breach

As Sony works to bring its PlayStation Network back online following a security breach last week, more government agencies are seeking answers from the company.

The U.S. House of Representatives subcommittee on Energy and Commerce sent a letter to Sony Computer Entertainment America Chairman Kazuo Hirai today, posing more than a dozen questions about the nature of the breach, Sony's policy on data protection and privacy, and its plans for compensating customers.

In the letter, the committee's chairwoman Rep. Mary Bono Mack (R-Calif.) said it would like to know how the intrusion on Sony's network occurred … Read more

Security researchers say hackers claiming to have credit card information stolen from Sony's PlayStation Network last week are trying to sell that information on underground Internet forums, but the veracity of the claims could not be confirmed.

Sony warned its more than 70 million customers on Tuesday that their personal information--including customer names, addresses, e-mail addresses, birthdays, network passwords, and user names, as well as online user handles--was obtained illegally by an "unauthorized person." Sony responded to the intrusion, which occurred between April 17 and 19, by temporarily disabling PSN and Qriocity, its subscription music service, and … Read more

Subscribers to ISP news and review site DSLReports.com have been notified that their e-mail addresses and passwords may have been exposed during an attack on the Web site earlier this week.

The site was targeted in an SQL injection attack yesterday and about 8 percent of the subscribers' e-mail addresses and passwords were stolen, Justin Beech, founder of DSLReports.com, wrote in an e-mail to members. That would be about 8,000 random accounts of the 9,000 active and 90,000 old or inactive accounts created during the site's 10-year history, Beech said in an e-mail to CNET today.

"The data was taken on Wednesday afternoon, recognized and blocked at 7 p.m., and by Wednesday evening all the active accounts received e-mail notifications advising them to change their password if they share it with that e-mail address and all passwords were changed at that time," he wrote. "My hope is that few if any members will actually lose more than time to change passwords that they share among other sites."

The site has reset the passwords for those affected and members who use the same password on other sites, as noted above by Beech, were urged to change those passwords to prevent those accounts from being compromised. … Read more

Reports are trickling out from Sony PlayStation Network users about recent fraudulent charges on the credit cards they used for the PlayStation service. But it can't be substantiated at this time whether the fraud is a result of the data breach at Sony, and the timing of the reports could be coincidental.

Sony warned yesterday that customer names, e-mail addresses, birthdays, passwords, usernames, and possibly credit card account information was obtained by an "unauthorized person" between April 17 and 19. As many as 75 million customer accounts are affected.

The company has not said how the breach … Read more

After a week of PlayStation users wondering why they couldn't access PlayStation Network, Sony dropped the bomb yesterday: someone had gained access illegally to the personal information of more than 75 million of its users, forcing the company to shut down PlayStation Network and rebuild it, along with the related media download service Qriocity.

Sony had issued a few brief updates late last week and over the weekend acknowledging the service's outage and then an "external intrusion," but it didn't explain the consequences until yesterday.

The information exposed includes customer names; addresses; e-mail addresses; birthdays; … Read more

Ashampoo, a German maker of Windows utilities and security software, warned this week that customer names and e-mail addresses were stolen and could be used in targeted malware attacks.

"Hackers gained access to one of our servers. We discovered the break-in and interrupted it instantly," Ashampoo Chief Executive Rolf Hilchner wrote in a message on the company Web site earlier this week.

Billing information, including credit card and bank account numbers, was not affected, he said, adding that German law enforcement is investigating but "unfortunately, the traces of the well-concealed hackers currently disperse abroad."

Attackers often … Read more

Verizon's Data Breach Investigations Report for last year is a bit of a head scratcher. It shows that while the number of data breaches from cyber attacks rose, the amount of compromised records lost has fallen.

While there were 760 data breaches recorded by Verizon and the U.S. Secret Service in 2010 (up from about 140 in 2009), there were only 4 million compromised records involved (way down from 144 million in 2009), according to the Verizon 2011 Data Breach Investigations Report scheduled to be released on Tuesday. The figures represent both a record high number of incidents … Read more

news analysis Two U.S. senators introduced sweeping privacy legislation today that they promise will "establish a framework to protect the personal information of all Americans."

There is, however, one feature of the bill (PDF) sponsored by senators John Kerry (D-Mass.) and John McCain (R-Ariz.) that has gone relatively unnoticed: it doesn't apply to data mining, surveillance, or any other forms of activities that governments use to collect and collate Americans' personal information.

At a press conference in Washington, D.C., McCain said the privacy bill of rights will protect the "fundamental right of American citizens, … Read more

Security company Barracuda Networks was itself hit by a security breach over the weekend that exposed certain information from its databases.

An unknown hacker, who apparently took credit for the break-in, launched an attack that exposed a list of Barracuda databases along with the names, phone numbers, and e-mail address of various Barracuda partners.

The attack also uncovered the e-mail addresses of different Barracuda employees along with their passwords. Though the passwords were encrypted, they were done so using a hashing algorithm called MD5, which is considered by many to be a flawed and outdated encryption method.

The attacker grabbed … Read more