You have to love how easy it is to find information out in the wilds of the internet. In the last couple of weeks a number of cloud-databases have been found to be leaking data to the interment due to an almost total lack of security. The latest one seems to be a group of 191… Million voters in the US. Yup, if you have voted in any election since 2000 your personal information is out there on the open internet. The information that is out contains names, addresses, party affiliation and voter ID numbers… it is not as bad as it could be, but it is still bad.
Hey remember the group that launched the DDoS attack on Steam? Well they are back and have decided to make a little bit bigger of a statement than just throwing packets at a group of servers. This time they appear to have managed to grab a large number of user information from companies like Blizzard, Ubisoft and many others. They have taken this information and (unsurprisingly) dumped it to paste bin. If you do not know who we are talking about it is the DerpTrolling “hacker” group and they have been on a mission to shame just about every game publishing/distribution company on the planet.
Since the beginning of 2014 the IT world has been rocked by more than a few major breaches. The number of credit cards and user information now up for sale is staggering. So how have these attacks managed to get in and make off with so much data so quickly? Of course there are the usual suspects in these cases, weak passwords and users downloading malware on their systems that allow a potential attacker into their system.
Global auction service eBay was hacked. The company began sending alerts to its users to change their passwords. The attack compromised the personal data of eBay users - names, (encrypted) passwords, email addresses, and phone numbers. However, the company assures that the financial information of users are safe, and there is no indication that the PayPal was hacked too.
One of the largest US retail chains, Target, founded in 1902 admitted that unknown attackers stolen encrypted PINs from their system. Alienated data contained the names of customers, credit and debit card and CCV numbers that are used to activate the card on Target's webpage.
The threat of a data breach is one that every company faces and it is also an eventuality that they all know can happen at any time. The number of daily attempt to penetrate corporate security is staggering as is the number of successful attack where at least some data is taken. It is for this reason that we still a confused when companies want to move to a cloud based or subscription style software agreement. Once all of that billing information is stored in a single spot (even multiple data centers) it becomes a very big target. Adobe has found that out the hard way as they are now reporting a breach that lost the information for approximately 2.9 Million users and source code for Cold Fusion and Acrobat.
Pirate Pay founder Gottfird Svartholm has managed to successfully appeal the two year sentence imposed after he was found guilty of hacking Logica, a Swedish IT company (as well as aggravated fraud and attempted aggravated fraud). Although throughout the trial Svartholm maintained his innocence the court (Nacka District) still felt he was responsible for at least hacking the IT company. Svartholm was also found guilty of hacking a local bank (Nordea). The court sentenced him to two years in prison.
On the pages of the popular MOBA title League of Legends warning appeared which states that the date of the players from the North American servers are in danger. According to the statement, unknown perpetrators have come up with user names, e-mail address, masked passwords and some full names.
Data security (and privacy) has been in the news a lot lately as if it is a new and troubling issue. In fact this has been a major topic of discussion going back to the mid-1980s when the first consumer available modems hit the market. This started the practice of war dialing where phone phreaks would dial random numbers to see if any would answer to their computers. One of the more famous phone phreaks is none other than Steve Wozniak, Co-Founder of Apple Computers. These are the guys that pioneered the hacking scene (and in some cases the piracy scene as well). Back then security was primitive and usually consisted nothing more than a login and a password. Fast forward more than 30 years and the security of some places is little better than what it was back in the war dialing days.
Today (Sunday July 21 2013) Apple officially admitted that someone had hacked their developer site. The notification came out as a warning that some information including names, addresses and email information might have been accessed. What we find interesting is that this announcement comes on the heels of a multi-day outage to the same site. It looks like Apple might have known about the breach earlier and not told anyone until they confirmed that user data was compromised (in which case they might have been compelled to). This is not exactly what you want to hear from a company that prides themselves on the security and safety of their operating system AND their ecosystem.