Items tagged with data breach

It would seem that not even GoDaddy can keep all the children of the internet behaving as they should. The very popular internet domain registrar and web hosting giant announced yesterday that its security was compromised last week. GoDaddy announced yesterday that it had discovered on November 17th there was an unauthorized third-party that had gained access to its Managed WordPress hosting environment. The actual security breach began on September 6, 2021 where the unauthorized party used a vulnerability to gain access to customer information. Once identified, GoDaddy launched an investigation with the help of an IT forensics firm and contacted law enforcement. The customer information that... Read more...
Last week saw its share of data breaches and leaks, and Twitch was by no means spared from it all. Today, however, Twitch downplayed the massive security breach it was hit with, insisting on its blog that the damage only affected a small fraction of its users, with not much compromised. The Twitch data breach left content creators and viewers scrambling to reset their passwords and stream keys. It was not clear how much data had actually been accessed at that time, so users were also encouraged to enable two-factor authentication (2FA). Many people had legitimate cause for concern as not only was their personal information at risk, but also their credit card and/or ACH/bank information. Not too... Read more...
This week has seen its share of headlines concerning data breaches and leaks. Late last night Twitch reported on its blog page that its data breach was "due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.”" They went on to say that they are working with urgency to investigate the incident. It is interesting to note that Facebook also blamed its recent outage this week on server configuration changes. Many Twitch users woke up Wednesday, Oct. 6th, to reports that Twitch had been hacked and 125GB of data had been leaked. Twitch later confirmed those reports on its Twitter feed saying in part, "We can confirm a breach has taken... Read more...
Getting fired from a job is something that many people have dealt with at some point and can be devastating emotionally and financially. Some people take being fired in stride and move on to the next venture, while others go off the deep with violence or other criminal acts. Such is the case of Juliana Barile, an employee for a New York Credit Union working remotely due to COVID-19 restrictions. She had access to credit union systems via her work-issued username and password. Although her dismissal details weren’t provided in court documents [PDF], Barile was fired on May 19th, 2021. At that time, someone should have revoked her access to credit union systems, but this action was not taken... Read more...
T-Mobile came under fire after a recent data breach exposed the private data of nearly 50 million customers. Shortly after the attack was made public, T-Mobile issued a boilerplate public response confirming many of the incident's details. "We take our customers' protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack," said T-Mobile in a post to its website last week. "While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve." Now, CEO... Read more...
Earlier this week, it was alleged that T-Mobile suffered a devastating data breach that resulted in the leak of personal data from over 100 million customers. Today, T-Mobile confirmed the breach, but the number of affected individuals is less than half of what was previously reported. The confirmed 47 million records is still a significant number, as it represents nearly half of the 104 million customers that T-Mobile claimed during its Q2 2021 earning report. "Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals," said T-Mobile in a statement posted to its website. "We also began coordination with law enforcement as our forensic investigation... Read more...
It looks as though Facebook isn't the only online platform dealing with the fallout from a massive user data breach. Following reports of a data breach that includes information from 500 million LinkedIn users, officials for the company today confirmed those findings. According to a new report, hackers scraped the site's user data and are currently offering the ill-gotten goods up for sale. According to the report, 2 million records have been provided as a proof-of-concept, while the remaining profiles have a comparatively low [and undisclosed] four-digit price tag. Data obtained from this most recent scraping campaign include users' full names, email addresses, phone numbers, workplace information,... Read more...
The internet is a place where it's difficult to trust anything that anyone says. A recent case of more than a handful of VPN providers who claim to keep no logs of their user's activity, yet leaked activity logs, highlights that you can't trust anyone online. As it turns out, the seven VPN providers were logging user activity, and those logs have now leaked onto the internet. The first logs discovered were from a company called UFO VPN. UFO VPN had an unsecured Elasticsearch cluster that left the log files facing the public internet for anyone to discover. The logs were found by Bob Diachenko from a company called Comparitech. The records contained copious amounts of data on UFO VPN users, including... Read more...
Nearly two years ago, OnePlus announced that it had experienced a security breach that resulted in the credit card details of roughly 40,000 customers being stolen. "We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit," wrote the company at the time. "All these measures will help us prevent such incidents from happening in the future." Now, OnePlus is reporting that it has experienced yet another security incident, and this time the company says that personal information from some of its users was accessed by an "unauthorized party". OnePlus is not naming this third-party company/vendor,... Read more...
MoviePass members have reason to be concerned with the service. A security researcher from SpiderSilk named Mossab Hussein has announced that he found a major flaw in MoviePass servers. The flaw exposed a database that contained 161 million records and it is still growing in real-time. The researcher says the many of the messages in the database were routine computer-generated logging messages. However, many of the entries included sensitive user information like MoviePass customer card numbers. MoviePass customer cards are like debit cards and are issued by MasterCard. TechCrunch reports that it reviewed 1,000 entries from that log and a bit over half of them contained MoviePass customer... Read more...
Hacks are happening all the time with some giving information on user accounts like the Flipboard hack we talked about recently. Other hacks are much grander in scale, like the attack against the city of Baltimore that resulted in most of the cities systems being locked out. Another significant hack has happened, and this one is a hack of a hotel management company that backs some of the largest hotel chains in the world. The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations. The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels. The... Read more...
It is time to unleash your inner Boba Fett. Facebook just announced a bounty program that will award people who uncover data abuses. The program offers up to $40,000 USD for substantiated cases. Facebook's chief security officer, Alex Stamos stated that the bounty program “Will help us find the cases of data abuse not tied to security vulnerability. ... This will cover both hemispheres, and help surface more cases like Cambridge Analytica so we can know about it first and take action.” Before you start counting your coin, it is important to note that the bounty program has very specific requirements. Facebook is looking for “any situation where data that was legitimately collected... Read more...
Under Armor is a big name in the athletic clothing world. In addition to clothing, the company also has an app that is meant to allow people to track their food intake and nutrition to help get fit (and stay) fit. The app is very popular with users on iOS and Android, but it has suffered a major data breach. Under Armour has notified users that the MyFitnessPal app team became aware that an unauthorized third party had acquired data associated with user accounts for the app and website. That unauthorized access happened in late February 2018 and Under Armor states "The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the... Read more...
Computer hackers accessed personally identifiable information and financial details belonging to around 1,400 University of Virginia workers as part of an email phishing scam, the University announced. An internal investigation determined that the culprits first accessed the stolen records in early November 2014 and continued to pluck private data up through early February 2015. The phishing emails were successful in tricking an untold number of recipients with access to the University's Human Resources system into coughing up their usernames and passwords. Once the hackers had the necessary login details, they were able to access W-2 forms of around 1,400 of the University's more than 20,000... Read more...
T-Mobile CEO John Legere is ticked off and with good reason. Experian, which just so happens to process credit applications for T-Mobile, reported today that it was hit with a massive database breach. Experian describes the incident as an “unauthorized acquisition of information from a server” that contained “some personally identifiable information for approximately 15 million [T-Mobile] customers.” So what information were these “unauthorized” people able to obtain? Well according to Experian, personally identifiable information including names, date of birth, and social security numbers were obtained. Other identifiable information such as driver license numbers were also slurped up. Luckily,... Read more...
The parade of banks, insurance companies and retailers that have suffered data breaches has caused many people to store their passwords with sites like LastPass. The security company creates a unique password for each of the user’s logins and provides access to those passwords via a single, master password.Now, LastPass is admitting that at least some of its data has been comprised. The company believes that its customers are not vulnerable, but it concedes that email addresses and authentication hashes are among the data affected. Password reminders and server per user salts were also comprised. “In our investigation, we have found no evidence that encrypted uer vault data was taken, nor that... Read more...
After what's being described as a "massive data breach" at Global Payments, Visa has decided to part ways with the payment processor and try its luck elsewhere, Global Payments CEO Paul Garcia said, according to a report in the Associated Press. MasterCard, meanwhile, is either willing to give Global Payments the benefit of the doubt that this was a one-time snafu, or hasn't yet announced plans of its own to the ditch the payment processor. Garcia described the situation as being "absolutely contained" at this point, however as many as 1.5 million credit cards across the United States may have been affected. Compromised data includes credit card numbers, but not identifying information such as... Read more...
As you head into the weekend getting ready to party and celebrate the end of another long and grueling work week, take some time to keep tabs on your MasterCard and Visa accounts. If you don't, you could be in for a rude awakening when you go to pay for drinks and find out that your card has been declined. At issue here is a what's being described as a "massive" data breach at a U.S.-based credit card processor, according to KrebsOnSecurity.com.Visa and MasterCard have both been sending out non-public alerts giving banks a heads up that specific cards -- possibly more than 10 million -- may have been compromised recently. Image Source: Flickr (philcampbell) A spokesman for MasterCard told The... Read more...
Googling your own name might not be such a narcissistic activity after all; in fact, it just must save you from identity theft. At least that's what Kevin Andreyo, a Wilkes University professor, discovered when he used the "deep web" search engine, Pipl, to see what information about him might be publicly available on the Internet. What he found was a link to a document that not only included his Comcast user name and password, but the document also included what appeared to be the user names and passwords of over 8,000 other Comcast customers. Andreyo was inspired by the March 10, People Search Engines: They Know Your Dark Secrets... And Tell Anyone, PC World article, to do a little sleuthing... Read more...
On what many Americans consider a day of change, here we go again with more of the same: a massive data breach involving Heartland Payment Systems, a credit card payment processor, that was announced on Tuesday. First, the good news: no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Neither was any check processing data. Now for the bad news: since they were alerted to suspicious activity by Visa and MasterCard, tens of millions of credit and debit card numbers or transactions may have been affected. Wonderful. In a press release Robert H.B. Baldwin, Jr., Heartland's president... Read more...
It all started with a snipped on page A23 of Thursday’s Washington Post, which notified the public that the McCain-Palin campaign was going to sell off its used office inventory at low prices. Then, it turned into a high-tech slip-up in which the campaign headquarters accidentally sold an information-ridden BlackBerry to a Fox reporter. Although the sale didn’t look like much when reporter Tisha Thompson arrived at the sale, she did find BlackBerry smartphones going for just $20 apiece. All of the batteries had died, and there weren’t any chargers for sale, but Thompson bought a couple anyway.When she returned to the office and charged up one of the dead BlackBerries, Thompson found more... Read more...
Earlier this week we reported on Scotland's Sunday Herald's claim that the Best Western hotel group was hit with the world's largest known data breach of eight million people's sensitive information, as well as Best Western's adamant denial. Even if the Sunday Herald story turns out to be true, the Best Western data breach would no longer hold the title of the world's largest known data breach. That record now goes to the Bank of New York (BNY) Mellon, which "lost" the sensitive information of 12.5 million customers. The BNY Mellon data breach itself is not new news. As documented in the Identity Theft Resource Center's ITRC Breach Report 2008, on February 27, 2008, BNY Mellon gave "an unencrypted... Read more...
1 2 Next