WebProNews

Tag: Data Breaches

  • Dating Site Hack Exposes Users’ Sexual Preferences, Account Data

    Data breaches that reveal email address, usernames, passwords, and other account information are common and pretty serious in their own right – but when a hack reveals even more sensitive personal information it’s downright scary.

    According to a report from Channel4, a data breach has exposed nearly four million users of Adult FreindFinder, a dating website. you’ve probably seen its ads all over the internet.

    And alongside the usual account information, hackers reportedly leaked info like users’ sexual orientation and “which ones might be seeking extramarital affairs.”

    Yikes.

    “The stolen data reveals the sexual preferences of users, whether they’re gay or straight, and even indicates which ones might be seeking extramarital affairs. In addition, the hackers have revealed email addresses, usernames, dates of birth, postal codes and unique internet addresses of users’ computers,” reports Channel4.

    “Online crime experts believe the after the initial spam email campaign, hackers will now begin trawling through the data for potential blackmail targets. The spreadsheets contain addresses linked to dozens of government and armed services personnel, including members of the British Army.”

    Adult FriendFinder’s parent company confirmed the data breach in a statement to the BBC, but didn’t provide a lot of details:

    FriendFinder Networks Inc. has only just been made aware of this potential issue and understands and fully appreciates the seriousness of the issue,” the firm said in an emailed statement.

    We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert, Mandiant.

    Until the investigation is completed, it will be difficult to determine with certainty the full scope of the incident, but we will continue to work vigilantly to address this potential issue and will provide updates as we learn more from our investigation.

    We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected.

    There are reports that the hacker attempted to blackmail the site before publishing the data on the dark web. Apparently, Adult FriendFinder wasn’t too keen on that.

  • Neiman Marcus Data Breach Exposed 1.1M Cards

    Neiman Marcus Data Breach Exposed 1.1M Cards

    Earlier this month, high-end retailer Neiman Marcus confirmed that they had been the target of a widespread data breach that saw hackers gain access to customer credit cards via a sophisticated malware attack. At that time, the company launched an investigation into the breach.

    Now, Neiman Marcus is sharing some of the preliminary findings and have admitted that the breach may have affected 1.1 million customers.

    “Neiman Marcus was informed by our merchant processor in mid-December of potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores. We informed federal law enforcement agencies and began working actively with the U.S. Secret Service, the payment brands, our merchant processor, a leading investigations, intelligence and risk management firm, and a leading payment brand-approved forensics firm to investigate the situation. On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers’ cards were possibly compromised as a result. At this time, the malicious software we have found has been disabled,” said Neiman last week.

    In a new statement posted on their site, Neiman says they “deeply regret and are very sorry that some of our customers’ payment cards were used fraudulently after making purchases at our stores.”

    Out of the 1.1 million payment cards exposed, only a handful have been confirmed to have been used to make fraudulent purchases. Visa, MasterCard, and Discover have notified the company of 2,400 such instances.

    The malware responsible for snatching the information was reportedly active for many months, spanning from mid-July to the end of October, 2013.

    As you probably know, Neiman Marcus isn’t the only high-profile retailer to suffer a massive data breach. Target is dealing with its own attack, which exposed approximately 70 million accounts (they originally said 40 million, but later upped the count).

    Some blame the rash of high-profile payment system breaches to the United States’ outdated card technology. While the U.S. still uses magnetic strips on their credit and debit cards, many other countries (and the majority of Europe) have moved on to EMV technology, which uses a small computer chip to handle transactions.

    Still, analysts say that a switch to such technology would be costly – plus they’re unsure if EMV tech would have actually prevented the Target and Neiman hacks, or simply lessened their scope.

    The recent slew of data breaches has garnered the attention of Congress, who is set to hold hearings during the first week of February to “examine data breaches and their effect on consumers.” Target is their guest of honor.

    Image via Wikimedia Commons

  • A Fifth of Germany Vulnerable in Massive Email Hack

    In gee-that’s-terrifying news, as much as one fifth of the German population is at risk after a massive email hack that targeted .de addresses.

    Germany’s Federal Office for Information Security announced that passwords and “other details” of 16 million email users had been breached by hackers. With a population of around 80 million, that means that 20% of Germany’s population could be affected by the hack – and that would be assuming everyone in the country had a .de email address. The percentage of German email users affected is likely even greater.

    From The BBC:

    The Federal Office for Security said criminals had infected computers with software which allowed them to gather email addresses and account passwords…The agency learnt that the online criminals had managed to infect millions of computers with a program that would enroll them on to a network from where data could be stolen.

    There’s no word of any lead on the hackers responsible for the breach, but the office has set up a dedicated site for people to go to find out if their email address may have been compromised.

    Back here in the states, the data breach dominating the news cycle is that of major retailer Target. The company recently announced that upwards of 70 million accounts were compromised in a data breach that occurred around Black Friday. Representatives from the company are set to testify before Congress in an attempt to get to the bottom of a slew of recent high-profile data breaches. They’ll likely find that things are only going to get worse. It’s a new world, folks.

    Image via Thinkstock

  • Target Now Says 70 Million Customers Had Personal Info Stolen, Announces Store Closings

    Target Now Says 70 Million Customers Had Personal Info Stolen, Announces Store Closings

    It turns out that the much-publicized data breach that Target announced last month is way bigger than previously revealed. Target announced in December that 40 million credit and debit card accounts had been impacted between November 27th and December 15th. Hackers reportedly gained access to card numbers, expiration dates and security codes.

    On Friday, Target announced that up to 70 million individuals had other information stolen. This includes names, mailing addresses, phone numbers and email addresses.

    This was found in the company’s continuing forensic investigation of the data breach. It should be noted that this is separate from the previously announced payment card data.

    “This theft is not a new breach, but was uncovered as part of the ongoing investigation,” the company said in a statement. “Much of this data is partial in nature, but in cases where Target has an email address, the Company will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication.”

    The company is also offering said tips on its site.

    “I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Target president and CEO Gregg Steinhafel. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”

    The company says cusotmers will assume zero liability on any fraudulent charges, and Target is offering a year of free credit monitoring and identity theft protection to all guests who shopped in its U.S. stores. More on this here.

    Target also took the opportunity to reduce its outlook for the fourth quarter thanks to “meaningfully weaker-than-expected sales” since the initial data breach announcement.

    “In light of the recent data breach, our top priority is taking care of our guests and helping them feel confident in shopping at Target,” said CFO John Mulligan. “At the same time, we remain keenly focused on driving profitable top-line growth and investing our resources to deliver superior financial results over time. While we are disappointed in our 2013 performance, we continue to manage our business with great discipline and leverage our expense optimization efforts to reinvest in multichannel initiatives that generate long-term value for our shareholders.”

    With that, Target announced the closing of eight U.S. stores on May 3rd. These are located in West Dundee, Ill.; Las Vegas, Nev.; North Las Vegas, Nev.; Duluth, GA; Memphis, Tenn.; Orange Park, Fla.; Middletown, Ohio; and Trotwood, Ohio.

    Image via Target Facebook Page