breach

Hackers vow 'hellfire' in latest major data leak

A group of hackers has released a vast quantity of data from banks, government agencies, consulting firms and many others and promised more data leaks in the future.

"Team GhostShell's final form of protest this summer against the banks, politicians and for all the fallen hackers this year," the group, which calls itself -- you guessed it -- "Team GhostShell," wrote in a Pastebin post titled "Project HellFire" this weekend. "With the help of it's [sic] sub-divisions, MidasBank & the newest branch, OphiusLab. One million accounts/records leaked. We are also … Read more

Make yourself less vulnerable online (video)

Zappos, LinkedIn, eHarmony, Yahoo, LastFm, the Environmental Protection Agency, Stanford, and Columbia University -- all suffered online data breaches recently, says the Privacy Rights Clearinghouse.

In fact, this year alone, there have been 276 data breaches, according to the Identity Theft Resource Center. Statistics indicate that private sector businesses and the health-care industry were most vulnerable, falling victim to, respectively, 37 percent and 34 percent of the breaches. Educational institutions and the government/military sector had breach rates of 14 percent and 11 percent, respectively. The rate for financial companies came in at just more than 3 percent, according to … Read more

Yahoo user sues over password leak

A New Hampshire man filed suit against Yahoo this week alleging that lax security measures allowed hackers to get into a Yahoo database and steal passwords from 450,000 accounts.

In his lawsuit seeking class-action status -- filed in federal court in San Jose, Calif., on Tuesday (PDF) -- Jeff Allan is asking the court to order Yahoo to compensate him and others for "resulting account fraud" and measures people had to take to protect against identity theft.

Not only was Allan's Yahoo password stolen but someone also had accessed his eBay account without his permission after … Read more

Legal, regulatory risks keep firms from sharing cyber threat data

A U.S. policy report to be released today says Congress should preempt certain state and federal regulations in order to allow companies the freedom to share with the government information about cyber security threats and attacks without fear of breaking data breach and other laws.

More information sharing is needed between companies and government agencies in order to help fend off attacks from hacktivists, criminals, and nation-states that target computer networks in the United States, according to the Cyber Security Task Force: Public-Private Information Sharing report written by the Homeland Security Project at the non-profit Bipartisan Policy Center.

"… Read more

Yahoo's password leak: What you need to know (FAQ)

Updated July 13 at 12:17 p.m. PT

Yahoo has just become the latest big online service to suffer a major password breach. While the number of affected users is far smaller than in the last big exposure -- that would be the password hack at LinkedIn last month, which exposed 6.5 million user passwords -- the attack is a big black eye for Yahoo and a potential hazard to the 450,000 or so people whose log-in information is now flapping in the breeze.

So here's CNET's quick guide to the Yahoo password fumble and … Read more

Yahoo password breach shows we're all really lazy

I'm going to say it. Lame! That's what this Yahoo password leak is. Really, Yahoo? Shame!

A group of hackers say they used a common attack, known as SQL injection, to grab 450,000 passwords from a Yahoo database, and they released them to the Web last night. The passwords were stored in plain text and not obscured using a hashing technique, which is standard practice for companies that handle sensitive user data.

I've asked Yahoo to comment on why the company didn't hash the passwords, but so far it's only released a statement confirming … Read more

Top domains and passwords compromised by Yahoo breach

The breach of one of Yahoo's sites reignited concerns over the vulnerability of the favorite Web sites that we visit.

But in reality, roughly 450,000 login credentials were compromised -- a small number relative to the total users on the Internet. Yahoo said less than 5 percent of the accounts had valid passwords.

The following is a list of the top 20 e-mail domains and frequently used passwords that were hit, as compiled by CNET's Declan McCullagh:

Domains 1. Yahoo.com (137,559) 2. Gmail.com (106,873) 3. Hotmail.com (55,148) 4. Aol.com (25,… Read more

Yahoo breach: Swiped passwords by the numbers

If there's one thing to learn from the recent security breach at Yahoo, it's that we need to be more creative with our passwords.

Hackers yesterday exposed more than 450,000 login credentials, which appeared to be gleaned from Yahoo. The hackers said they hoped this would be taken as a wake-up call to the parties responsible for the security of the hacked site, but individuals should also see this as a warning to strengthen their own personal passwords.

CNET's Declan McCullagh wrote a program to analyze the most frequently used passwords and e-mail domains that surfaced … Read more

Formspring disables user passwords in security breach

Formspring has suffered a security intrusion in which some of its user passwords may have been breached, the question-and-answer site warned today.

Formspring, which said it only learned of the network intrusion this morning, responded by disabling all users' passwords.

"We apologize for the inconvenience but prefer to play it safe and have asked all members to reset their passwords," Formspring founder and CEO Ade Olonoh said in a company blog post. "Users will be prompted to change their passwords when they log back into Formspring. "

A Formspring spokesperson told CNET that the company was tipped … Read more