Visa drops Global Payments following theft of 1.5 million card numbers

By on April 2, 2012 at 6:35 PM.

Visa drops Global Payments following theft of 1.5 million card numbers

Following a massive security breach, Visa has dropped Global Payments from its registry of providers that meet data security standards, The Associated Press reported on Monday. Global Payments CEO Paul Garcia said that the company will continue to process Visa transactions, however being dropped from the registry “could give our partners some pause that they’re doing business with someone who experienced a breach.” Garcia fully expects his company to be reinstated once it has been issued a new report of compliance, although he declined to specify when that might happen. The CEO maintains that the situation is “absolutely contained” and is being fully investigated. Global Payments confirmed on Sunday that hackers stole credit card numbers belonging to as many as 1.5 million MasterCard and Visa customers, however cardholder names, addresses and Social Security numbers were not compromised. The company plans to set up a website to assist consumers who might have been affected by the breach. More →

No Comments

Hackers steal 1.5 million card numbers in huge MasterCard, Visa breach

By on April 2, 2012 at 8:30 AM.

Hackers steal 1.5 million card numbers in huge MasterCard, Visa breach

Hackers stole credit card numbers belonging to as many as 1.5 million MasterCard and Visa customers, Global Payments, Inc. confirmed on Sunday. The international credit card processor was blocked by Visa after it reported the possibility of a major security breach on Friday. The company did not indicate how the hackers gained access to its system or who might be responsible for the attack. “Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained,” the firm told The Wall Street Journal while noting that cardholder names, addresses and Social Security numbers were not compromised. The company did say that the credit card numbers were downloaded during the attack rather than just being accessed, however, indicating that the perpetrators may intend to use the information to create counterfeit credit cards. Affected Visa and MasterCard customers have not yet been notified that their account information was stolen.

No Comments

The U.S. government is losing the war against hackers

By on March 28, 2012 at 6:20 PM.

The U.S. government is losing the war against hackers

Executive assistant director of the FBI Shawn Henry, who after more than two decades is preparing to leave the bureau, said in an interview with The Wall Street Journal that computer criminals are too talented and current defensive measures are too weak to stop them. “We’re not winning,” he said, claiming that the current public and private approach to fighting off hackers is “unsustainable.” Congress is currently considering two competing bills that are designed to strengthen critical U.S. infrastructures such as power plants and nuclear reactors. Henry believes that companies must make major changes in the way they use computer networks to avoid further damage to national security and the economy, however. He said too many companies don’t recognize the financial and legal risks they are taking by operating vulnerable networks. “I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model,” Henry said. “Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security.” More →

No Comments

Hackers steal data from 24 million Zappos accounts

By on January 16, 2012 at 11:15 AM.

Hackers steal data from 24 million Zappos accounts

Zappos on Sunday confirmed that hackers breached the company’s servers and accessed personal data belonging to many of its customers. The Amazon-owned shoe retailer known for top-notch service and surprising customers with express shipping at no extra cost confirmed that personal data from 24 million accounts was accessed during a recent security breach. The hackers gained access to range of sensitive data including user names, encrypted passwords, customer names, email addresses, phone numbers and the last four digits of credit card numbers. The company stated that full credit card numbers were not compromised. As a security measure, Zappos reset the passwords of all affected customers and sent out emails alerting them to the situation. The company’s full email to customers follows below. More →

No Comments

Massachusetts Attorney General to demand answers from Apple after iTunes breach

By on September 21, 2011 at 7:10 PM.

Massachusetts Attorney General to demand answers from Apple after iTunes breach

Massachusetts Attorney General Martha Coakley recently said her iTunes account was compromised by identity thieves and that she will press Apple for answers. It is unclear how the thieves gained access to Coakley’s account, perhaps through an application, but the hackers stole credit card information and made fraudulent purchases, ThreatPost said. Coakley brought up the attack during a speech for the launch of the Massachusetts Advanced Cyber Security Center. She noted that Dell blocked her credit card when the hackers tried to purchase a computer, believing the purchase to be fraudulent. Apple, however, did not. Coakley said she would reach out to the iPhone maker and demand information. ThreatPost argued that Coakley might have been speaking so strongly in an effort to build support for Massachusetts’ state data privacy, data protection and data breach notification laws. Coakley believes companies such as Apple should be held liable when in violation of the aforementioned laws. The Massachusetts Attorney General’s office said any company that has had a breach which “creates a substantial risk of identity theft or fraud against a resident of the commonwealth,” should publicly disclose the attack. More →

40 Comments

Sony hires former U.S Department of Homeland Security official to boost defenses

By on September 6, 2011 at 9:20 PM.

Sony hires former U.S Department of Homeland Security official to boost defenses

Following a major security breach earlier this year, Sony made good on its promise to bolster its security by hiring a former official from the U.S. Department of Homeland Security to serve as its chief information security officer and senior vice president, Reuters reported on Tuesday. Philip Reitinger formerly served as the director of the U.S. National Security Center. “Certainly the network issue was a catalyst for the appointment,” a Sony spokesman told Reuters. “We are looking to bolster our network security even further.” Sony’s online PlayStation and Qriocity networks were attacked in May when a hacker group known as LulzSec gained access to personal data belonging to more than 100 million users. A string of subsequent hacks on Sony’s digital properties made headlines for the better part of two months, and Sony’s PlayStation Network was not fully restored until July. More →

8 Comments

SSL certificate breach extends beyond Google, over 200 certificates compromised

By on September 1, 2011 at 5:25 PM.

SSL certificate breach extends beyond Google, over 200 certificates compromised

A breach of Dutch SSL certificate authority DigiNotar is reportedly much bigger than initially thought, with more than 200 digital certificates having been stolen in July by hackers who breached the company’s network. Using the stolen certificates, hackers can potentially intercept and even alter data Internet users believe to be secure and encrypted. “About 200 certificates were generated by the attackers,” Dutch security expert Hans Van de Looy told Computerworld, citing anonymous sources. Van de Looy says certificates for mozilla.com, yahoo.com and torproject.org were among those obtained by the hackers. Mozilla’s Johnathan Nightingale, director of Firefox development, confirmed the breach on Thursday. “DigiNotar informed us that they issued fraudulent certs for addons.mozilla.org in July, and revoked them within a few days of issue,” Nightingale said in a statement. BGR reported on Wednesday that the Iranian government has allegedly been using one of the stolen certificates to spy on Gmail users, and at that time the full extent of the DigiNotar breach was unknown. The compromised certificates have all revoked by DigiNotar, but not all Web browsers check for revoked certificates so the impact of this breach will likely be ongoing for some time. More →

8 Comments

'Anonymous' and 'LulzSec' release 10GB of data from 50 police departments

By on August 8, 2011 at 8:59 PM.

'Anonymous' and 'LulzSec' release 10GB of data from 50 police departments

In response to the arrests of LulzSec member Topiary and Anonymous PayPal hackers, members of the AntiSec initiative have infiltrated 50 police departments across the United States and stolen 10GB of data. According to a release put out by the group, which includes members from Anonymous and LulzSec, the data includes “private police emails, training files, snitch info and personal info on retaliation for Anonymous arrests.” It also includes social security numbers, address information, passwords, credit card numbers, training files and more. “We hope that not only will dropping this info demonstrate the inherently corrupt nature of law enforcement using their own words, as well as result in possibly humiliation, firings, and possible charges against several officers, but that it will also disrupt and sabotage their ability to communicate and terrorize communities,” a recent press release said. The data was stored on a single server and the hackers said it took less than 24 hours to infiltrate and copy the information. In a release posted on PostBin, the AntiSec movement called on other hackers to join in and “make 2011 the year of leaks and revolutions.” The group also told the government to give up and said “you are losing the cyberwar, and the attacks against the governments, militaries, and corporations of the world will continue to escalate.” More →

41 Comments

Second hacker indicted over stolen AT&T iPad data

By on July 7, 2011 at 2:30 PM.

Second hacker indicted over stolen AT&T iPad data

An Arkansas man has been indicted for carrying out a cyberattack on AT&T servers that resulted in the theft of personal data from more than 100,000 iPad users. Andrew Auernheimer has been charged by a New Jersey grand jury with one count of conspiracy to gain unauthorized access to computers and one count of identity theft, Reuters reports. Auernheimer’s codefendant Daniel Spitler entered a guilty plea after being charged with the same crimes late last month. Court documents recount several conversations Auernheimer allegedly had surrounding the AT&T breach, and the evidence appears to be damning. “If we get 1 reporters address with this somehow we instantly have a story,” he wrote to Spitler on June 6, 2010, according to the indictment. “HI I STOLE YOUR EMAIL FROM AT&&T WANT TO KNOW HOW?” Auernheimer later continued, “The more email addresses we get … the more of a freakout we can cause.” Both Auernheimer and Spitler are said to be associated with “Goatse Security,” a hacker group reportedly focused on disrupting online content and services. More →

34 Comments

Apple to patch iPhone, iPad security hole

By on July 7, 2011 at 9:40 AM.

Apple to patch iPhone, iPad security hole

Apple has promised to patch a security hole found in the iPhone and iPad following a report published by Germany’s Federal Office for Information Security. Reportedly, a PDF security hole could allow hackers to gain unauthorized access to personal data — such as messages and passwords — stored on an iPhone or iPad and could “infect the mobile device with malware without the user’s knowledge.” Apple’s PR team was quick to respond to the allegations. “[Apple is] aware of this reported issue and developing a fix that will be available to customers in an upcoming software update,” Bethan Lloyd, an Apple spokesperson told AFP on Thursday. Apple has not yet confirmed when it will push out the security update. More →

15 Comments

Sony to finally complete full PSN service restoration this week

By on July 5, 2011 at 10:20 AM.

Sony to finally complete full PSN service restoration this week

Nearly two and a half months after its networks were breached by the hacker group LulzSec, Sony will finish restoring its PlayStation Network later this week when it reactivates the service in Japan. According to Bloomberg, Sony has been working with the FBI to identify the LulzSec hackers who were responsible for the attack on its San Diego data centers, during which the hackers obtained account information for more than 100 million PlayStation Network users. Reportedly, LulzSec rented and used servers from Amazon.com’s cloud service to facilitate the attack. Sony CEO Howard Stringer apologized after the attacks and offered a year of identity theft protection to those affected by the breach, as well as a free month of access to PSN. More →

7 Comments

Apple becomes latest ‘Anonymous’ hacker target

By on July 4, 2011 at 11:20 AM.

Apple becomes latest ‘Anonymous’ hacker target

Notorious hacker collective “Anonymous Operations” on Sunday published data it claims to have obtained by breaching a server belonging to Apple. The data, which consisted of 27 usernames and passwords, was allegedly taken during from surveys stored on an Apple server. Though the group said on one of its Twitter accounts that it is “busy elsewhere,” and therefore will seemingly not be targeting Apple again in the near future, it claims to have exploited a security flaw common to several companies when it gained access to Apple’s server. Anonymous said the breach was part of its AntiSec movement, short for anti-security, which is aimed at “exposing corporate and government data and humiliating security firms.” More →

36 Comments

‘Anonymous’ launches WikiLeaks for hackers: HackerLeaks

By on July 1, 2011 at 12:28 PM.

‘Anonymous’ launches WikiLeaks for hackers: HackerLeaks

The infamous group of “hacktivists” known as Anonymous Operations on Thursday launched a new tool to aid its digital crusade against targeted governments and corporations. Dubbed “HackerLeaks,” the new site is a tool hackers can use to distribute data anonymously, and it adopts the model popularized by WikiLeaks. Hacker groups like the now-defunct LulzSec used a variety of tools to disseminate the spoils of their cyberattacks, but Anonymous explains that their tool has a number of benefits. “Anonymous and the [People’s Liberation Front] have already established connections to the media outlets that can help better expose important data, and that they hope to also provide ‘unique and enlightening analysis,’” the group said in a statement. HackerLeaks it the latest addition to Anonymous’ movement known as “AntiSec,” which is aimed at “exposing corporate and government data and humiliating security firms.” More →

12 Comments