Oracle has suffered a major data breach affecting its MICROS POS payments systems. The hack involved malicious code found on MICROS customer service systems. The malware allowed hackers to access customer login information. Early indications are that the attack originated in Russia. Oracle believes that individual transaction data was not compromised, but it is [...]
Yahoo is investigating the claims of a hacker that 200 million+ Yahoo account credentials and personally identifiable information have been backed and are for sale on the dark web. The hacker, who claims to also be associated with recent LinkedIn and MySpace data breaches, stated that the data is "most likely" from 2012. The hacker, [...]
Computerworld published an article describing a tiny device that can wirelessly hack point of sale and other magnetic-stripe based systems by sending malicious keyboard commands using a design vulnerability in those systems. Apparently a hotel room lock could be hacked within 18-30 minutes using the device. The device was inspired by "MagSpoof" which is a device that can [...]
It is a long-established fact that fraudsters follow the path of least resistance. Recent statistics back this up. CardNotPresent points out that according to the Card Fraud Control Benchmark Study from Auriemma Consulting Group, counterfeit card fraud dropped by 18% in the first quarter, largely due to the continuing rollout of EMV which requires multifactor authentication. The [...]
Resold/Repurposed computers and hard drives can be a rich source of confidential data for fraudsters
Data security firm Blancco Technology Group recently conducted an experiment whereby they purchased 200 used data drives, then conducted a forensic analysis to determine whether they contained confidential/personally identifiable information. The result? 67% contained personal information and 11% contained sensitive business data including emails, spreadsheets, social security numbers, strategic and planning information, and inventories. 36% showed [...]
MySpace announced this week that it was the target of a data hack, potentially involving 360 million accounts and over 400 million passwords. (Editorial comment: who knew that MySpace was still that relevant?) Most of the hacked credentials were created before 2013, giving some hope that the passwords are stale because they have been changed [...]
Nulled, a web community used by hackers to discuss their activities and market stolen data, has been hacked itself. The website indicates it is "temporarily down for unscheduled maintenance". Apparently the hacked information includes data on more than 400,000 users, purchase records of stolen information, and thousands of posts providing details about potentially illegal [...]
The popular productivity tool Slack allows teams to collaborate, communicate and share information. According to Slack's website, "everyone has a transparent view of all that's going on". But when Slack is integrated with file management tools like Google Drive, sensitive data can be exposed. That's exactly what happened in a recent incident within the U.S. General Services Administration [...]
Millions (or is that billions?) of login credentials hacked, setting the stage for increased identity theft, data breaches and system intrusions.
Initially reported by Hold Security's Alex Holden and expanded by Reuters, a Russian hacker claims to be in possession of over 1 billion account credentials including Google, Hotmail and Yahoo accounts. If true, this would likely be the largest user credentials breach in history. Google, Yahoo and the other providers are investigating but have not yet commented on [...]
April has been a tough month for data breaches. New report finds 85% of successful exploits are related to ten preventable vulnerabilities.
April is shaping up to be a big month for data breach revelations. High profile incidents include the BeautifulPeople dating site (1.1 million users compromised), Lifeboat gaming site (7 million accounts), essential oils seller doTerra (3 million customers) and Spotify (extent unknown), to name a few. The consequences are getting higher: states including Tennessee and Nebraska are [...]