Data loss

(get it in RSS or Atom)

1,000,000 lost credit cards = £150,000 fine

p-pii-250

A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first.

The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.

Hacker claims breach of Wall Street Journal and Vice

Malicious hacker claims breach of Wall Street Journal, Vice

W0rm's been quite busy and has already pulled this on CNET, and likewise is again offering to sell user data and server credentials for one Bitcoin.

eBay's StubHub ransacked for over $1 million, international crime ring arrested

StubHub logo

US police have indicted six people across four countries on charges of defrauding eBay's StubHub for over $1 million in pilfered tickets for things like Jay-Z and Justin Timberlake concerts. eBay says its servers weren't broken into; rather, password reuse and account holders' PCs being riddled with malware are to blame.

SSCC 157 - Routers, Browsers, Zombies and Sysadmins [PODCAST]

chet-chat-logo-featured-250

Here it is...this week's Chet Chat security podcast.

In this episode: fixing routers, trusting browsers, killing zombies and showing TLC to sysadmins.

Your Gmail account is fair game for cops or feds, says US judge

US judge: your Gmail account is fair game for cops or feds

A New York court on Thursday opened up our entire Gmail accounts to feds or cops with warrants, in spite of two recent decisions that went against similar requests.

New search engine Indexeus unmasks malicious hackers

New search engine Indexeus unmasks malicious hackers

Indexeus is a database of stolen names and passwords, many doxed from the hackers who've themselves doxed others' data. Is it poetic justice, exploitation of a lucrative market, a prototype of an educational tool, or all of the above?

Shopping site reports 3-year-old data breach

Australian shopping site reports 3-year-old data breach

Australian shopping website CatchOfTheDay has warned customers of a data breach dating back to 7 May 2011, urging anyone who has kept the same password at the site since that date to change it.

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

'Hidden from Google' site remembers the pages Google's forced to forget

'Hidden from Google" site remembers the pages Google's forced to forget

The newly launched site is archiving the pages Google was forced to de-index in the name of opening up to the internet as a whole the discussion regarding what should or should not be "forgotten."

SSCC 156 - Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]

chet-chat-logo-featured-250

Sophos experts Chester Wisniewski and Paul Ducklin are back with this week's security podcast, turning plain old news into advice you can use.

Germany considers replacing email with typewriters to evade spying

Germany to replace email with typewriters to duck US spying?

The country's pondering manual typewriters, however, unlike Russia's reported embrace of electric typewriters last year. Russia should be well aware that you can plug a keylogger into those e-typewriters, given that it pulled that stunt on IBM Selectrics back in the 70s!

CNET website and 1 million passwords compromised by Russian hacker group

CNET hacked

CNET, the popular tech news and reviews website, was compromised over the weekend by Russian hackers called "W0rm," CNET's parent company confirmed yesterday.

Arrests made after keyloggers found on public PCs at US hotels

Keyloggers found on public PCs at US hotel business centres

Proof of the lack of hygiene in publicly accessible PCs came up yet again when the US Secret Service last week warned that cybercrooks are installing keyloggers on the PCs in hotel business centers to steal personal and business information from travelers.

iPhones are a security threat to the state, China claims

iPhone's a security threat to the state, China claims

China has cited Apple iPhone's ability to track and time-stamp users' whereabouts as reason to declare the mobile phone hazardous to state security.

UK to rush through "emergency" phone and internet data retention law

UK to rush through "emergency" phone and internet data retention law

The UK is rushing through Parliament what it calls an emergency law that will ensure it retains access to people's phone and internet records, in spite of the European Court of Justice having said in April that data retention violates human rights. It's not a rehash of the Snooper's Charter, politicians claim, but there's not a lot of time to eyeball it to make sure that's true.

Google Drive security hole leaks users' files

Google Drive security hole leaks users' files

The flaw, which Google recently patched, was giving out original documents to unauthorized users via embedded links. It's yet another example of how storing documents "in the cloud" means "heaven knows with whom".

US arrests Russian MP's son for PoS hacking; Russia calls it kidnapping

US arrests Russian MP's son for PoS hacking; Russia calls it kidnapping

The Russian man's father conjectures that, for all he knows, this may be a ploy for the US to get bait to exchange for Snowden.

Australian police using tower dumps to slurp mass phone data

Australian police using tower dumps to slurp mass phone data

Australian federal and state police have joined the ranks of mega-data slurpers - namely, the US, where 1 in 4 law enforcement agencies have reportedly used a "tower dump" - ordering phone providers to hand over personal information about thousands of mobile phone users, regardless of whether or not those people are under investigation.

Holiday snaps and nuclear intel: The NSA's data capture exposed

NSA catches only 10% of data legally, but is it a fair trade off?

That leaves large-scale privacy invasion on 90% of 160,000 analysed messages swept up illegally by the NSA. But credit where credit is due: the legal 10% of intercepts have significant intelligence value, including data about a secret overseas nuclear project and double-dealing by an ostensible ally.