Items tagged with breach
Even though Newegg is one of the most popular destinations for enthusiasts looking to score the latest and greatest hardware for the gaming rigs, the retail giant is not immune to the nefarious actions of the hacker community. To that end, Newegg's website was hacked, and the parties responsible were able to inject 15 lines of credit card skimming code into the retailer's payments page. That code hid there, undetected, from August 14 through September 18 meaning if you made a purchase there between those dates, you need to be concerned. News of the attack comes from Yonathan Klijnsma, a threat researcher from RiskIQ. The injected code was able to steal credit card data from customers and sent...
Read more...
Last year, a hacker group was able to penetrate credit reporting agency Equifax and make off with information, including the social security numbers, of 143 million Americans. Only a few days after the hack, a ransom demand for the return of the information was made to the tune of $2.6 million in bitcoin via the dark web. Now it is believed that the hackers are also believed to have made off with other personal data about Americans including tax ID numbers and driver's license details. Other data leaked in the hack that we already knew about included names, birthdates, social security numbers, home addresses and driver's license numbers. Reports are now indicating that the hack exposed more data...
Read more...
OnePlus is currently in the midst of investigating a credit card payment processing breach on its website, and we're now learning the full scope of the vulnerability. As promised, and adhering to its commitment to providing full disclose, OnePlus says that anyone that entered their credit card details (card numbers, expiry dates and security codes) via oneplus.net between mid-November 2017 and January 11, 2018 may have been exposed. According to OnePlus, that means that as many as 40,000 customers are affected and could potentially begin seeing fraudulent charges on their credit cards (if they haven't already, like many other customers). The company is in the process of emailing customer that...
Read more...
Sometimes it feels as though nothing is safe from the prying eyes (and digital crowbars) of dedicated hackers. Single sign-on provider OneLogin has found this out the hard way, as its systems were breached this week, potentially exposing customer data."We detected unauthorized access to OneLogin data in our US data region," OneLogin disclosed in a blog posting this week. "We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to determine how the unauthorized access happened and verify the extent of the impact of this incident."This initial notice was frustratingly lacking in detail, and customers were left to...
Read more...
We’re used to hearing about civilians having their personal information compromised on a regular basis. However, it should be noted the U.S. military isn’t immune to such tomfoolery, as the Navy announced this week (right before a major holiday for obvious reasons) that “sensitive information” for over 134,000 sailors has been accessed. The failure point in this case was a compromised laptop that belonged to a contractor working for Hewlett Packard Enterprise (HPE). It is unclear at this point how, exactly when or where the laptop was accessed by a third-party. However, the end result is that data on exactly 134,386 sailors — both current and inactive — was compromised, including names and social...
Read more...
"Yahoo" is a positive word, but in relation to the internet giant, it's starting to feel like it could describe some of the company's key management. Yahoo has been dealing with some troubling issues, but most of those issues were self-created, such as failing to disclose a security breach which took place years ago, and building a custom tool for the U.S. government - and the NSA in particular - to scan user emails. Now, it's being reported that Yahoo's tool is in effect a sophisticated "hacking tool", although it's supposedly not that much different from Yahoo's preexisting tools used to seek out malware, child pornography, and spam. "Tool" might be the wrong word, though, as some experts...
Read more...
To call this a stressful time for Yahoo would be an understatement. As the company is in the process of being scooped up by Verizon, it's also dealing with the aftermath of what could become the largest security breach in all of history - at least in terms of users impacted. We reported last week that the company was slapped with a class action suit a mere day after it was discovered that upwards of 500 million user accounts were affected in a security breach. Today, an insider and former Yahoo exec claims that the real number could be double that - cue diabolical pinky finger to mouth: 1 billion (Or perhaps even higher). Yahoo's Marissa Mayer has a tough job on her hands right now This...
Read more...
Yahoo is the latest major US corporation dealing with the fallout of a data breach that happened two years ago. Some might say that Yahoo's heartburn is well-deserved, though, as the company could have handled things better back in the day, which would have led to a better outcome right now. As we covered on Thursday, Yahoo suffered a major breach back in 2014 that resulted in some 500 million user accounts having their information compromised. However, it's only just recently that users have learned of this, so that's the first major criticism of Yahoo but it goes deeper. Yahoo has said that the attack was caused by a "state-sponsored actor", which means the company could have exercised...
Read more...
It seems impossible for the world to go a single week without a major security breach, so to fill the inevitable void this week is a hacker that goes by the name "thedarkoverlord," who claims to be in possession of a staggering 655,000 healthcare records. Of course, he is looking to sell them off. This latest records leak was first reported by Deep Dot Web, which has exclusive images to prove that the leak is real (one can be seen below). These images were not sourced by the website; rather, thedarkoverlord himself provided the images, probably as a way to build up some notoriety, and to flaunt the fact that the records are for sale to those who might be interested. The records the leaker is...
Read more...
Hackers Out, Offer For Sale Private Info Of Over 1 Million Users Of Beautiful People Dating Web Site
It's beginning to look a lot like no website on Earth can be trusted with our important data, as attackers are attracted to any service that has a huge number of users. They're even attracted to websites that seek out attractiveness, apparently, as BeautifulPeople.com has had its mammoth user database stolen. Are you unsightly and want revenge? Good news! The database is for sale. As its name implies, BeautifulPeople.com is a site dedicated to hooking up good-looking blokes and gals. That makes it quite an exclusive site, especially thanks to the fact that you have to be approved by the community at large in order to gain access. Got a big nose? Overweight? Take a photo in bad light? Is your...
Read more...
Another day, another high-profile security breach. This time the breach occurred across the pond at British telecom giant TalkTalk. TalkTalk is the United Kingdom’s second largest “quadruple play” service provider (offering phone, TV, broadband Internet and mobile phone service) behind Virgin Media. Given its massive size and its millions of customers, TalkTalk was a prime target for cyberattackers, and unfortunately, the company made it all too easy for the breach to occur. TalkTalk reported today that it is working in conjunction with the Metropolitan Police Cyber Crime Unit after it experienced a “significant and sustained cyber attack” on Wednesday. TalkTalk has roughly four million customers...
Read more...
Jan Souček, a security researcher from Prague, has uncovered a vulnerability in the security of the iOS Mail application that nefarious types can deploy against users of the app to gain access to their iCloud passwords. The method published by Souček illustrates how an email can be sent to the hapless victim that uses HTML code that mimics the iCloud login pop-up window upon receipt. Then, after said victim has inadvertently tapped their iCloud password into the window's Password field and clicked OK, an email is sent back to the sender with that critical information. Specifically, the app vulnerability lies at the feet of a bug in the Mail app that prevents the HTML tag in e-mail...
Read more...
U.S. officials have long blamed North Korea for the digital attack that embarrassed Sony and nearly derailed The Interview late last year. But the idea that a tiny dictatorship could effectively censor a major movie studio in the United States hasn’t been sitting well with many. As unlikely as a successful North Korean cyberattack sounds, U.S. officials are sticking to the story and a report by The New York Times explains why they’re so sure: the National Security Agency has infiltrated North Korea’s networks for years. The NSA’s involvement might explain why President Obama was willing weigh in on the attack, which he was careful to characterize as “an act...
Read more...
Most of the time, when we hear about data breaches, it's because companies have either been compromised or failed to properly protect data. This time around, however, it's the United Postal Service in the limelight. Data on as many as 800,000 employees may have been stolen along with data on customers who called the USPS' various call centers between January and August of this year. USPS spokesperson David Partenheimer told Reuters that "The intrusion is limited in scope and all operations of the Postal Service are functioning normally." What appears to set this attack apart from most other intrusions is that the attackers apparently weren't interested in either identity theft or credit card...
Read more...
