In a caper that lasted a year, one or more hackers stole the details for KT Corp customers, then passed them to an accomplice who allegedly sold cell phones posing as a company representative. It's the second mega-breach to rip holes into South Koreans' personal data since January.
The US jam and jelly maker is just the latest fly to get stuck in the same web that ensnared dozens of companies last year, including some of the world's largest data brokers and at least one credit card processor.
Hackers gained unauthorised access to crowdfunding site kickstarter.com earlier this week. Compromised details include usernames, email addresses, mailing addresses, phone numbers and password hashes. Kickstarter users should change their passwords immediately.
The SEA made off with more than a million records from the Forbes user database - perhaps including yours! - and published them online.
We already "cracked" a quarter of the Forbes staffer's accounts...Paul Ducklin looks at how well everyone else's password might hold up.
Did you really think XP would go patch-free? Is Flappy Bird really dead? Did you really use the same password on more than one site?
60 Sec Security - 15 Feb 2014
Intrepid chronicler of the Target breach, Brian Krebs, has uncovered yet another cog in the criminal gearbox behind Target's data disaster.
Guess what? 2FA and network segregation would have made things a lot harder for the crooks...
What's the best way to deal with botnets? Should you use your bank's mobile app? Why all these data breaches? What about Patch Tuesday? Do you really *have* to update your Mac to Mavericks?
Listen as Chet and Duck dissect and explore the week's security stories...
The Target data breach story has turned into a bit of a bus: it's big, has lots of momentum, and three just came along at once.
First: 40M payment card details stolen. Second: 70M names, addresses and the like stolen. Third: looks like there was a specialised botnet involved.
Chet and Duck look at the security stories that made the headlines over New Year 2013/2014 - from the OpenSSL "hypervisor hack" that wasn't, to the Skype Twitter breach that shouldn't have happened - and explain how we can learn from these mistakes to have a safer and more secure 2014.
Here's a brief reminder of how cybercriminals use real security disasters to cause follow-up disasters of their own.
This time, it's a "followup phish" aimed at JP Morgan Chase customers...
OpenSSL, the widely-used open source cryptographic library, had its website defaced.
Early stories may have told you that it was a "hypervisor hack," which sounds like serious trouble, but it wasn't...
What prison sentence for the man who pioneered online carding? How many credit cards did Target lose? Does your encryption software "speak" to passers-by? How to keep your kids safe online over the holidays?
Find out in 60 seconds!
Target confirms: Crooks may have spent holiday shopping season feasting on 40m filched payment cards
The US retail giant Target confirmed that cyber crooks may have gotten their hands on about 40 million credit and debit card accounts starting the day before Thanksgiving - 27 November - on into the heart of Christmas shopping mania, through until Sunday, 15 December.
Aaaaaaaaand they're OFF! Encrypted (unsalted? unhashed?!) passwords are out of the gate, heading into the first turn toward potential decryption by cybercrooks. Anybody care to place bets on how many of those passwords are reused on other sites?
Guess how many times "123456" was used as a password by users. If you answered "close to 2 million times," you win! Now guess which online dating site service has decided to encrypt customer records using salting and hashing in future.
Following our popular article explaining what Adobe did wrong with its users' passwords, a number of readers asked us, "Why not publish an article showing the rest of us how to do it right?"
Here you are...
Blessed be Facebook for using this real-world example to 100% back up Naked Security when we proselytize about the evils of password reuse. And if you're worried that Facebook's mining of breached Adobe customer records and quarantining of users is Big Brother-ish, fear not: the company didn't have to store passwords in clear text or pull any other boneheaded security move to know just what its customers' reused passwords are.
Chet and Duck are here with their weekly roundup of news, opinion, advice and research.
Take a listen to our weekly 15-minute podcast on computer security - Chet Chat Episode 123.
Which pets make the best/worst passwords?
How many times did Google make the same coding blunder?
Find out this and more in our one-minute wrapup of the week's security lessons!