Oracle has suffered a major data breach affecting its MICROS POS payments systems. The hack involved malicious code found on MICROS customer service systems. The malware allowed hackers to access customer login information. Early indications are that the attack originated in Russia. Oracle believes that individual transaction data was not compromised, but it is [...]
Yahoo is investigating the claims of a hacker that 200 million+ Yahoo account credentials and personally identifiable information have been backed and are for sale on the dark web. The hacker, who claims to also be associated with recent LinkedIn and MySpace data breaches, stated that the data is "most likely" from 2012. The hacker, [...]
Resold/Repurposed computers and hard drives can be a rich source of confidential data for fraudsters
Data security firm Blancco Technology Group recently conducted an experiment whereby they purchased 200 used data drives, then conducted a forensic analysis to determine whether they contained confidential/personally identifiable information. The result? 67% contained personal information and 11% contained sensitive business data including emails, spreadsheets, social security numbers, strategic and planning information, and inventories. 36% showed [...]
MySpace announced this week that it was the target of a data hack, potentially involving 360 million accounts and over 400 million passwords. (Editorial comment: who knew that MySpace was still that relevant?) Most of the hacked credentials were created before 2013, giving some hope that the passwords are stale because they have been changed [...]
Nulled, a web community used by hackers to discuss their activities and market stolen data, has been hacked itself. The website indicates it is "temporarily down for unscheduled maintenance". Apparently the hacked information includes data on more than 400,000 users, purchase records of stolen information, and thousands of posts providing details about potentially illegal [...]
The popular productivity tool Slack allows teams to collaborate, communicate and share information. According to Slack's website, "everyone has a transparent view of all that's going on". But when Slack is integrated with file management tools like Google Drive, sensitive data can be exposed. That's exactly what happened in a recent incident within the U.S. General Services Administration [...]
Millions (or is that billions?) of login credentials hacked, setting the stage for increased identity theft, data breaches and system intrusions.
Initially reported by Hold Security's Alex Holden and expanded by Reuters, a Russian hacker claims to be in possession of over 1 billion account credentials including Google, Hotmail and Yahoo accounts. If true, this would likely be the largest user credentials breach in history. Google, Yahoo and the other providers are investigating but have not yet commented on [...]
April has been a tough month for data breaches. New report finds 85% of successful exploits are related to ten preventable vulnerabilities.
April is shaping up to be a big month for data breach revelations. High profile incidents include the BeautifulPeople dating site (1.1 million users compromised), Lifeboat gaming site (7 million accounts), essential oils seller doTerra (3 million customers) and Spotify (extent unknown), to name a few. The consequences are getting higher: states including Tennessee and Nebraska are [...]
As detailed in this American Banker article, an FDIC employee who was leaving the agency copied over 40,000 records with PII onto a portable drive. Although technically a data breach, the intent was apparently innocuous as the employee was copying various personal photos and other files (which probably shouldn't be on an FDIC work computer) on [...]
Massive Turkey data breach affects nearly half of its citizens, is nearly double the size of the 2015 U.S. OPM breach
Yesterday's report of a massive data breach involving nearly half of the citizens of Turkey is the latest in a series of hacks designed to make a political or philosophical point. In this case, the hacker (or "hacktivist") apparently had a beef with the Turkish government, although financial gain may also have been an objective. While the [...]