breach

Global Payments: Consumer data may also have been stolen

Credit card processor Global Payments said today that in the course of investigating the theft of 1.5 million credit card numbers, it has discovered that hackers may also have stolen consumer data from servers.

"Our ongoing investigation recently revealed potential unauthorized access to personal information collected from a subset of merchant applicants," the company said in a statement on its Web site.

"It is unclear whether the intruders looked at or took any personal information from the company's systems; however, the company will notify potentially-affected individuals in the coming days with helpful information and make … Read more

SpexSec takes aim at alleged terrorists, Zer0Pwn at Louisiana

Two hacking groups have taken aim at two very distinct targets in a data dump on Pastebin.

First up, the hacking organization known as SpexSec today posted the passports and visa information of more than 200 suspected terrorists. In a posting on Pastebin, the organization said that it hopes the data will help the U.S. "close down on some investigations."

"Like we promised, our primary suspects include the U.S Government for torturous and deceptive acts on our own soil, the Educational system for exuberantly being blown-over and belligerently not patching the holes in their system, … Read more

How long ago did the Last.fm security breach happen?

Last.fm's security breach that left user passwords open on a Russian hacker site last week might have shown its ugly face months ago, according to a new report.

Back in May, several Last.fm users took to the company's forums, saying that they had been receiving massive amounts of spam on e-mail addresses they created solely for Last.fm. Soon after, Last.fm customer support manager Matt Knapman said that his company was "investigating this matter urgently, running a security audit, and looking at alternative ways the spamming of Last.fm users might have occurred."… Read more

What the password leaks mean to you (FAQ)

Three companies have warned users in the last 24 hours that their customers' passwords appear to be floating around on the Internet, including on a Russian forum where hackers boasted about cracking them. I suspect more companies will follow suit.

Curious about what this all means to you? Read on.

What exactly happened? Earlier this week a file containing what looked like 6.5 million passwords and another with 1.5 million passwords was discovered on a Russian hacker forum on InsidePro.com, which offers password-cracking tools. Someone using the handle "dwdm" had posted the original list and … Read more

LinkedIn working with police on password leak

LinkedIn said today that it has contacted police about the compromise of its users' passwords that hackers were actively cracking earlier this week.

"Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published," Vicente Silveira, a director at the professional social-networking site, wrote in a blog post. "We are also actively working with law enforcement, which is investigating this matter."

The … Read more

Customer contact info leaked by HP in case against Oracle

It's been a haphazard week for the security of personal data with major leaks at LinkedIn and now Last.fm.

You can add some probably now-unhappy Oracle customers to that list thanks to some legal documents that have popped up in the hardware giant's legal battle against Hewlett-Packard going on right now.

As reported by Wired, Oracle received "hundreds of complaints" from customers after the Redwood Shores, Calif.-based company announced it would be discontinuing support for the Itanium processor, making a lot of HP databases rather useless. In a nutshell, that's what started this whole lawsuitRead more

Last.fm warns users of password leak

Last.fm today urged its users to change their passwords because of a compromise that may be related to a huge password leak involving LinkedIn and eHarmony.

"We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online," a Last.fm blog post said. "As a precautionary measure, we're asking all our users to change their passwords immediately."

The blog post did not say how many users were affected or how the passwords were leaked. A Last.fm executive did … Read more

The 404 1,068: Where it's a small world (podcast)

The time has come for every Internet denizen to take a stand against the worst atrocity (and probably the biggest problem) on the Web: vertical videos. Big thanks to the puppets in this PSA spreading the word about Vertical Video Syndrome.

You can blame Flip video cameras, the ubiquity of videos shot with an iPhone, or just the tech-ignorance masses, but it has to stop. With the help of Ariel, Richard, and Joseph on today's episode, we all hope to put an end to the vertical video travesty.… Read more

Anonymous attacks Justice Dept., nabbing 1.7GB of data

In a hack it dubbed "Monday Mail Mayhem," Anonymous claims to have collected and released 1.7GB of data from the U.S. Department of Justice yesterday.

"Within the booty you may find lots of shiny things such as internal emails, and the entire database dump," the hacker group wrote on the AnonNews Web site. "We Lulzed as they took the website down after being owned, clearly showing they were scared of what inevitably happened."

The group did not specifically say why it initiated the attack. Instead, it cryptically announced that, "We are … Read more

GlobalSign breach stemmed from unpatched server

GlobalSign was left red-faced last year after one of its Web servers was hacked. It turns out the incident was due to a piece of open-source software not being updated, a senior GlobalSign executive told sister site ZDNet UK.

The company ceased issuing certificates, and shut down its operations. GlobalSign said it keeps SSL-certificate issuing infrastructure "separate" from its Web site -- a common practice -- and reiterated that its operations was secure.

GlobalSign's own Web site, the site's certificate, and some other public-facing documents were compromised during the hack, but no other servers were breached.… Read more