that millions of customers' data could have been exposed. The company became aware of the issue on Tuesday and on Thursday, it reported that "an authorized party claims to have acquired limited data associated with certain Adidas consumers." Those potentially affected are believed to be customers who made purchases on Adidas' US website. Contact information, usernames and encrypted passwords might have been exposed, according to the company's preliminary investigation, but as of now, credit card and fitness information aren't thought to be included in any stolen data.
Data-broker leak exposes 340 million personal records
Exactis might be fueled by data, but its recent blunder is a warning that any database without firewall protection is susceptible to leaks. The data aggregation company recently exposed over 300 million personal records -- statistically speaking, that's enough to cover the entire US population.
Fraudster caught using OPM hack data from 2015
Way back in 2015, the US Office of Personnel Management (OPM) was electronically burgled, with hackers making off with 21.5 million records. That data included social security numbers, fingerprints, usernames, passwords and data from interviews conducted for background checks. Now, a woman from Maryland has admitted to using data from that breach to secure fraudulent loans through a credit union.
UK privacy watchdog slaps Yahoo with another fine over 2014 hack
Yahoo still isn't done facing the consequences for its handling of a massive 2014 data breach. The UK's Information Commissioner's Office has slapped Yahoo UK Services Ltd with a £250,000 (about $334,300) fine under the country's Data Protection Act. The ICO determined that Yahoo didn't take "appropriate" steps to protect the data of 515,121 UK users against hacks, including meeting protection standards and monitoring the credentials of staff with access to the information.
Ticketfly is finally back online after hack
Ticketfly's site is back online after a hack last week which forced the company to take the site down while it investigated the incident. The iOS app, along with the Promoter and Fanbase functions, are still down, as Ticketfly prioritized "bringing up the most critical parts of the platform first." It's also rolling out promoter and venue websites that the platform powers.
MyHeritage admits 92 million user email addresses were leaked
MyHeritage is the latest company to suffer a security breach after a researcher found a file containing email addresses and hashed passwords for more than 92 million users. The researcher alerted MyHeritage to the breach Monday. The data includes account details for users who signed up to the genealogy and DNA testing service by October 26th last year.
Ticketfly hacker stole more than 26 million email and home addresses
A hacker has leaked personal information for more than 26 million Ticketfly users after last week's data breach. That's according to Troy Hunt, the founder of Have I Been Pwned, which lets you check whether your email address has been included in various data breaches.
Ticketfly says user data was compromised in recent hack
After it temporarily shut down its site Thursday, Ticketfly has confirmed it was hacked, and that the attackers compromised some client (i.e. venue) and customer data. The extent of the hack, and the types of data that the attackers accessed, is not yet known. Ticketfly is investigating the issue and has brought in third-party forensic experts to help it get back online. The company will give ticket buyers more information here as it becomes available.
Ticketfly temporarily shuts down to investigate 'cyber incident'
It's not a great time to be a concertgoer. Ticketfly has temporarily shut down after a "cyber incident" (read: hack) compromised its systems. An intruder defaced the company's website around midnight on May 31st with claims that they had compromised the "backstage" database where festivals, promoters and venues manage their events. Billboard sources didn't believe this included credit card data, but the attacker had posted files supposedly linking to info for Ticketfly "members."
Prime suspect in CIA ‘Vault 7’ hack still hasn’t been charged
Last year WikiLeaks published a ton of secret documents about the Central Intelligence Agency's (CIA) hacking capabilities. The breach -- the largest loss of classified documents in the agency's history -- revealed its far-reaching abilities to snoop on modern technology, including software designed to takeover smartphones and turn smart TVs into surveillance kit. Now, the prime suspect has been identified, but despite being in prison since August, has not been charged for his role in the breach, since referred to as Vault 7.
Equifax confirms data breach included driver's licenses and passports
Equifax has been dribbling out updates to the scope of its 2017 data breach for months, but how much information was compromised, exactly? You now have a better idea. The credit reporting firm has submitted a statement to the SEC explaining how much data was compromised across numerous categories. And... it's not pretty.
TaskRabbit returns following data breach it can't account for
Handyman-for-hire app TaskRabbit was the target of a data breach on Monday, resulting in both the app and website being taken offline while the company investigated the apparently intentional attack. Both are now back up and running, although the company has not said how the breach occurred or what information had been compromised.
Hackers take 5 million payment cards from Saks, Lord & Taylor stores
The wave of large-scale retail data breaches isn't about to subside any time soon. Gemini Advisory has discovered that a JokerStash online crime syndicate, Fin7, is planning to sell over 5 million payment cards stolen from the databases of 83 Saks Fifth Avenue stores (including Off 5th) and the entire network of Lord & Taylor. The crooks are 'only' selling 125,000 of the cards on the Dark Web as of this writing, but the rest are expected to reach the black market in the months ahead. The breaches reportedly started in May 2017, but could be continuing to this day.
Zuckerberg declines invite to UK committee hearing on data privacy
Despite being asked, Mark Zuckerberg won't attend a British parliamentary hearing about Cambridge Analytica's data use. In a statement to Damian Collins, chair of Digital Culture Media and Sport Committee, Facebook's head of public policy for the UK Rebecca Stimson outlined all the ways Facebook would change its course of action (like telling people if their data was misused). Essentially, it was a rehash of Zuckerberg's statement from last week. What Stimson didn't do though, was promise Zuckerberg would arrive as requested, instead listing possible deputies that may be sent to the hearings in his place.
Orbitz data breach exposed 880,000 payment cards
Orbitz announced today that it has discovered evidence of a data breach, making it just another of the many companies recently afflicted. Between October and December of last year, hackers may have accessed consumer data submitted to a legacy website between January 1, 2016 and June 22, 2016. Additionally, Orbitz partner platform data submitted between January 1, 2016 and December 22, 2017 may also have been breached. The company discovered signs of the breach on March 1st and estimates that approximately 880,000 credit cards may have been impacted. While social security numbers, passport and travel itinerary information don't appear to have been accessed, names, payment card information, dates of birth, phone numbers, email addresses, physical and billing addresses and gender may have been. However, Orbitz said that it doesn't have direct evidence that any of this information was actually stolen. Besides information brokers like Equifax, travel-related services have been juicy targets for hackers with tons of stored IDs -- hotel chains like Hyatt, Hilton and Intercontinental have all been hit.
UpGuard’s new security tool automatically spots firms' data leaks
Cybersecurity firm UpGuard discovered a lot of unintentionally exposed data last year. Among its findings were classified US Army and NSA data, 14 million Verizon customer records, personal information of nearly 200 million US citizens, Pentagon intelligence info, personal information of 1.8 million Chicago residents and intelligence data connected to intelligence contractor Booz Allen Hamilton. The company has repeatedly found sensitive data left exposed on unprotected servers and in all, it has discovered a massive sum of over 335 million records. But finding breaches can be a rather time-consuming process, which is why so many go undiscovered by the companies meant to be protecting the exposed data. However, UpGuard announced today that it's launching a service that automates the techniques the company's team has been using to hunt down data breaches, allowing its customers to spot exposed data in real time and secure them more rapidly.
