Tag Archives: Hacked

PlayStation suffers social media hack, possible data breach

Posted on August 23, 2017 | Leave a comment

PlayStation’s official social media accounts have been temporarily exposed, with the gaming company’s Twitter account showing messages from a hacking group who claim responsibility.

Screenshots of the tweets, posted on the morning of Monday 21 August, suggest that PlayStation Network databases were leaked, but this has neither been confirmed or denied by Sony.

The tweets have now been deleted by PlayStation, which quickly took back control of its social media. The messages, which allegedly came from a hacking group known as OurMine, directed readers to the group’s contact web page and called for PlayStation employees to get in touch.

The group pledges not to share the leaks, stating that it is a security organization.

OurMine is a security hacker group based in Saudi Arabia. According to its website, it is a White Hat group that looks to help companies protect their security by exposing vulnerabilities.

Its website states that the group can ‘help you secure your network, show you all available vulnerabilities, and fix them all.’ It also notes that it has the capability to crack anything from a social media account to an entire network.

While the only confirmed security breach so far has been on PlayStation’s social media accounts, the tweeted threat that database information has also been leaked is likely to worry Sony and its customer base.

It is not the first time that Playstation has suffered a breach. The gaming giant suffered a leak in 2011, in which personal details from 77 million accounts were compromised and caused Sony to turn off the Playstation Network for 23 days.

Following the breach, Sony faced criticism over the way it handled the leak and was slow to warn users.

Another high-profile entertainment breach was under the spotlight recently which saw HBO suffer an attack and the loss of 1.5 terabytes of data, including a script for hit show Game of Thrones.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged ,

Travel Giant Sabre Confirms Its Reservation System Was Hacked

Posted on July 6, 2017 | Leave a comment

Just two months ago, the Sabre Corporation announced that it had hired security firm Mandiant to investigate a possible hacking incident. Now the company has publicly announced the results of that investigation. An unauthorized third party breached Sabre systems and was able to access customer payment data.

That’s not great news, considering the Texas-based company processes reservations for around 100,000 hotels and more than 70 airlines worldwide to the tune of $120 billion. If there is a silver lining, it’s that Sabre says that only the Sabre Hospitality System — which handles bookings for hotels from both consumers and travel agents — data was compromised. A company spokesperson also confirmed to me that “less than 15 percent of the average daily bookings on the SHS reservation system were viewed” while the attackers had access.

An Intercontinental hotel in New York City.

It’s still a very significant breach, especially since both payment card information and reservation details were accessed. In some cases, that included the customer’s name, email address, phone number, and address.

Like most industries, the travel sector has had to deal with a steady rise in cyber attacks in recent years. In 2016, InterContinental Hotels Group reported that more than 1,000 of its properties had been hit with “malicious software designed to siphon customer debit and credit card data,” according to security expert Brian Krebs. Earlier in the year, HEI Hotels & Resorts reported a similar incident at some of its Hyatt, Marriott, Sheraton, and Westin locations.

On June 6, once Mandiant had concluded its investigation, Sabre began notifying payment card providers, partners, and customers. The company says that it “has enhanced the security around its access credentials and the monitoring of system activity to further detect and prevent unauthorized access.” Sabre has also set up a call center to handle inquiries about the breach.

 

Leave a comment

Posted in Cyber Security, Hacking, Security

Tagged , ,

Yahoo Says 1 Billion User Accounts Were Hacked

Posted on December 15, 2016 | Leave a comment

SAN FRANCISCO — Yahoo, already reeling from its September disclosure that 500 million user accounts had been hacked in 2014, disclosed Wednesday that a different attack in 2013 compromised more than 1 billion accounts.

The two attacks are the largest known security breaches of one company’s computer network.

The newly disclosed 2013 attack involved sensitive user information, including names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password. Yahoo said it is forcing all of the affected users to change their passwords and it is invalidating unencrypted security questions — steps that it declined to take in September.

It is unclear how many Yahoo users were affected by both attacks. The internet company has more than 1 billion active users, but it is not clear how many inactive accounts were hacked.

Yahoo said it discovered the larger hacking after analyzing data files, provided by law enforcement, that an unnamed third party had claimed contained Yahoo information.

Security has taken a back seat at Yahoo in recent years, compared to Silicon Valley competitors like Google and Facebook. Yahoo’s security team clashed with top executives, including the chief executive, Marissa Mayer, over the cost and customer inconvenience of proposed security measures.

And critics say the company was slow to adopt aggressive security measures, even after a breach of over 450,000 accounts in 2012 and series of spam attacks — a mass mailing of unwanted messages — the following year.

Yahoo has made a steady trickle of disclosures about the 2014 hacking, which it has been investigating with the help of federal authorities. The company said Wednesday that it now believes the attacker in that breach, which it says was sponsored by a government, found a way to forge credentials to log into some users’ accounts without a password.

Bob Lord, Yahoo’s chief information security officer, said in a statement that the state-sponsored actor in the 2014 attack had stolen Yahoo’s proprietary source code. Outside forensics experts working with Yahoo believe that the state-sponsored hackers used Yahoo’s code to access user accounts without their passwords by creating forged “cookies,” short bits of text that a website can store on a user’s machine. By forging these cookies, attackers were able to impersonate valid users, gaining information and performing actions on behalf of their victims. The company has not disclosed who it believes was behind the attack.

In July, Yahoo agreed to sell its core business to Verizon Communications for $4.8 billion. Verizon said in October that it might seek to renegotiate the terms of the transaction because of the hacking, which had not been disclosed to Verizon during the original deal talks.

After the latest disclosure Wednesday, a Verizon spokesman, Bob Varettoni, essentially repeated that position.

“As we’ve said all along, we will evaluate the situation as Yahoo continues its investigation,” he said. “We will review the impact of this new development before reaching any final conclusions.”

Mr. Lord said Yahoo had taken steps to strengthen Yahoo’s systems after the attacks. The company encouraged its users to change passwords associated with their Yahoo account and any other digital accounts tied to their Yahoo email and account.

In the hacking disclosed Wednesday, Mr. Lord said Yahoo believed an “unauthorized third party” managed to steal data from one billion Yahoo user accounts. Mr. Lord said that Yahoo had not been able to identify how the hackers breached Yahoo’s systems, but that the company believed the attack occurred in August 2013.

Changing Yahoo passwords will be just the start for many users. They will also have to comb through other services to make sure passwords used on those sites are not too similar to what they were using on Yahoo. And if they were not doing so already, they will have to treat everything they receive online, such as email, with an abundance of suspicion, in case hackers are trying to trick them out of even more information.

Yahoo recommended that its customers use Yahoo Account Key, an authentication tool that verifies a user’s identity using a mobile phone and eliminates the need to use a password on Yahoo altogether.

Security experts say the latest discovery of a breach that happened so long ago is another black mark for the company. “It’s not just one sophisticated adversary that gets in,” said Ben Johnson, co-founder and chief security strategist at Carbon Black, a security company. “Typically companies get compromised multiple times due to the same vulnerability or employee culture.”

Mr. Johnson added that the scale of the breaches is only increasing as companies store more and more troves of information in similar databases. “When you have these huge databases of information, it’s millions — and now billions — of accounts lost,” he said.

Leave a comment

Posted in Cyber Security, Data Breach, Forensic, Hacking

Tagged , ,

Google accounts hit with malware — a million and growing

Posted on December 1, 2016 | Leave a comment

86 apps available in third-party maketplaces can root 74 percent of Android phones.

android-security-640x461
More than a million Google accounts have been hit by malicious software, a security firm said on Wednesday.

More than a million Google accounts have been hit by malicious software, a security firm said on Wednesday.

Check Point said in a blog post that the attack campaign, known as Gooligan, is expanding to an additional 13,000 devices a day. It’s malware that infects devices and steals their authentication tokens to breach data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and other programs.

The malware attack is said to be the biggest single theft of Google accounts on record, according to Forbes. But the reason for the attack may not be what you’d expect. It’s not to grab personal information from the accounts of Google users. Instead, it’s to force them to download apps that are part of an advertising fraud scheme that makes up to $320,000 a month, Michael Shaulov, head of mobile and cloud security at Check Point, told Forbes.

Google responded to a request for comment with a link to its blog post about the attack. In the post, Google said it has found no evidence that Gooligan has accessed user data or that specific groups of people have been targeted. “The motivation…is to promote apps, not steal information,” Google said.

The episode comes at a time when cyber attacks have been a high profile problem, hitting everyone from internet giants to the Democratic National Committee. In September, Yahoo suffered what is believed to be the biggest cyber attack in history, in which hackers swiped information from more than half a billion accounts. And in July, the White House said it believed Russia was behind hacks of the DNC.

Gooligan belongs to a family of malware called Ghost Push. It features a Trojan horse type of attack, in which the malicious software poses as legitimate apps for Android smartphones and tablets. Names of the malicious apps include StopWatch, Perfect Cleaner and WiFi Enhancer, according to The Wall Street Journal. Once installed, these apps automatically install other apps, some of which can steal usernames and passwords to post fake reviews.

Those downloads and reviews apparently feed into the hackers’ ad fraud scheme. The hackers have run ads in those forcibly downloaded apps, so every click or download helps the hackers make money, Forbes reported.

Check Point said Gooligan is a variant of an Android malware campaign found by researchers in the SnapPea app last year.

The Gooligan apps come from third-party app stores or websites, instead of the Google Play store, where the company has more authorization over apps. But Check Point said some apps that Gooligan downloads without permission can be found on the Play store.

Google said it has removed those apps from the Play store.

People who are worried that their Google accounts may be compromised can consult the Check Point website.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged , ,

U.S. Voter Registration Database for Sale

Posted on July 22, 2016 | Leave a comment

Trump
As if we do not already have enough to worry about in the upcoming U.S. election, now hackers have access to the entire U.S. Voter Registration database.  A seller going by the handle “DataDirect” on TheRealDeal market is offering to sell the voter database for .5 Bitcoin or about $330 USD per state.  DataDirect is offering a value pack if you buy all 50 states for 12 Bitcoin.

Voters

TheRealDeal is a DarkNet marketplace selling everything from drugs to exploit code.

The first questions you might ask are “What would someone do with the data?” and “Why would they want it?”  First, let’s take a look at what data is being offered.  Below is a sample.

Code

With this data, any number of a targeted scams could be run.  Marketers or criminals would know the name, address, date of birth, party affiliation, and if they are an active voter.

Is the data legit?

It is hard to know for sure if the data is legitimate.  The only way to know would be to pay and download the data.  From the sample data, it certainly looks like the real deal.  The sample data is not redacted on the site, and the name checks out as an actual person in California.

Where did the data come from?

In December 2015, Chris Vickery, a security researcher, claimed to have found 191 million US voter records.  He claimed there was no security needed to access the data, no password or other authentication needed at all.  At the time, Chris made attempts to get authorities to close the open door, but couldn’t get anyone to take responsibility. It is uncertain if the U.S. Voter Registration data was downloaded from the same source in December or if it was stolen from a political party or government agency’s server.

Every day we hear of a new database being offered for sale on the DarkNet.  This same seller is also offering a Thompson Reuters World-Check (2.4 million records) database and an Orastream.com (126,000 entries) user database.  Seller “thedarkoverlord” has two healthcare databases for sale from Farmington, Missouri (48,000 patients) and Atlanta, Georgia (397,000 patients).

The DarkNet, Bitcoin, and markets like TheRealDeal make it possible for criminals to continue to profit in anonymity and without repercussions. Good work if you can get it, and don’t have a conscience.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged ,

FDIC was hacked by China, and CIO covered it up

Posted on July 19, 2016 | Leave a comment

 

800px-FDIC_Seal_by_Matthew_Bisanz-640x338A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of the FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities and were only brought to light after an Inspector General investigation into another serious data breach at the FDIC in October of 2015.

The FDIC failed at the time of the “advanced persistent threat” attacks to report the incidents. Then-inspector general at the FDIC, Jon Rymer, lambasted FDIC officials for failing to follow their own policies on breach reporting. Further investigation into those breaches led the committee to conclude that former FDIC CIO Russ Pittman misled auditors about the extent of those breaches and told employees not to talk about the breaches by a foreign government so as not to ruin FDIC Chairman Martin Gruenberg’s chances of confirmation.

The cascade of bad news began with an FDIC Office of the Inspector General (OIG) investigation into the October “Florida incident.” On October 23, 2015, a member of the Federal Deposit Insurance Corporation’s Information Security and Privacy Staff (ISPS) discovered evidence in the FDIC’s data loss prevention system of a significant breach of sensitive data—more than 1,200 documents, including Social Security numbers from bank data for more than 44,000 individuals and 30,715 banks, were copied to a USB drive by a former employee of FDIC’s Risk Management Supervision field office in Gainesville, Florida. The employee had copied the files prior to leaving his position at the FDIC. Despite intercepting the employee, the actual data was not recovered from him until March 25, 2016. The former employee provided a sworn statement that he had not disseminated the information, and the matter was dropped.

However, Gruenberg told Science, Space and Technology Committee Chairman Rep. Lamar Smith (R-Texas) in a February letter about the breach that only about 10,000 “individuals and entities” were affected by the leak and that the former employee was cooperative. That claim was contradicted by the FDIC’s Office of the Inspector General after it used that breach for an audit of the FDIC’s security processes—indicating that the actual number was several times larger and that there were other breaches that had not been reported. One of those was a similar breach in September when a disgruntled employee in New York left with a USB drive containing the SSNs of approximately 30,000 people. That breach had been glossed over by the FDIC’s CIO, Lawrence Gross, and had only been mentioned in an annual Federal of Information Security Management Act (FISMA) report, despite its classification as a “major” breach. This was in addition to a similar, reported breach in February when another departing employee in Texas “inadvertently and without malicious intent” downloaded 44,000 records.

Then in May, the FDIC “retroactively reported five additional major breaches” to the committee, according to the report. Only after a Congressional hearing on those breaches did the FDIC offer credit monitoring services to the more than 160,000 individuals whose personal information was included in the data leaked.

The committee’s report accuses Gross—who took over in 2015 after former FDIC CIO Barry West disappeared on “administrative leave” in June of last year for unknown reasons—of creating a “toxic workplace” for FDIC’s IT team and of sabotaging efforts to improve the agency’s security footing. Nearly 50 percent of FDIC employees can use portable storage devices such as USB drives or portable disk drives, and the only thing assuring the FDIC that data was not being disseminated by former employees are signed affidavits. Gross is also the driving force behind an initiative to purchase 3,000 laptops for FDIC employees, arguing that laptops are more secure than desktops.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged ,

Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

Posted on June 10, 2016 | Leave a comment

Twitter copy

The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace.

However, these are only data breaches that have been publicly disclosed by the hacker.

I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released.

The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter.

Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).

LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com last week.

The database includes usernames, email addresses, sometimes second email addresses, and plain-text passwords for more than 32 Million Twitter accounts.

Twitter strongly denied the claims by saying that “these usernames and credentials were not obtained by a Twitter data breach” – their “systems have not been breached,” but LeakedSource believed that the data leak was the result of malware.

“Tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” LeakedSource wrote in its blog post.

But, do you remember how Facebook CEO Mark Zuckerberg Twitter account was compromised?

The hackers obtained Zuck’s account credentials from the recent LinkedIn data breach, then broke his SHA1-hashed password string, tried on his several social media accounts and successfully hacked Zuckerberg’s Twitter and Pinterest account.

So, one possibility could also be that the alleged Twitter database dump of over 32 Million users is made up of already available records from the previous LinkedIn, MySpace and Tumblr data breaches.

The hacker might just have published already leaked data from other sites and services as a new hack against Twitter that actually never happened.

Whatever the reason is, the fact remain that hackers may have had their hands on your personal data, including your online credentials.

So, it’s high time you changed your passwords for all social media sites as well as other online sites if you are using the same password.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Public Cloud

Tagged ,

5 Ways to Keep your Domain Name Safe from Being Hacked

Posted on March 23, 2016 | Leave a comment

http_Hack

The proliferation in the number of people using the internet had led to a significant number of new websites and blogs popping up every day. The huge platform for sharing views and personal opinion about anything or host content that one deems suitable to share, casual users today have understood how good a business owning a website or even a personal blog can be.

However, although many people easily set up their own website or blog, there are hardly any who are knowledgeable enough in protecting their domains from hackers once they become the legal registrants of domains. Today, we discuss this issue to help owners of personal blogs and small websites.

How to protect your domain from hackers

The following methods can be used to protect your domain from the attacks of hackers:

1. Activity alerts

This is similar to receiving notifications about your Facebook activity. Whenever an activity is performed using your domain account, you can get a notification. Many good domain registrars provide this feature free of cost. This is a good way to keep track of any unauthorized activity on your domain account.

2. Make sure writeable and executable files and directories are not in web root

Not doing so basically means that any unauthorized user can access readable and/or writeable directories or archives. This is as easy as it can get for hackers to exploit non-secured scripts to run or place data on your web hosting account.

3. Keep your domain locked

Enabling your domain registrar’s lock is a simple yet effective way to prevent illicit third-party domain transfer request. Such domain transfer requests are frequently used to steal domains. Simply enabling domain registrar lock can prevent your domain from falling prey to this malicious practice.

4. Do away with unwanted Directories, Scripts, and Subdomains

It is a common mistake by website owners to leave old and less used directories and scripts on their website. The gravity of this mistake cannot be emphasized on enough. This is because hackers can use this information for the purpose of hacking into your website. Therefore, it is important that you routinely chunk out files and directories that you no longer need or use.

5. Use strong and complex passwords

All accounts that require security are secured by passwords, but users can be so naïve as to use passwords that can be guessed easily to protect their sensitive information. This is a textbook mistake, one which hackers never get tired of exploiting. Always, ALWAYS, use passwords that are a combination of letters and numbers and are not short in length. Also, make it a practice not to use common English words as your passwords, for there are a lot of password cracking tools that crack passwords quickly because the password includes common words.

Conclusion

A lot of people are victimized by hackers by stealing or hacking their domain names. It is most important to pay close attention to your domain’s security, especially when your blog or website becomes really popular. With the help of this article and perhaps a little more research on the matter, you will be much more secure than you previously were (if not using these methods already) against hackers.

Leave a comment

Posted in Data Breach, Encryption, Forensic, Hacks

Tagged , ,