Target on Friday confirmed that hackers managed to steal encrypted data including encrypted PINs, as reported by Reuters earlier this week, but added that the PIN numbers are still safe and hackers shouldn’t be able to use the information to compromise debit cards. According to the retailer, the PIN information is encrypted at the keypad and it remains encrypted within the system until it is decrypted only by the external payment processing company. The PINs were encrypted with Triple DES, “a highly secure encryption standard used broadly throughout the U.S.” More →
The hackers who managed to steal data for up to 40 million credit cards used in Target stores on Black Friday and in following weeks have reportedly accessed the associated encrypted personal identification numbers (PINs) as well, which could be cracked and used to make fraudulent withdrawals. Reuters revealed the news in a recent report, which cited “a senior payments executive familiar with the situation.” However, Target says that unencrypted PINs were not accessed during the “sophisticated” digital heist and that there was no evidence that PINs were compromised, even if encrypted data that may have or may have not contained encrypted PINs was stolen. More →
Nearly every action you take while online is monitored by advertisers, from the products you buy to the links that you click. Ads are tailor-made for each and every user, like a more accurate Pandora, but without the music. Despite all of this, people are still more concerned about hackers accessing their private information than they are about advertisers paying for it. More →
UPDATE: Target on Thursday confirmed that 40 million credit and debit cards were breached between November 27 and December 15, ZDNet reports, with hackers stealing personal data including customer name, credit/debit card number, expiration date and the three-digit security code.
Millions of Black Friday Target shoppers may be at risk, multiple reports reveal, as hackers may have targeted the giant retail chain’ stores during one of the busiest shopping days of the year, potentially walking away with important credit card and debit card data. Krebs on Security says that the data breach extends to “nearly all Target locations nationwide,” and occurred from Thanksgiving 2013 to December 6, although it could have been extended up to December 15. More →
Dozens of reports of cyber-attacks on U.S. companies originating in China have emerged over the past few years. But as these attacks were taking place, hackers in the U.S. were allegedly targeting at least two websites belonging to China’s military. China officials claim U.S. hackers targeted the Defense Ministry’s website and a site belonging to its newspaper, the People’s Liberation Army Daily, an average of 144,000 times per month in 2012, The Associated Press reported. Defense Ministry spokesman Geng Yansheng issued the accusation, and said that the Chinese military has never supported any hacking activity targeting the U.S. “Like other countries, China faces a serious threat from hacking and is one of the primary victims of hacking in the world,” Geng told reporters. “Numbers of attacks have been on the rise in recent years.”
Twitter users are reporting everywhere that their accounts have been compromised, reports TechCrunch. The tech blog says many users have received emails telling them to change their passwords because their accounts might have been hacked. Although the source of the widespread account hacks is unknown, NPR reports that “several China-based foreign journalists and analysts are reporting an attempted hacking of their Twitter accounts, as China’s Communist Party begins a sensitive meeting that will set in motion a once-a-decade leadership transition.” While it might be a stretch to make a connection to China’s political transition, Twitter hasn’t provided any formal statement as to what caused the widespread Twitter breaches. As a safety precaution, it may be wise to change your Twitter account password. More →
Two more months and Sony (SNE) would have made it through the entire year without any drama involving hackers trying to crack its console security or bring down its PlayStation Network. According to Eurogamer, the PlayStation 3’s security has been breached by a hacker group called “The Three Tuskateers.” The hackers reportedly discovered the console’s “LV0″ firmware decryption keys and were forced to leak it out for free after another Chinese hacking crew called the “BlueDiskCFW” planned to profit off their work. In layman’s terms, the LV0 keys allow hackers to easily decrypt any PS3 firmware, meaning any patches Sony adds could easily be circumvented.
Anonymous isn’t all about Guy Fawkes masks and news casts with creepy automated voices; sometimes it’s about helping others. As Network World’s Paul McNamara reports, some Anonymous hackers have gone to bat for the Red Sky Film & Television charity that’s aimed at eradicating hunger among New Zealand’s children. Apparently, a lone wolf hacker who was trying to impress Anonymous hacked into the Red Sky site and severely vandalized it, thus sparking a campaign on Facebook to find the perpetrator. More →
A user at password-hacking forum Inside Pro earlier this month published a half-gigabyte file that contained as many as 11 million passwords collected from users at the popular German gaming site Gamigo, Forbes reports. Even though the file containing the passwords has been removed from the forum, Forbes says the damage may have already been done since the file was available for weeks before being taken down. More →
An Internet hacker belonging to a group called TeamGhostShell broke into recruiting website ITWallStreet.com, Computer World reported. The information compromised, which includes full names, mailing addresses, email addresses, usernames, hashed passwords and phone numbers, was posted online on Thursday, and thousands of hashed passwords have reportedly already been decrypted. The leaked data also includes details such as salary and bonus expectations of the potential employees and even feedback on specific candidates. Another file contained email conversations and thousands of phone call records between recruiters and potential candidates. The hacker behind the breach, known only as Masakaki, suggested the attack was meant as a sign of support for the Occupy Wall Street movement. Andiamo Partners, the New York-based recruiting firm that operates the website, did not confirm or deny the breach. More →
The U.S. Government and various global authorities label “Anonymous” as cyberterrorist and criminals, but others refer to the group as freedom fighters and protectors of free speech. The notorious hackers’ most recent operation, however, may change some people’s opinions of them. Anonymous has declared war on the deepest and most twisted parts of the Internet — chat sites used by paedophiles to trade images. More →
Notorious hacker-activist group Anonymous is back with another operation that aims to strike fear into the hearts of lawmakers in the European Union. While the operation does not involve any cyberattacks, Anonymous is attempting to rally supporters for a massive protest on July 28th. The group is protesting the EU-backed research project INDECT, which looks to develop technology that can automatically detect criminal threats by analyzing conspicuous behavior online and in real life through various surveillance measures. Opponents of the project contend that it is an invasion of privacy that collects data illegally. “We have been accepting the claims of disclosure of our private data for too long in order to prevent acts of terrorism,” Anonymous said in a video posted on YouTube. “People started to accept being treated as potential terrorists or criminals, being more and more deprived of their basic rights, and allowing the surveillance society to gain increased control over them.” Anonymous’s video follows below. More →
More companies are risking escalating retaliation with the hacker community by directly going after hackers who break into their systems, Reuters reports.The publication describes the new techniques as “active defense” or “strike-back” policies that use deception to either distract the target hacker with misinformation or to get the hacker to inadvertently reveal more about themselves and their machines. For example, Reuters notes that some companies create “beacons” that contain false information and are then traced back to hackers’ machines once they’re extracted. More →