The Data Breach Thread

Everything else!

Moderators: Bakhtosh, EvilHomer3k

Post Reply
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

MyHeritage
MyHeritage, an Israeli-based genealogy and DNA testing company, disclosed today that a security researcher found on the Internet a file containing the email addresses and hashed passwords of more than 92 million of its users.

MyHeritage says it has no reason to believe other user data was compromised, and it is urging all users to change their passwords. It says sensitive customer DNA data is stored on IT systems that are separate from its user database, and that user passwords were “hashed” — or churned through a mathematical model designed to turn them into unique pieces of gibberish text that is (in theory, at least) difficult to reverse.

MyHeritage did not say in its blog post which method it used to obfuscate user passwords, but suggested that it had added some uniqueness to each password (beyond the hashing) to make them all much harder to crack.
...
MyHeritage’s repeated assurances that nothing related to user DNA ancestry tests and genealogy data was impacted by this incident is are not reassuring. Much depends on the strength of the hashing routine used to obfuscate user passwords.

Thieves can use open-source tools to crack large numbers of passwords that are scrambled by weaker hashing algorithms (MD5 and SHA-1, e.g.) with very little effort. Passwords jumbled by more advanced hashing methods — such as Bcrypt — are typically far more difficult to crack, but I would expect any breach victim who was using Bcrypt to disclose this and point to it as a mitigating factor in a cybersecurity incident.
It's almost as if people are the problem.
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

Ticketfly

In May 2018, the website for the ticket distribution service Ticketfly was defaced by an attacker and was subsequently taken offline. The attacker allegedly requested a ransom to share details of the vulnerability with Ticketfly but did not receive a reply and subsequently posted the breached data online to a publicly accessible location. The data included over 26 million unique email addresses along with names, physical addresses and phone numbers.
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Facebook Changed 14 Million People’s Privacy Settings to “Public” Without Warning
Facebook disclosed Thursday that a software bug may have switched some users’ posts to “public” without telling them. That means that status updates, photos, and other Facebook activity that people thought they were sharing just with their friends, or with friends of friends, would have instead been viewable by anyone—unless they noticed the settings change and fixed it.

The bug affected 14 million users around the world, Facebook told Recode and other news outlets. It was active for 10 days, from May 18 to May 27, before being fixed. Facebook said Thursday it has begun notifying those affected and prompting them to review their posts and privacy settings from that time period.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

Given the stuff I post on FB, I'd have known it right away.
Black Lives Matter
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: The Data Breach Thread

Post by Pyperkub »

D-Link code signing certificates for ip cameras:
In a support announcement, D-Link officials said that two separate code-signing certificates were recently misappropriated by a “highly active cyber espionage group.” The post said most D-Link customers won’t be affected by the theft, but it also suggested some people may experience errors when viewing mydlink IP cameras within Web browsers. Company engineers are in the process of releasing updated firmware to fix the errors. People using mydlink mobile applications aren’t affected.

Both D-Link and Changing Information Technology have revoked the stolen certificates. Until the D-Link firmware is issued, the company’s support announcement is advising people who want to use browsers to view their affected D-Link cameras to temporarily ignore the certificate revocation warnings. This is bad advice that could be abused by malware operators. Users should disregard it.
If you use the D-Link mydlink IP Cameras, keep an eye out for official firmware updates.
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
Max Peck
Posts: 13682
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

The hits keep on coming...

'Foreshadow' attack affects Intel chips
Researchers have found another serious security flaw in computer chips designed by Intel.

Nicknamed Foreshadow, this is the third significant flaw to affect the company’s chips this year.

The US government’s body for computer security said “an attacker could exploit this vulnerability to obtain sensitive information”.

Intel has released a patch which mitigates the problem, which affects processors released from 2015 onwards.
The most recent cumulative update for Windows 10, released yesterday, appears to address this issue.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

GovPayNow.com
Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.

Indianapolis-based GovPayNet, doing business online as GovPayNow.com, serves approximately 2,300 government agencies in 35 states. GovPayNow.com displays an online receipt when citizens use it to settle state and local government fees and fines via the site. Until this past weekend it was possible to view millions of customer records simply by altering digits in the Web address displayed by each receipt.
It's almost as if people are the problem.
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

Newegg

Hackers stole customer credit cards in Newegg data breach

"Newegg is clearing up its website after a month-long data breach.

Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card data from unsuspecting customers to a server controlled by the hackers with a similar domain name — likely to avoid detection. The server even used an HTTPS certificate to blend in.

The code also worked for both desktop and mobile customers — though it’s unclear if mobile customers are affected."
User avatar
RMC
Posts: 6739
Joined: Wed Oct 13, 2004 1:49 pm
Location: Elyria, Ohio
Contact:

Re: The Data Breach Thread

Post by RMC »

Carpet_pissr wrote: Thu Sep 20, 2018 12:22 am Newegg

Hackers stole customer credit cards in Newegg data breach

"Newegg is clearing up its website after a month-long data breach.

Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card data from unsuspecting customers to a server controlled by the hackers with a similar domain name — likely to avoid detection. The server even used an HTTPS certificate to blend in.

The code also worked for both desktop and mobile customers — though it’s unclear if mobile customers are affected."
I picked the wrong time to order a new video card from New Egg. Canceled my credit card and am having them send a new one.
Difficulties mastered are opportunities won. - Winston Churchill
Sheesh, this is one small box. Thankfully, everything's packed in nicely this time. Not too tight nor too loose (someone's sig in 3, 2, ...). - Hepcat
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

Krebs
It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.

Enacted in May 2018, the Economic Growth, Regulatory Relief and Consumer Protection Act rolls back some of the restrictions placed on banks in the wake of the Great Recession of the last decade. But it also includes a silver lining. Previously, states allowed the bureaus to charge a confusing range of fees for placing, temporarily thawing or lifting a credit freeze. Today, those fees no longer exist.
...
Spouses may request freezes for each other by phone as long as they pass authentication.

The new law also makes it free to place, thaw and lift freezes for dependents under the age of 16, or for incapacitated adult family members. However, this process is not currently available online or by phone, as it requires parents/guardians to submit written documentation (“sufficient proof of authority”), such as a copy of a birth certificate and copy of a Social Security card issued by the Social Security Administration, or — in the case of an incapacitated family member — proof of power of attorney.
It's almost as if people are the problem.
User avatar
Kraken
Posts: 43688
Joined: Tue Oct 12, 2004 11:59 pm
Location: The Hub of the Universe
Contact:

Re: The Data Breach Thread

Post by Kraken »

I paid to freeze mine a few months ago. Can I now unfreeze them for free?
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

Supposedly.
It's almost as if people are the problem.
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

You shouldn’t have had to pay to unfreeze anyway, AFAIK. Just freeze (for just one in my case, others were free to freeze)
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

Yeah I gotta get mine frozen again now, just to piss off the credit card companies if for no other reason.
Black Lives Matter
User avatar
Max Peck
Posts: 13682
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

RCMP and privacy commissioner probe alleged NCIX data breach
The RCMP and Office of the Information and Privacy Commissioner of British Columbia are investigating allegations of a possible data breach involving the bankrupt computer retailer NCIX.

Authorities are investigating a claim that NCIX's database servers have been advertised for sale online with all of the information still intact.

In doing so, it may have compromised the security of countless customers.

According to a statement from Richmond RCMP, the case was opened Thursday and police have seized the servers.
The author Travis Doering is a systems analyst who says he noticed a Craigslist ad listing NCIX computers for sale.

Doering says he arranged to meet the seller, a man who called himself Jeff, in a warehouse in Richmond. He says he was stunned when the man offered the information from offline backup servers on millions of transactions.

"Every record for more than 10 years was there."

He says he saw personal data of customers, including addresses, phone numbers.and financial information.

"Credit card information was there in plain text with numbers, CVVs [Card Verification Value] and expiry dates," Doering said.

He also saw personal income tax information about employees such as T4 statements. He showed some of the statements to CBC News.
Technically I'm affected by this (I ordered a part from them about 10 years ago) but the credit card number I had back then is no longer valid, so meh.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

This is why there needs to be laws protecting consumer information. That's pretty ridiculous. Not to mention one does wonder how Visa/MC/Amex would feel about this.
Black Lives Matter
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Not really a data breach, but everything Facebook does comes across that way:

Facebook Is Giving Advertisers Access to Your Shadow Contact Information
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

Yeah, FB is pretty much a data breach itself as far as I’m concerned.
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Carpet_pissr wrote: Thu Sep 27, 2018 7:57 am Yeah, FB is pretty much a data breach itself as far as I’m concerned.
FB delivers!

Security Update
On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Exodor
Posts: 17196
Joined: Tue Oct 12, 2004 11:10 pm
Location: Portland, OR

Re: The Data Breach Thread

Post by Exodor »

Burgerville
On August 22, 2018, the Federal Bureau of Investigation (FBI) notified Burgerville of a cybersecurity breach impacting a number of the company’s systems. The breach was perpetrated by Fin7 and was a sophisticated attack targeting companies with locations in the Pacific Northwest. Burgerville agreed to cooperate fully with the FBI investigation, and immediately began a forensic investigation of its own to determine the full extent of the breach.

On September 19, 2018, as part of its forensics investigation, Burgerville discovered that the breach, which was initially thought to be a brief intrusion, was still active. The group of hackers had placed malware on Burgerville’s network and were continuing to collect payment data. Burgerville immediately began taking steps to contain the breach and disable the malware with the help of a third-party team of cybersecurity experts and in cooperation with the FBI.

I can't even get a tasty milkshake without having my credit card number stolen. :doh:
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

Image

Image
It's almost as if people are the problem.
User avatar
Exodor
Posts: 17196
Joined: Tue Oct 12, 2004 11:10 pm
Location: Portland, OR

Re: The Data Breach Thread

Post by Exodor »

Isgrimnur wrote: Wed Oct 03, 2018 2:40 pm

Really?

:mrgreen:
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

Exodor wrote: Wed Oct 03, 2018 2:41 pm
Isgrimnur wrote: Wed Oct 03, 2018 2:40 pm

Really?

:mrgreen:
The map above is from their website with their locations. But thanks for the thoughts. :D
It's almost as if people are the problem.
User avatar
hitbyambulance
Posts: 10233
Joined: Wed Oct 13, 2004 3:51 am
Location: Map Ref 47.6°N 122.35°W
Contact:

Re: The Data Breach Thread

Post by hitbyambulance »

Burgerville had some decent vegetarian burgers, actually. i'd go back there.
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

hitbyambulance wrote: Thu Oct 04, 2018 4:38 pm Burgerville had some decent vegetarian burgers, actually. i'd go back there.
Use cash.
It's almost as if people are the problem.
User avatar
Blackhawk
Posts: 43490
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

How about... Google?

Oh, and they're shutting down Google+ in response.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
Exodor
Posts: 17196
Joined: Tue Oct 12, 2004 11:10 pm
Location: Portland, OR

Re: The Data Breach Thread

Post by Exodor »

Blackhawk wrote: Mon Oct 08, 2018 6:02 pm Oh, and they're shutting down Google+ in response.
Oh no! Dozens of Google+ users will be forced to go elsewhere! :wink:
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Kind of a data breach depending on how you view privacy at work.

The Employer-Surveillance State
Jason Edward Harrington spent six years working the luggage-screening checkpoint at O’Hare International Airport in Chicago. A college graduate and freelance writer, he initially took the job as a stopgap, but found that he enjoyed meeting passengers from all over the world, some of whom showed a real interest in him. But while working for the TSA, Harrington noticed that his bosses were following and video-recording his every move, a practice they said was at least in part for his protection: If, perchance, a traveler’s iPad went missing, the videotapes would prove that Harrington was not to blame. Harrington was on board with that. His problem, he told me, was that supervisors would also view the tapes to search for the slightest infraction—anything from gum chewing to unauthorized trips to the bathroom. Eventually, these intrusions led him to quit. “If they trusted us, respected us, you could really enjoy the job,” Harrington told me. “But they didn’t.”

A TSA spokesman, Michael McCarthy, acknowledged the agency’s use of surveillance, though he attributed the “fairly rapid” turnover rate of TSA baggage screeners to other factors—in particular, to “low pay and high stress.” In fact, electronic surveillance of employees, through technologies including not just video cameras but also monitoring software, has grown rapidly across all industries. Randolph Lewis, a professor of American studies at the University of Texas at Austin and the author of Under Surveillance: Being Watched in Modern America, pointed to software that makes it possible for employers to monitor employee facial expressions and tone of voice to gauge their emotional states, such as rage or frustration. Among more conventional surveillance methods, employers can track employees’ website visits and keep tabs on their employees’ keystrokes. Employers can also monitor employees’ personal blogs and read their social-networking profiles. In one case in California, a sales executive at a money-transfer firm sued her employer, claiming she had been fired for disabling an app that used employer-issued cell phones to track workers via GPS, even when they were off the clock. (The suit was later settled out of court.)
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

If only there were a way for workers to band together to negotiate what is and isn’t acceptable for employers to use such information.
It's almost as if people are the problem.
User avatar
Blackhawk
Posts: 43490
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

That doesn't surprise me much. That's what working in casinos was like clear back in the 90s. They told me on day one that unless I was in the bathroom I should assume that one of several thousand video cameras was looking over my shoulder.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

Sometimes I wish I were still working, but it's crap like that that reminds me of why I'm not.
Black Lives Matter
User avatar
stimpy
Posts: 6102
Joined: Wed Jan 19, 2005 6:04 pm

Re: The Data Breach Thread

Post by stimpy »

Lorini wrote: Wed Oct 17, 2018 11:09 am Sometimes I wish I were still working, but it's crap like that that reminds me of why I'm not.
Does, Not. Compute.
He/Him/His/Porcupine
User avatar
gilraen
Posts: 4312
Joined: Wed Sep 04, 2013 7:45 pm
Location: Broomfield, CO

Re: The Data Breach Thread

Post by gilraen »

Blackhawk wrote: Wed Oct 17, 2018 9:57 am That doesn't surprise me much. That's what working in casinos was like clear back in the 90s. They told me on day one that unless I was in the bathroom I should assume that one of several thousand video cameras was looking over my shoulder.
Casinos are a special case, though, since you are literally surrounded by cash floating around and changing hands all day long.

I work in tech support, and if I were told that my employer was going to measure my keystrokes or otherwise monitor what I'm doing all day long, I'd quit. I will not put up with that kind of disrespect, if you don't trust me to do my work, then I'll go somewhere else.

We do, however, have video surveillance cameras over the office entrances - since we deal with medical PII, we are required to implement physical security measures to protect the data, not just cyber security.
User avatar
hitbyambulance
Posts: 10233
Joined: Wed Oct 13, 2004 3:51 am
Location: Map Ref 47.6°N 122.35°W
Contact:

Re: The Data Breach Thread

Post by hitbyambulance »

gilraen wrote: Wed Oct 17, 2018 11:36 am and if I were told that my employer was going to measure my keystrokes or otherwise monitor what I'm doing all day long, I'd quit. I will not put up with that kind of disrespect, if you don't trust me to do my work, then I'll go somewhere else.
but what if they _don't_ tell you, i think is a big problem here.
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

stimpy wrote: Wed Oct 17, 2018 11:14 am
Lorini wrote: Wed Oct 17, 2018 11:09 am Sometimes I wish I were still working, but it's crap like that that reminds me of why I'm not.
Does, Not. Compute.
I am disabled and not able to work at the job I had, that's all. My income dropped by 70%, so yeah I do wish sometimes that I was still working, but I'm sure that this extensive video surveillance is going on where I used to work, so maybe not.
Black Lives Matter
User avatar
Blackhawk
Posts: 43490
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

gilraen wrote: Wed Oct 17, 2018 11:36 am
Blackhawk wrote: Wed Oct 17, 2018 9:57 am That doesn't surprise me much. That's what working in casinos was like clear back in the 90s. They told me on day one that unless I was in the bathroom I should assume that one of several thousand video cameras was looking over my shoulder.
Casinos are a special case
Absolutely they are, but I would think the TSA (the example quoted above) would qualify for that distinction as well, given that it is A) security related, and B) particularly prone to claims of theft/misconduct/abuse.
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Intel CPUs impacted by new PortSmash side-channel vulnerability
Researchers have classified PortSmash as a side-channel attack. In computer security terms, a side-channel attack describes a technique used for leaking encrypted data from a computer's memory or CPU, which works by recording and analyzing discrepancies in operation times, power consumption, electromagnetic leaks, or even sound to gain additional info that may help break encryption algorithms and recovering the CPU's processed data.

Researchers say PortSmash impacts all CPUs that use a Simultaneous Multithreading (SMT) architecture, a technology that allows multiple computing threads to be executed simultaneously on a CPU core.

In lay terms, the attack works by running a malicious process next to legitimate ones using SMT's parallel thread running capabilities. The malicious PortSmash process than leaks small amounts of data from the legitimate process, helping an attacker reconstruct the encrypted data processed inside the legitimate process.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

Marriott

Marriott reveals data breach of 500 million Starwood guests

Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.
Marriott said hackers had gained "unauthorized access" to the Starwood reservation system since 2014, but the company only identified the issue last week.
"The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it," Marriott said in a statement.
For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.
User avatar
Z-Corn
Posts: 4894
Joined: Mon Oct 18, 2004 4:16 pm

Re: The Data Breach Thread

Post by Z-Corn »

Carpet_pissr wrote: Fri Nov 30, 2018 12:29 pm Marriott

Marriott reveals data breach of 500 million Starwood guests

Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.
Marriott said hackers had gained "unauthorized access" to the Starwood reservation system since 2014, but the company only identified the issue last week.
"The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it," Marriott said in a statement.
For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.
I'm pretty sure I had a phishing attempt come my way last week due to this. The combination of data that the phisher had was unique to my Marriott account from about this period of time. This is the upside of providing phony data to companies that don't need real data.
User avatar
Skinypupy
Posts: 20333
Joined: Tue Dec 07, 2004 10:12 am
Location: Utah

Re: The Data Breach Thread

Post by Skinypupy »

Goddammit...I just got a new credit card number due to some suspicious activity.

Looks like it time for round two.
When darkness veils the world, four Warriors of Light shall come.
Post Reply