breach

FTC sues Wyndham hotels over data breaches

The U.S. Federal Trade Commission has filed a lawsuit against hotel chain Wyndham Worldwide and three subsidiaries for allegedly storing data in plain text and other security failures that enabled hackers to access more than 600,000 payment card accounts in three data breaches in less than two years.

The hackers exported the payment card account data to an Internet domain address registered in Russia, according to the FTC lawsuit (PDF). They then used the data stolen from Wyndham's data center in Phoenix to make transactions, resulting in fraud losses of more than $10.6 million, the suit … Read more

Hackers grab customer data, demand cash from payday lender

Hackers have released consumer data stolen from an online loan provider, after the company refused to pay an extortion fee.

"On June 12, AmeriCash Advance received a fax, telling us that part of our Web site had been hacked. The letter went on to demand initial payment of $15,000 from us," AmeriCash Advance, an online payday cash advance provider, said in a statement provided to CNET. "We immediately notified the appropriate authorities and promptly took steps to ensure that no other data could be accessed. We will not cave in to blackmail, and are cooperating fully … Read more

Hacker claims breach of 79 banks, releases customer data

A hacker claiming to have broken into networks of dozens of banks and stolen customer data, has released as proof a file that contains names, addresses, e-mail addresses, and phone numbers in plain text, but no credit card numbers.

"I penetrated over 79 large banks, I've been targetting these banks since 3 months," read a tweet from the Twitter account of Reckz0r. "Actually, I didn't hacked VISA & Mastercard, I hacked the banks, #Chase..etc."

A Pastebin post from today has a link to a downloadable file on the AnonFiles.com site that appears … Read more

Facebook wants users' cell numbers in bid to bolster security

In the wake of a rash of password leaks, Facebook wants to educate its members about how to make their accounts more secure and is asking for users' cell phone numbers as part of that effort.

The social network has begun adding a message at the top of every member's news feed that suggests they "Stay in control of your account by following these simple security tips." The message includes a link to Facebook's security page, where users are tutored on how to identify a scam and choose a unique password, and are asked to provide … Read more

Global Payments: Consumer data may also have been stolen

Credit card processor Global Payments said today that in the course of investigating the theft of 1.5 million credit card numbers, it has discovered that hackers may also have stolen consumer data from servers.

"Our ongoing investigation recently revealed potential unauthorized access to personal information collected from a subset of merchant applicants," the company said in a statement on its Web site.

"It is unclear whether the intruders looked at or took any personal information from the company's systems; however, the company will notify potentially-affected individuals in the coming days with helpful information and make … Read more

SpexSec takes aim at alleged terrorists, Zer0Pwn at Louisiana

Two hacking groups have taken aim at two very distinct targets in a data dump on Pastebin.

First up, the hacking organization known as SpexSec today posted the passports and visa information of more than 200 suspected terrorists. In a posting on Pastebin, the organization said that it hopes the data will help the U.S. "close down on some investigations."

"Like we promised, our primary suspects include the U.S Government for torturous and deceptive acts on our own soil, the Educational system for exuberantly being blown-over and belligerently not patching the holes in their system, … Read more

How long ago did the Last.fm security breach happen?

Last.fm's security breach that left user passwords open on a Russian hacker site last week might have shown its ugly face months ago, according to a new report.

Back in May, several Last.fm users took to the company's forums, saying that they had been receiving massive amounts of spam on e-mail addresses they created solely for Last.fm. Soon after, Last.fm customer support manager Matt Knapman said that his company was "investigating this matter urgently, running a security audit, and looking at alternative ways the spamming of Last.fm users might have occurred."… Read more

What the password leaks mean to you (FAQ)

Three companies have warned users in the last 24 hours that their customers' passwords appear to be floating around on the Internet, including on a Russian forum where hackers boasted about cracking them. I suspect more companies will follow suit.

Curious about what this all means to you? Read on.

What exactly happened? Earlier this week a file containing what looked like 6.5 million passwords and another with 1.5 million passwords was discovered on a Russian hacker forum on InsidePro.com, which offers password-cracking tools. Someone using the handle "dwdm" had posted the original list and … Read more

LinkedIn working with police on password leak

LinkedIn said today that it has contacted police about the compromise of its users' passwords that hackers were actively cracking earlier this week.

"Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published," Vicente Silveira, a director at the professional social-networking site, wrote in a blog post. "We are also actively working with law enforcement, which is investigating this matter."

The … Read more

Customer contact info leaked by HP in case against Oracle

It's been a haphazard week for the security of personal data with major leaks at LinkedIn and now Last.fm.

You can add some probably now-unhappy Oracle customers to that list thanks to some legal documents that have popped up in the hardware giant's legal battle against Hewlett-Packard going on right now.

As reported by Wired, Oracle received "hundreds of complaints" from customers after the Redwood Shores, Calif.-based company announced it would be discontinuing support for the Itanium processor, making a lot of HP databases rather useless. In a nutshell, that's what started this whole lawsuitRead more