The Information Commissioner’s Office is “making enquiries” into a major data breach at Carphone Warehouse in the UK.
The post ICO investigating major data breach at Carphone Warehouse in the UK appeared first on We Live Security.
Tag Archives: data breach
Indiana’s AG launches investigation into major data breach
Indiana’s Attorney General has launched an investigation into a data breach at Medical Informatics Engineering, which has affected up to 4 million people.
The post Indiana’s AG launches investigation into major data breach appeared first on We Live Security.
Is the Ashley Madison data breach worse than other data breaches?
Ashley Madison calls itself the “most famous website for discreet encounters between married individuals”. Now, the platform for infidelity and dating has been hacked and its user database of 40 million cheaters with their real names, addresses, financial records, and explicit information were stolen. Discreet is done.
Did the married Ashley Madison customers really think their extramarital activities could be discreet?
image: www.ashleymadison.com
The past months and years, Target was hacked, Home Depot, BlueCross BlueShield, and even the U.S. government was hacked and data of tens of millions of people were exposed. Wal-Mart, CVS, and Costco had to take down their photo service websites last week as they are investigating a possible data breach. News about new data breaches break every month, sometimes even every week. Just in May, the dating site AdultFriendFinder was hacked, and sensitive information about 3.5 million people was leaked. It shouldn’t come as a surprise to Ashley Madison users that this data breach happened. It was just a matter of time.
Avid Life Media (ALM), the owner of Ashley Madison, seems to have the same stance. In a statement to the media, published by Brian Krebs who first reported the hack, they said: “The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.”
Hackers holding ALM ransom
According to reports, a hacker group called “The Impact Team” seems to be behind this breach and they reportedly demand a ransom from ALM. The hacking group is threatening to expose “all customer records, including profile with all the customer’s secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails” if ALM does not take down Ashley Madison and their other casual dating platform, Established Men.
Moral reasons for the hack
In a document, The Impact Team explained its apparent moral motives behind the breach. Regarding the Ashley Madison users, they write “they’re cheating dirtbags and deserve no such discretion”, and describe Established Men as a “prostitution / human trafficking website for rich men to pay for sex.”
Furthermore, they call out ALM for misguiding its users by offering a “full delete” feature that will allegedly delete your payment and address details from its database for a fee of $19. The Impact Teams writes: “It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.” According to the hackers’ manifesto, ALM made $1.7 million in revenue alone with this feature in 2014.
How did The Impact Team get access to the data?
According to information revealed to Brian Krebs by ALM, it is likely that the data breach happened through somebody who internally had access to ALM’s technical systems, like a former employee or contractor.
As this data breach puts sensitive personal information at risk – is it worse than previous breaches, like the Target breach that exposed customer credit card numbers?
Jaromir Horejsi, Senior Malware Analyst at Avast said,
“From what we know about the technical circumstances of how this happened, it isn’t worse than other breaches. As a former employee or contractor might have been involved, this doesn’t sound like something that required a sophisticated hack. However, more sensitive personal data is involved, and that is what is making people shiver.”
On the other hand, if somebody is cheating on their spouse, they always are walking on thin ice and have to fear that their partner will find out about it some way or another. This is nothing new.
“What’s more sensitive in this case, is that address and financial data was revealed and therefore could be abused for identity theft,” Jaromir Horejsi added. “The personal data may be sold on hacking forums and later used for spamming the affected individuals. It also didn’t take long until the data from the AdultFriendFinder breach made its rounds on hacking forums. People should take this seriously. What users can learn from this is that any information shared online can be stolen. Just because things take place or at least start in the virtual world doesn’t mean that they have a lower impact on your real life. Users that may be affected should start monitoring their credit card statements for unusual activities and report them to their bank.”
In theory, it would also be possible for the hacker group to start blackmailing individuals – in this case it would be best for those affected to be upfront with their partner to take the wind out of the criminal’s sails. However, judging from the type of ransom the hacker group is demanding, this is rather unlikely – as their real goal seems to be to take down Ashley Madison and Established Men.
Follow Avast on Twitter where we keep you updated on cybersecurity news every day.
Possible Breach Results in Shutdown of Many Retail Photo Services
A potential data breach at a third-party provider has resulted in the shut down of retail photo-printing services at a number of chains, including CVS, Costco, Rite Aid, and several others. The breach reportedly hit PNI Digital Media, a Canadian company that provides the online photo platform for many retailers. The company was acquired by Staples […]
37 million relationship cheats could be exposed by Ashley Madison hack
The 37 million users of hacked infidelity site Ashley Madison are at risk of having their names and private details leaked, reports The Verge.
The post 37 million relationship cheats could be exposed by Ashley Madison hack appeared first on We Live Security.
Barclays compensates customers after personal data trove uncovered
Barclays bank is to pay out around £500,000 in compensation to 2,000 customers whose personal data was found on a USB stick in a flat on the south coast.
The post Barclays compensates customers after personal data trove uncovered appeared first on We Live Security.
Millions of records lost in huge OPM US data breach
The US Office of Personnel Management has admitted that the widely-publicised data breach in June was more wide-reaching than at first thought.
The post Millions of records lost in huge OPM US data breach appeared first on We Live Security.
Mr. Robot Review: Eps1.2d3bug.mkv
Elliot, Mr. Robot’s anti-hero cyber-security engineer by day and vigilante hacker by night, has been having a life-style crisis. In episode 3, Elliot longs to live what he calls a bug-free life, otherwise known as a regular person.
“Was he drinking Starbucks?”
However, he is quickly pulled back into F Society’s hold when emails exposed during the threatened data dump revealed that E Corp executives had knowledge about the circumstances which led to his father’s death. We will leave the intrigues and plot theories, especially if Mr. Robot is real or a figment of Elliot’s imagination, to the internet. Right now, let’s look at the hacks highlighted in this episode.
At minute 7:40, you see Elliot in the hospital after Mr. Robot had pushed him off the high wall they were sitting on in the previous episode. His psychiatrist, Krista, is in the hospital and explains that the police wanted to do a drug panel, but Elliot refused. Elliot admits he has been taking morphine. Krista says the only way she can approve his release from the hospital would be if he commits to a bi-monthly drug test. Elliot starts thinking about how he will get around this problem by hacking the hospital’s IT. The IT department is lead by one single person, William Highsmith, with a budget of just $7,000 a year. According to Elliot, he uses useless virus scans, dated servers and security software that runs on Windows 98. It’s one of the reasons why Elliot made that particular hospital his primary care facility, since he can easily modify his records to look average and innocent.
Stefanie: Wow, wouldn’t it be an unusual that a hospital would actually use old infrastructure and have little budget for their IT? I also found it a bit odd that they have just one IT guy, I mean healthcare data is REALLY sensitive and definitely one of the last things I would want to have accessed by hackers!
Walter Mego: Well, unfortunately, this situation is a very real in American hospitals. Last year, the Healthcare Information and Management Systems Society (HIMSS), reported that one out of five hospitals indicates that a lack of adequate financial resources was a barrier to the implementation of new technology, and another one fifth said that a lack of staffing resources was a barrier. In the same report, 20% of hospital IT leaders indicated their organization had experienced a security breach in the past year. Now, if you think about hackers like Elliot – you can imagine that some breaches probably go unnoticed. The real number of data breaches and hacks affecting healthcare institutions are most likely higher – scary, right?
We learn more about Angela’s boyfriend Ollie and his sticky situation. Last episode Ollie received a music CD that turned out to have malware on it. The infection that resulted gave an unknown hacker access to Ollie’s laptop webcam which he used to spy on him and Angela. The hacker tells Ollie he has photos of his mistress, Angela, and even Angela’s and her dad’s banking information and social security number. He threatens to blackmail Ollie if he does not spread the malware within Allsafe’s systems.
Stefanie: This part creeped me out, despite all of the crazy stuff we have seen so far on the show! First, let me ask: How easy is it for someone to hack your laptop’s webcam? I have heard tons of stories like this in the news, but I want to believe this isn’t as easy as it may be…
Walter Mego: Unfortunately, you are right to be creeped out and afraid. Webcam hacking is relatively easy and it’s not only built in laptop cameras that we have seen being hacked and streamed to other online, it’s also baby monitors with cameras and CCTV cameras. In terms of laptops, all hackers have to do is get you to install hacking software, which is often easier than people maybe think. In this episode, we see that Elliot hacked Shayla by obtaining her login credentials using a phishing scam. Phishing scams can also be used to trick people into downloading software and once a hacker has installed certain software on your laptop they can control your webcam to watch your every move and even record via your webcam. To prevent this, you should change your CCTV, baby monitor and external webcam’s passwords. If your laptop has a built in camera, you can simply cover it up with a post it, but you should really make sure you have antivirus installed on your computer and make sure it’s always up to date to catch malicious software.
Stefanie: The other part that also scared me about this situation was how the personal information the hacker collected not only affected Ollie, but Angela and her dad as well. Do you think people are aware of how much a hacker can do if they collect your personal information?
Walter Mego: Absolutely not. People often say “here, look at my phone, I have nothing to hide” or do not protect themselves while connected to open Wi-Fi, because they think their activities and data are uninteresting. I think people underestimate the value of the data on their devices. This is the perfect example of that and the hacker didn’t even steal any of Ollie’s money while hacking, he just gathered personal information. Granted Ollie was having an affair (not very cool of him), which was what Ollie was unhappy about having potentially exposed, the hacker also got a hold of Angela’s dad’s social security number, because her bank account was linked to her dad’s account – something Ollie probably wouldn’t have thought he had on his laptop. If you hack someone and collect enough valuable and personal information, I am sure you can blackmail anyone to a certain extent using that information.
At minute 35:25 we see Tyrell do some simple Instagram stalking and he finds out where Anwar, the CEO’s assistant, hangs out. After an encounter with Anwar, Tyrell does something to Anwar’s phone that gives him valuable information.
Stefanie: We see on the cell phone’s display that Tyrell is rooting Anwar’s device. Why do you think he does this?
Walter Mego: We are not entirely sure of Tyrell’s motives, but it’s likely he targeted Anwar to gain access to the name of the candidate for the CTO job that he wants. Tyrell uses a backdoor in Anwar’s Android device to install an app that could allow remote access. It’s not strictly necessary to root the phone – just gaining physical access to the phone is all he needed.
Can’t get enough of Mr. Robot? Watch Avast’s Hack Chat video series.
Every week we discuss the hacks on Mr. Robot, plus current cyberthreats, nostalgic web tech, and Tips & Tricks on how to protect yourself and your devices. Subscribe to our YouTube Hack Chat channel and don’t miss a single episode.
Shopping online just got a little more risky
One of the largest e-commerce platforms, Magento, has been plagued by hackers who inject malicious code in order to spy and steal credit card data or any other data a customer submits to the system. More than 100,000+ merchants all over the world use Magento platform, including eBay, Nike Running, Lenovo, and the Ford Accessories Online website.
The company that discovered the flaws, Securi Security, says in their blog, “The sad part is that you won’t know it’s affecting you until it’s too late, in the worst cases it won’t become apparent until they appear on your bank statements.”
Minimize your risk for identity theft when shopping online
Data breaches are nothing new. The Identity Theft Research Center said there were 761 breaches in 2014 affecting more than 83 million accounts. You probably recall the reports of Sony, Target, Home Depot, and Chic Fil A.
We have heard lots about what we as individual consumers can do to protect ourselves: Use strong passwords, update your antivirus protection and keep your software patched, learn to recognize phishing software, and be wary of fake websites asking for our personal information.
But this kind of hack occurs on trusted websites and show no outward signs that there has been a compromise. The hackers have thoroughly covered their tracks, and you won’t know anything is wrong until you check your credit card bill.
So how do you minimize the risk of online shopping?
- Use a payment service or your credit card– Experts agree that payment services like PayPal are safe because of their security practices and the encryption technology they use. Just don’t link it to your checking account. Link it to a credit card so you get your credit card’s fraud protections in addition to PayPal’s. If you only use a credit card, designate one card for online purchases so if something unusual happens, you don’t have to track down all your other cards.
- Keep a paper trail – Once you place your order, print or save records of the transaction. Check your credit card statement to make sure transactions match and there were no unauthorized charges.
- Avoid shopping while using public Wi-Fi – Unsecure public Wi-Fi hotspots do not give you any protection from hackers who want to monitor what you are doing online. It’s not difficult for someone to intercept and modify communications between you and another site. If you have to do it, then use a Virtual Private Network (VPN) so your communications will be encrypted.
What to do if you are caught in a data breach
- Get a new card – Either get a replacement card from the company or close your account.
- Change your passwords – If you have an account or have done business with any company that falls victim to a breach, then change your password ASAP. It’s a good idea to change all your passwords because hackers sell them to other cybercrooks.
- Monitor your bank and credit card statements – Don’t wait for your monthly statement to arrive in the mail. By then, a cybercrook could have done major damage. Check your online statement until your new card arrives. If you see any suspicious charges, report it immediately.
- Freeze your credit – you can request that your credit report be frozen from the three main credit bureaus; Equifax, Experian and TransUnion. This way, no one can access your credit report without your approval.
Eastern England councils in slew of data breach errors
A series of more than 160 data breaches have struck local authorities in Norfolk, Suffolk and Cambridgeshire over the past year, according to new reports.
The post Eastern England councils in slew of data breach errors appeared first on We Live Security.
