breach

(get it in RSS or Atom)

eBay becomes the latest online giant to own up to a password breach

Scammers adopt new eBay logo in short order

eBay has admitted to a database breach - go change your password, now!

Bitly breached, gives (shortened) details to customers on blog

bitly-250

Popular URL shortener Bitly is the latest cloud service to say, "Er, looks like crooks have been wandering around in our network."

Paul Ducklin tries to make sense of Bitly's breach notification blog...

Cyber extortionists swipe cosmetic surgery records, try to blackmail Harley Medical Group

Cosmetic surgery. Image courtesy of Shutterstock.

Cyber crooks may have broken into Harley Medical Group, a cosmetic surgery firm with 21 clinics in the UK, to filch the intimate details of about 480,000 potential patients and then try to extort money from the company.

SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

sscc-139-thumb-250

Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?

Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

Employees' bank details stolen from UK supermarket Morrisons

Empoyees' bank details stolen from UK's 4th largest grocer Morrisons

Morrisons is scrambling to tell employees that the staff payroll system has been raided, with the thieves taking names, addresses and bank details of staff.

Hackers steal 12 million customer records from South Korean phone giant

Hackers steal 12 million customer records from South Korean phone giant

In a caper that lasted a year, one or more hackers stole the details for KT Corp customers, then passed them to an accomplice who allegedly sold cell phones posing as a company representative. It's the second mega-breach to rip holes into South Koreans' personal data since January.

Smucker's online store gets stuck in thieves' web

Smucker's online store gets stuck in thieves' web

The US jam and jelly maker is just the latest fly to get stuck in the same web that ensnared dozens of companies last year, including some of the world's largest data brokers and at least one credit card processor.

Kickstarter breached - change your passwords

Kickstarter Breach

Hackers gained unauthorised access to crowdfunding site kickstarter.com earlier this week. Compromised details include usernames, email addresses, mailing addresses, phone numbers and password hashes. Kickstarter users should change their passwords immediately.

Syrian Electronic Army hacks Forbes, spills 1M user records - here's what you need to know

forbes-500

The SEA made off with more than a million records from the Forbes user database - perhaps including yours! - and published them online.

We already "cracked" a quarter of the Forbes staffer's accounts...Paul Ducklin looks at how well everyone else's password might hold up.

Patching XP, Flappy Bird malware, Tesco passwords leaked - 60 Sec Security [VIDEO]

2014-02-15-really-250

Did you really think XP would go patch-free? Is Flappy Bird really dead? Did you really use the same password on more than one site?

60 Sec Security - 15 Feb 2014

Did the crooks who broke into Target tailgate the cleaners?

target-250

Intrepid chronicler of the Target breach, Brian Krebs, has uncovered yet another cog in the criminal gearbox behind Target's data disaster.

Guess what? 2FA and network segregation would have made things a lot harder for the crooks...

SSCC 130 - Botnets, banking, breaches, patching and the Mavericks controversy [PODCAST]

sscc-130-thumb-250

What's the best way to deal with botnets? Should you use your bank's mobile app? Why all these data breaches? What about Patch Tuesday? Do you really *have* to update your Mac to Mavericks?

Listen as Chet and Duck dissect and explore the week's security stories...

Target admits "there was malware on our point-of-sale registers"

target-ryg-250

The Target data breach story has turned into a bit of a bus: it's big, has lots of momentum, and three just came along at once.

First: 40M payment card details stolen. Second: 70M names, addresses and the like stolen. Third: looks like there was a specialised botnet involved.

SSCC 129 - Hypervisors, apologies, backdoors and Twitter hacks [PODCAST]

sscc-129-thumb-250

Chet and Duck look at the security stories that made the headlines over New Year 2013/2014 - from the OpenSSL "hypervisor hack" that wasn't, to the Skype Twitter breach that shouldn't have happened - and explain how we can learn from these mistakes to have a safer and more secure 2014.

"Followup phish" targets possible victims of last month's JP Morgan Chase card breach

chp-250

Here's a brief reminder of how cybercriminals use real security disasters to cause follow-up disasters of their own.

This time, it's a "followup phish" aimed at JP Morgan Chase customers...

OpenSSL website defacement - it wasn't a HYPERVISOR HACK after all

ossl-250

OpenSSL, the widely-used open source cryptographic library, had its website defaced.

Early stories may have told you that it was a "hypervisor hack," which sounds like serious trouble, but it wasn't...

CarderPlanet bust, Target credit card breach, online safety for kids - 60 Sec Security [VIDEO]

2013-12-21-eavesdroppers-250

What prison sentence for the man who pioneered online carding? How many credit cards did Target lose? Does your encryption software "speak" to passers-by? How to keep your kids safe online over the holidays?

Find out in 60 seconds!

Target confirms: Crooks may have spent holiday shopping season feasting on 40m filched payment cards

Target logo

The US retail giant Target confirmed that cyber crooks may have gotten their hands on about 40 million credit and debit card accounts starting the day before Thanksgiving - 27 November - on into the heart of Christmas shopping mania, through until Sunday, 15 December.

Hackers trot off with RacingPost.com customer records

Hackers trot off with RacingPost.com customer records

Aaaaaaaaand they're OFF! Encrypted (unsalted? unhashed?!) passwords are out of the gate, heading into the first turn toward potential decryption by cybercrooks. Anybody care to place bets on how many of those passwords are reused on other sites?