The Data Breach Thread

[Max Peck]

Evidence points to another Snowden at the NSA

Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents. So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations. In December 2013, another highly secret NSA document quietly became public. It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network Technology (ANT) catalog, it consisted of 50 pages of extensive pictures, diagrams and descriptions of tools for every kind of hack, mostly targeted at devices manufactured by U.S. companies, including Apple, Cisco, Dell and many others. Like the hacking tools, the catalog used similar codenames. Among the tools targeting Apple was one codenamed DROPOUTJEEP, which gives NSA total control of iPhones. "A software implant for the Apple iPhone,” says the ANT catalog, “includes the ability to remotely push/pull files from the device. SMS retrieval, contact-list retrieval, voicemail, geolocation, hot mic, camera capture, cell-tower location, etc.” Another, codenamed IRATEMONK, is, “Technology that can infiltrate the firmware of hard drives manufactured by Maxtor, Samsung, Seagate and Western Digital.”

[Isgrimnur]

Eddie Bauer

Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach. The acknowledgement comes nearly six weeks after KrebsOnSecurity first notified the clothier about a possible intrusion at stores nationwide.
...
“While not all transactions during this period were affected, out of an abundance of caution, Eddie Bauer is offering identity protection services to all customers who made purchases or returns during this period,” the company said in a press release issued directly after the markets closed in the U.S. today.

[Max Peck]

Russians suspected in hack of New York Times, other U.S. media

The FBI and other U.S. security agencies are investigating cyber breaches targeting reporters at the New York Times and other U.S. news organizations that are thought to have been carried out by hackers working for Russian intelligence, CNN reported on Tuesday, citing unnamed U.S. officials. "Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said," CNN said. Reuters could not immediately confirm the report. The FBI declined to comment, and representatives for the U.S. Secret Service, which has a role in protecting the country from cyber crime, did not immediately reply to a request for comment. The intrusions were detected in recent months, according to CNN. Citing the U.S. officials, it said the Times had hired private security investigators to work with national security officials in assessing the breach. Representatives for the Times could not be immediately reached for comment.

News of the cyber attack comes amid a wave of similar attacks targeting major U.S. political parties that have surfaced in recent weeks ahead of the Nov. 8 presidential election. The Democratic National Committee, Democratic presidential candidate Hillary Clinton's campaign and the party's congressional fundraising committee have all been affected. Hackers have also targeted the computer systems of Republican presidential candidate Donald Trump and Republican Party organizations, sources have told Reuters. If confirmed, the breach at the Times would not be the first time foreign hackers infiltrated a news organization: media are frequently targeted in an order to glean insights into U.S. policies or to spy on journalists. In 2013, a group of hackers known as the Syrian Electronic Army also attacked Times and other media outlets. Chinese attackers also infiltrated the Times that year.

[Isgrimnur]

Don't trust Russian hackers:

Often, in war, mistakes are made. Sometimes, in Russia’s information war against the West, mistakes are made and then published for all the world to see.

That seems to be what happened when two supposedly independent hacking groups, believed by security experts to have ties to the Kremlin, posted the same documents stolen from a philanthropy run by George Soros. But the hack included a twist: Some of the documents taken by one group were altered in a bid to try and link Soros to Russian anti-corruption activist Alexei Navalny, revealing how hackers likely working for Moscow are editing documents to smear their victims.

After hackers broke into a system for sharing documents at Soros’ Open Society Foundations, material describing the organization’s work in Russia appeared on two different sites: in November on the web platform of CyberBerkut, a pro-Russian hacking group that opposes Ukraine’s current government, and in June on DCLeaks.com, a website that hosts purloined documents and is believed by security researchers to be a Russian project.

Among the documents posted, at least three appear on both sites. The documents posted by CyberBerkut have been edited to try and show that Open Society provides significant financial support to Navalny.

CyberBerkut edited one budget document to include a line describing a grant to Navalny’s Foundation for Fighting Corruption to the tune of either $240,000 or $122,000 — CyberBerkut’s editors managed to put two different amounts on the same budget line. In another document titled, “Russia Project Strategy, 2014-2017,” Berkut added the name of Navalny’s foundation to a paragraph describing the lack in Russia of “institutions that focus analytically on issues of policy relevance.” By adding the Foundation for Fighting Corruption to that paragraph, Berkut falsely implied that Navalny’s group received financial support from Open Society. And Berkut edited a third document, which describes how Russian NGOs are complying with the country’s harsh laws governing civil society groups, to claim that Navalny receives support from Yandex, a Russian Internet services firm that competes with Google.
...
The Kremlin, Navalny wrote in an email to Foreign Policy, “really likes that type of tactics: posting fake documents among real hacked documents.” The goal, he wrote, is to create a mess for the opposition.
...
By claiming that Navalny received financial support from Soros, hackers with apparent connections to Russian security services were attempting to tie Russia’s most outspoken and prominent dissident to one of the Kremlin’s biggest enemies. And by claiming that Open Society funds Navalny’s work, which has in recent weeks leveled explosive and well-documented corruption allegations at senior Kremlin officials, the hackers sought to smear Soros’s work, essentially accusing him of meddling in internal Russian politics.

The “focus of discussion is switched from ‘Putin’s corruption’ to ‘opposition and its shadow money,'” Navalny said.

[Isgrimnur]

Voter databases

The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.

Those concerns prompted Homeland Security Secretary Jeh Johnson to convene a conference call with state election officials on Aug. 15, in which he offered his department’s help to make state voting systems more secure, including providing federal cyber security experts to scan for vulnerabilities, according to a “readout” of the call released by the department.

Johnson emphasized in the call that Homeland Security was not aware of “specific or credible cybersecurity threats” to the election, officials said. But three days after that call, the FBI Cyber Division issued a potentially more disturbing warning, entitled “Targeting Activity Against State Board of Election Systems.” The alert, labeled as restricted for “NEED TO KNOW recipients,” disclosed that the bureau was investigating cyberintrusions against two state election websites this summer, including one that resulted in the “exfiltration,” or theft, of voter registration data. “It was an eye opener,” one senior law enforcement official said of the bureau’s discovery of the intrusions. “We believe it’s kind of serious, and we’re investigating.”

The bulletin does not identify the states in question, but sources familiar with the document say it refers to the targeting by suspected foreign hackers of voter registration databases in Arizona and Illinois. In the Illinois case, officials were forced to shut down the state’s voter registration system for ten days in late July, after the hackers managed to download personal data on up to 200,000 state voters, Ken Menzel, the general counsel of the Illinois Board of Elections, said in an interview. The Arizona attack was more limited, involving malicious software that was introduced into its voter registration system but no successful exfiltration of data, a state official said.

[Defiant]

Facebook recommended that this psychiatrist’s patients friend each other

[Moliere]

Someone Leaked 68 Million Dropbox Accounts

[Isgrimnur]

Brazzers (BBC link)

The names of almost 800,000 registered users of porn site Brazzers have been exposed in a data breach.

The account details were taken from forums associated with the site on which porn fans discuss favourite scenes and performers.

It is thought attackers stole data using vulnerabilities in the vBulletin software used to run the chat forum.
...
News website Motherboard said the information about Brazzers users was passed to it by Vigilante.pw, which monitors breaches. The dump of data includes email addresses, user names and passwords spelled out in plain text. Many firms typically digitally scramble or encrypt passwords to protect them even if they go astray.

The data was taken from the Brazzersforum site that was set up for users but it appears that many people who signed up for the chat forums used the same logins and passwords on the main porn site. The data was stolen in 2013 but has only now come to light.
...
Mr Hunt told Motherboard that the release of the data was potentially more embarrassing than just knowing someone was a member of a porn site because, if someone used the stolen logins, they could see private conversations about sexual preferences.

"Problem with a hack like that is it's a forum," he said. "Worse than just adult website creds, this is what people were talking and fantasising about."
...
Mr Hunt said the widely used vBulletin software was often poorly maintained by forum administrators who did not apply the latest security patches leaving sites vulnerable to attack. Several recent breaches had all been traced back to vBulletin, he added.

[GreenGoo]

Just came in to post that. Same BBC link.

[Moliere]

Not sure if it counts as a data breach, but I found this article about WF employees setting up fake accounts as pretty close.

Employees of Wells Fargo (WFC) boosted sales figures by covertly opening the accounts and funding them by transferring money from customers' authorized accounts without permission, the Consumer Financial Protection Bureau, Office of the Comptroller of the Currency and Los Angeles city officials said.

An analysis by the San Francisco-headquartered bank found that its employees opened more than two million deposit and credit card accounts that may not have been authorized by consumers, the officials said. Many of the transfers ran up fees or other charges for the customers.

[malchior]

Personally I'd file that under fraud and poor governance. You'd think out of 5300 people they would have found a criminal case. Just kidding - we don't prosecute financial crimes perpetrated on the little people anymore.

[Isgrimnur]

You can't get good, hand-delivered malware here in the US these days.

Julien Ascoet was already suspicious when he pulled the plain white envelope from his mailbox this past July.

The letter had no stamp and was completely unmarked. Someone must have delivered it in person to Ascoet's home outside the French port city of Nantes.
...
What Ascoet found was a memory stick with no note or explanation. It wasn't anthrax, but it could still be dangerous; memory sticks, also called thumb drives or USBs, are sometimes used to spread malicious software from computer to computer. This USB was branded, but Ascoet said the device appeared used and that he doubted there was any connection between the brand and the mysterious delivery.

Ascoet, who also works as a security researcher, eventually threw the device out — although not before photographing it and posting the picture to Twitter .
...
On Wednesday, Australian police drew international attention when they announced that "extremely harmful" memory sticks had been left in mailboxes across the suburban town of Pakenham, about 60 kilometers (37 miles) southeast of Melbourne. Pakenham Police Sgt. Guy Matheson said in a telephone interview Thursday that the unmarked thumb drives started showing up several days ago.

Disguised as offers for Netflix or a similar service, Matheson said rogue programs lurking on the drives instead held victims' computers hostage, demanding a hefty payment in the electronic currency Bitcoin as ransom.

Matheson said two or three people had fallen for the ruse.

[Blackhawk]

memory sticks, also called thumb drives or USBs

[Isgrimnur]

Yahoo

Yahoo "has confirmed that a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor," the company posted on its investor relations page.

The stolen data include names, email addresses, telephone numbers, birthdays, hashed passwords, and some "encrypted or unencrypted security questions and answers." Yahoo says it believes no payment card or bank information was stolen.

Yahoo believes that "at least" 500 million user account credentials were stolen, which would make it the biggest breach of all time, bigger than the MySpace breach of 427 million user accounts.

The breach has turned out to be larger than previously expected. Recode's Kara Swisher reported on Thursday that the breach could have implications for the $4.8 billion sale of Yahoo to Verizon. Some shareholders reportedly fear that it could change the price of the transaction.
...

A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network. Yahoo is working closely with law enforcement on this matter.

[Isgrimnur]

White House contractor

A White House contractor's email appears to have been hacked, leaking material ranging from Michelle Obama's passport to the number of stairs the Secret Service anticipated Joe Biden would be climbing during a trip to Cleveland.

The emails were sent from the Gmail account of Ian Mellul, who is a contractor employed as an advance associate at the White House, and include correspondences with other White House employees as well as with Mellul's friends and professors. In one, the staffer references still being in college.
...
The White House contractor's emails were made public by DC Leaks, the group that last week also printed emails from former Secretary of State Colin Powell. In the emails, the retired four-star general called Donald Trump a "national disgrace." DC Leaks is believed to have ties to Russian intelligence services, a federal law official told NBC News.
...
One leaked email has 24 scanned passports attached to it, including Michelle Obama's. It was transmitted by a staffer in her office to Mellul, who then in turn forwarded that email to his personal account. The quality of the scan is high, and shows all of her personal details.
...
Not only do the emails contain specifics about the first lady and vice president — such as meticulous schedules intended for their Secret Service protection — they also reveal details about Hillary Clinton's campaign events, which the staffer was also apparently involved with.

The emails describe where and with whom Clinton would be in such events, listing who would be riding in which cars in her convoy and the manifest for her private plane. The Clinton campaign did not comment on the email leak.

They also show a presentation for a trip to the Intercontinental Hotel in Cleveland that Biden took in June. The Power Point outlines how many stairs Biden would walk up as he arrived at the hotel loading dock and laid out the rooms he would visit once inside.

[Moliere]

A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor.

Thanks for the timely heads up Yahoo!

[Max Peck]

Probe of leaked U.S. NSA hacking tools examines operative's 'mistake'

A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters.

The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers.

The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible.

Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews.

NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.

Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other's missteps.

Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment.

After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia.

That could have helped identify rival powers’ hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations.

Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said.

In this case, as in more commonplace discoveries of security flaws, U.S. officials weigh what intelligence they could gather by keeping the flaws secret against the risk to U.S. companies and individuals if adversaries find the same flaws.

Critics of the Obama administration's policies for making those decisions have cited the Shadow Brokers dump as evidence that the balance has tipped too far toward intelligence gathering.

The investigators have not determined conclusively that the Shadow Brokers group is affiliated with the Russian government, but that is the presumption, said one of the people familiar with the probe and a fifth person.

One reason for suspecting government instead of criminal involvement, officials said, is that the hackers revealed the NSA tools rather than immediately selling them.

The publication of the code, on the heels of leaks of emails by Democratic Party officials and preceding leaks of emails by former U.S. Secretary of State Colin Powell, could be part of a pattern of spreading harmful and occasionally false information to further the Russian agenda, said Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies.

"The dumping is a tactic they've been developing for the last five years or so," Lewis said. "They try it, and if we don't respond they go a little further next time."

[Blackhawk]

Max, every time I see one of your posts, I think it is Rip thanks to the avatar.

[Isgrimnur]

Vera Bradley

Handbag and accessories maker Vera Bradley said on Wednesday hackers may have accessed customer data from payment processing systems in its stores, causing a delay in an upgrade of its website and potentially hurting holiday-season sales.

The company said hackers may have accessed customer data including card numbers, cardholder names, expiration dates and internal verification codes between July 25 and Sept. 23.

Vera Bradley, which had 112 stores and 44 factory outlets at the end of July, said the delay in the upgrade of its website "could impact its ability to generate positive comparable sales growth" in the fourth quarter ending Jan. 31.

The exact number of cards affected is unclear, spokeswoman Julia Bentley said in an email. Cards used to shop on the company's website were not affected.

[Isgrimnur]

San Francisco Municipal Transportation Agency

The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on [November 11th], causing fare station terminals to carry the message, “You are Hacked. ALL Data Encrypted.” Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.

On Friday, The San Francisco Examiner reported that riders of SFMTA’s Municipal Rail or “Muni” system were greeted with handmade “Out of Service” and “Metro Free” signs on station ticket machines. The computer terminals at all Muni locations carried the “hacked” message: “Contact for key ),” the message read.

The hacker in control of that email account said he had compromised thousands of computers at the SFMTA, scrambling the files on those systems with strong encryption. The files encrypted by his ransomware, he said, could only be decrypted with a special digital key, and that key would cost 100 Bitcoins, or approximately USD $73,000.

On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. A screen shot of the user profile page for shows that it was tied to a backup email address,, which also was protected by the same secret question and answer.
...
Copies of messages shared with this author answer many questions raised by news media coverage of this attack, such as whether the SFMTA was targeted. In short: No. Here’s why.
...
KrebsOnSecurity sought assistance from several security experts in making sense of the data shared by my source. Alex Holden, chief information security officer at Hold Security Inc, said the attack server appears to have been used as a staging ground to compromise new systems, and was equipped with several open-source tools to help find and infect new victims.

“It appears our attacker has been using a number of tools which enabled the scanning of large portions of the Internet and several specific targets for vulnerabilities,” Holden said. “The most common vulnerability used ‘weblogic unserialize exploit’ and especially targeted Oracle Corp. server products, including Primavera project portfolio management software.”

According to a review of email messages from the Cryptom27 accounts shared by my source, the attacker routinely offered to help victims secure their systems from other hackers for a small number of extra Bitcoins. In one case, a victim that had just forked over a 20 Bitcoin ransom seemed all too eager to pay more for tips on how to plug the security holes that got him hacked. In return, the hacker pasted a link to a Web server, and urged the victim to install a critical security patch for the company’s Java applications.

[Moliere]

San Francisco Municipal Transportation Agency

Brackets are your friend.

[Isgrimnur]

Indeed.

[Moliere]

I have now completed my company's "2016 Kevin Mitnick Security Awareness Training" which makes sense I guess, given his history. So, apparently clicking on .exe attachments from unknown email senders is bad.

[Isgrimnur]

I have now completed my company's "2016 Kevin Mitnick Security Awareness Training" which makes sense I guess, given his history. So, apparently clicking on .exe attachments from unknown email senders is bad.

We're in the midst of that wonderful 15 minute video rollout as well. I finished it in 12. I love having written transcripts of video presentations. If only the state of Texas would let me breeze through defensive driving, but they mandate that you must spend exactly six hours.

[Max Peck]

'One billion' affected by Yahoo hack

Yahoo has said more than one billion user accounts may have been affected in a hacking attack dating back to 2013.

The internet giant said the hack appears separate from a breach disclosed in September, when some 500 million accounts were accessed in 2014.

Yahoo said names, phone numbers, passwords and email addresses were stolen, but not bank and payment data.

The company, which is being taken over by Verizon, said it is working closely with the police and authorities.

[Paingod]

it is working closely with the police and authorities.

I don't know what kind of logs they keep, but a breach from 3 years ago might be a touch hard to pin down to anything. This kind of sounds like they've called the cops after coming home to discover that their house had been robbed - by a tornado.

[Max Peck]

Russian-speaking hacker allegedly stole logins from a U.S. election agency

A Russian-speaking hacker has been found selling stolen login credentials for a U.S. agency that tests and certifies voting equipment, according to a security firm.

The hacker was attempting to sell more than 100 allegedly compromised login credentials belonging to the U.S. Election Assistance Commission (EAC), the security firm Record Future said in a Thursday blog post. The company said it discovered online chatter about the breach on Dec. 1.

Some of these credentials included the highest administrative privileges. With such access, an intruder could steal sensitive information from the commission, which the hacker claimed to have done, Recorded Future said.

According to screenshots obtained by Recorded Future, the hacker had access to details about tests of election systems and software.

The EAC said it has terminated access to the affected application and is working with federal law enforcement to determine the source of the criminal activity.

The EAC was formed in 2002. In addition to certifying voting systems, it develops best practices for administering elections.

[Max Peck]

Star Wars card firm Topps hit by 'unforgiveable' hack

The maker of iconic collectable trading cards has said hackers could have stolen customers' credit and debit card numbers along with their associated security codes in a recent breach.

Topps' products include Star Wars, Disney's Frozen, Top Gear and the UEFA champion league.

The New York firm told the BBC that the vulnerability had since been fixed.

But a security researcher said he had previously warned the firm about security weaknesses.

Topps declined to say how many people were affected or why the payment card numbers were at risk. In most hack attacks, companies assure users that they do not store such financial data in a form that can be exposed.

[hitbyambulance]

Star Wars card firm Topps hit by 'unforgiveable' hack

remember when Topps was baseball cards... and baseball cards only?

[ImLawBoy]

I don't know who made them, but I had Star Wars baseball-type cards as a kid.

[Moliere]

Hacker Steals 900 GB of Cellebrite Data

The hackers have been hacked. Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products.

The breach is the latest chapter in a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies.

Cellebrite is an Israeli company whose main product, a typically laptop-sized device called the Universal Forensic Extraction Device (UFED), can rip data from thousands of different models of mobile phones. That data can include SMS messages, emails, call logs, and much more, as long as the UFED user is in physical possession of the phone.

[Freyland]

"a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies"

Can someone explain the part in bold? Were hackers hiring minions to do their hacking previously, and so this is now the "Real Deal" of hackers? Confused minds want to know.

[Moliere]

25 Worst Passwords You Should Never Use (But Probably Do)

Topping the list 2 years in a row:
1. 123456
2. password

Here is the list for 2016:

123456 remains in the top spot. While "password" drops to #8.

[Isgrimnur]

So in another few years, it should be safe to go back to 'password'? Sweet!

[malchior]

"a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies"

Can someone explain the part in bold? Were hackers hiring minions to do their hacking previously, and so this is now the "Real Deal" of hackers? Confused minds want to know.

That article is a bit of a mess. I can't definitively say what it is but I think this is a nod to hacktivism trends. I think they are saying the hackers are doing this because the government isn't protecting consumers or something along those lines.

[Isgrimnur]

CD Projekt Red

The Witcher 3 developers CD Projekt RED have had their forums hacked, with almost two-million users' details stolen.

According to the data breach notification site ‘Have I Been Pwned’, the breach happened back in March 2016, with usernames, passwords and email addresses were compromised.

The data breach site notified those affected this morning, when the data was made available.
...
If you ever had an account of the official CD Projekt RED forums, now would be a good time to change your passwords on everything, just in case.

[Isgrimnur]

Arby's (Feb 09)

Sources at nearly a half-dozen banks and credit unions independently reached out over the past 48 hours to inquire if I’d heard anything about a data breach at Arby’s fast-food restaurants. Asked about the rumors, Arby’s told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide.

A spokesperson for Atlanta, Ga.-based Arby’s said the company was first notified by industry partners in mid-January about a breach at some stores, but that it had not gone public about the incident at the request of the FBI.
...
Arby’s said the breach involved malware placed on payment systems inside Arby’s corporate stores, and that Arby’s franchised restaurant locations were not impacted.

Arby’s has more than 3,330 stores in the United States, and roughly one-third of those are corporate-owned. The remaining stores are franchises. However, this distinction is likely to be lost on Arby’s customers until the company releases more information about individual restaurant locations affected by the breach.
...
Arby’s declined to say how long the malware was thought to have stolen credit and debit card data from infected corporate payment systems. But the PSCU notice said the breach is estimated to have occurred between Oct. 25, 2016 and January 19, 2017.

[Moliere]

You Can’t Depend on Antivirus Software Anymore

Anyone have experience using a password manager? Doesn't that just give you a single source of vulnerability? If the hackers gets that then don't they have all your various login credentials?

[malchior]

You Can’t Depend on Antivirus Software Anymore

Anyone have experience using a password manager? Doesn't that just give you a single source of vulnerability? If the hackers gets that then don't they have all your various login credentials?

A password manager does create a 'crown jewel vault of passwords' but it is a reasonable trade off IMO. And the situation gets better if you add a second factor which is why the banks are all incorporating texts/emails. They aren't foolproof obviously but these practices improve protection. They make automated attacks less likely because a human would typically need to be involved. That has lower 'throughput' in general and the targeting becomes more selective.

[Moliere]

Massive Bug May Have Leaked User Data From Millions of Sites. So … Change Your Passwords

THE INTERNET INFRASTRUCTURE company Cloudflare, which provides a variety of performance and security services to millions of websites, revealed late Thursday that a bug had caused it to randomly leak potentially sensitive customer data across the internet.

The flaw was first uncovered by Google vulnerability researcher Tavis Ormandy on February 17, but could have been leaking data since as long ago as September 22. In certain conditions, Cloudflare’s platform inserted random data from any of its six million customers—including big names like Fitbit, Uber, and OKCupid—onto the website of a smaller subset of customers. In practice, it meant that a snippet of information about an Uber ride you took, or even your Uber password, could have ended up hidden away in the code of another site.