After LaCie announced earlier this week it was the victim of a massive credit card breach that lasted for a year, crafts store Michaels revealed in a press release that hackers may have stolen credit card data for 3 million of its customers, including buyers that shopped at its Aaron Brothers subsidiary. The company has hired two independent security firms to conduct an extensive investigation, which revealed that payment systems in Michaels and Aaron Brothers stores were attacked by “highly sophisticated malware” that had not been seen before by either firm. More →
Kickstarter on Saturday acknowledged a hack that occurred on Wednesday night, advising users to immediately change the passwords of their accounts. According to the company, “law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data.” Kickstarter says that “no credit card data of any kind” was accessed by hackers, and there’s “no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.” More →
The recent breach of Yahoo’s Yahoo Mail servers is the latest in a string of high-profile hacks that have taken center stage in the tech media lately. It seems that no service is safe from malicious hackers, who constantly come up with terrifying new ways to steal your data. Of course it’s not just wide-scale hacks we have to be afraid of — our various online accounts are always at risk. Google’s Gmail service is hugely popular so it’s often a target for hackers on the prowl. And considering how awful our passwords often are, hacking into Gmail isn’t always much of a challenge. As Tech2 noted on Friday, however, there’s a pretty easy way to find out if your account was hacked without waiting for your friends to email you asking why you’re suddenly peddling Viagra on behalf of a shady Vietnamese pharmacy. More →
The massive hack that hit Target in the weeks before Christmas 2013 wouldn’t have been possible without someone actually stealing the credentials of a vendor, Reuters revealed. “The ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials, which were used to access our system,” Target spokeswoman Molly Snyder said, without revealing what was taken. More →
The Target data breach may be just the tip of the iceberg in what seems to be a massive sophisticated attack on U.S. retailers that may have possibly originated in Russia, according to newly discovered evidence. The Wall Street Journal reports that federal and private investigators who are looking into the matter have discovered that parts of the malware used to hit Target has been available on the black market since last spring, and was written in Russian, leading them to believe the attack may have ties to organized crime in the former Soviet Union. More →
More unofficial details about the late 2013 Target hack that exposed up to 40 million credit and debit cards and personal data for up to 70 million customers have started to surface, Krebs on Security reports, revealing that a piece of malware that’s “nearly identical” to a 207kb malicious program sold on the black market with prices starting at $1,800 may have been responsible for the massive card data breach. More →
Target was not the only retail chain under attack during the 2013 Black Friday hack, with Neiman Marcus and other unnamed retailers confirmed to have been hit in a similar fashion. Target has recently confirmed that hackers managed to steal personal data belonging to 70 million people during the attack, after initially saying they stole credit and debit card data belonging to up to 40 million customers, including encrypted keys.
Hackers in Europe managed to target several cash machines from an unnamed bank earlier last year by infecting them with malware from USB drives, BBC News reports. The researchers who discovered the hack detailed their findings at the Chaos Computing Congress in Hamburg, Germany recently. According to their report, the ATM thefts were discovered in July after a bank noticed how its machines were emptied of cash even though the cash should have been protected inside safes. The bank then discovered how criminals were cutting holes into ATMs in order to transfer malware from the USB to the ATM. Once the data transfer was complete, the holes would be patched up to conceal the attack. More →
Andrew “bunnie” Huang and Sean “xobs” Cross have discovered a way to hack even the small microSD cards that go inside current smartphones and tablets to increase their storage, as well as other flash-based memory solutions, presenting their findings at the Chaos Computer Congress (30C3). In a detailed blog post on bunnie:studios, Huang explained how the hack works, and why many flash cards are susceptible to being hacked and used for malicious purposes by people who are aware of this particular potentially serious security vulnerability. More →
Target on Friday confirmed that hackers managed to steal encrypted data including encrypted PINs, as reported by Reuters earlier this week, but added that the PIN numbers are still safe and hackers shouldn’t be able to use the information to compromise debit cards. According to the retailer, the PIN information is encrypted at the keypad and it remains encrypted within the system until it is decrypted only by the external payment processing company. The PINs were encrypted with Triple DES, “a highly secure encryption standard used broadly throughout the U.S.” More →
The hackers who managed to steal data for up to 40 million credit cards used in Target stores on Black Friday and in following weeks have reportedly accessed the associated encrypted personal identification numbers (PINs) as well, which could be cracked and used to make fraudulent withdrawals. Reuters revealed the news in a recent report, which cited “a senior payments executive familiar with the situation.” However, Target says that unencrypted PINs were not accessed during the “sophisticated” digital heist and that there was no evidence that PINs were compromised, even if encrypted data that may have or may have not contained encrypted PINs was stolen. More →
Nearly every action you take while online is monitored by advertisers, from the products you buy to the links that you click. Ads are tailor-made for each and every user, like a more accurate Pandora, but without the music. Despite all of this, people are still more concerned about hackers accessing their private information than they are about advertisers paying for it. More →
UPDATE: Target on Thursday confirmed that 40 million credit and debit cards were breached between November 27 and December 15, ZDNet reports, with hackers stealing personal data including customer name, credit/debit card number, expiration date and the three-digit security code.
Millions of Black Friday Target shoppers may be at risk, multiple reports reveal, as hackers may have targeted the giant retail chain’ stores during one of the busiest shopping days of the year, potentially walking away with important credit card and debit card data. Krebs on Security says that the data breach extends to “nearly all Target locations nationwide,” and occurred from Thanksgiving 2013 to December 6, although it could have been extended up to December 15. More →