Search the Community
Showing results for tags 'breach'.
Hackers have pilfered and published the personal details and sexual preferences of 3.9 million users of hookup website Adult FriendFinder. Lusty lonely hearts, including those who asked for their account to be deleted, have been left in an awkward position after hackers broke into systems before uploading the details to the dark web. Email addresses, usernames, postcodes, dates of birth and IP addresses of 3.9 million members have been exposed. The UK's Channel 4 News, which came across the leak during a wider investigation into the dark web, broke the story of the FriendFinder breach on Thursday. Independent infosec bod Bev Robb penned a blog post about the leak in mid-April but did not name the hacked site. FriendFinder Networks admitted the breach had occurred and told Channel 4 that it had launched a "comprehensive investigation with the help of a leading third-party forensics expert". However, a warning to members is not as yet listed on the (NSFW) site itself, noted independent security expert Graham Cluley. Adult FriendFinder boasts 63 million users worldwide. Rob Norris, Fujitsu director of enterprise and cyber-security in UK and Ireland, noted that the breach was the latest in a long line of similar spills. "Another day, another data breach – this time FriendFinder is in the spotlight," Norris said. "Although this hack is looking to be resolved quickly, it once again highlights that it is no longer about prevention, but instead about accepting a data breach will occur and moving to a proactive approach which allows better preparation for dealing with today’s threats." He added: "The amount of data and confidential information transacted every day, coupled with the growth in reliance on digital services, means that any organisation is at risk – making most an easy target in the eyes of a cyber-criminal." Brian Honan, an infosec consultant who founded and heads up Ireland's Computer Security Incident Response Team, said that the latest leak posed a higher risk of harm than most. "I've always thought adult dating sites would be a perfect target for criminals to breach and use details for extortion," he said in a Twitter update. Source
Modular Everything in the browser is a module, a web-app running in its own process. Construct your own browsing experience by selecting the right modules for you. Hackable Want vertical tabs? Write some JS & CSS! Customised autocomplete engine? JS! Every behavior is programmatic and exposed through APIs. Open source The entire technology stack is open source. Modify existing modules and you can create your own to extend the behavior of Breach. Getting Involved Homepage: Breach - A new modular Browser Mailing list: email@example.com IRC Channel: #breach on Freenode You can find a list of Modules available or under developement here: List of Modules Runing Breach on Linux See instructions here: Running Breach on Linux Link: https://github.com/breach/breach_core/ Source: TF
TalkTalk has admitted to a major breach of user information, which may have led to some customers handing over bank information to hackers. In an email to customers, the company said it first saw a big increase in malicious scammers claiming to be from TalkTalk at the end of last year. Following an investigation it said some of its customer information, such as names, addresses, phone and account numbers, could have been illegally accessed, with scammers quoting these details to customers. Consequently a small number may have revealed more in-depth information, such as bank details. In some of these cases we know they may be using the information they have illegally obtained, the telecoms and services provider said. In a statement it said: "At TalkTalk we take our customers' security very seriously and we take numerous measures to help keep our customers safe. Yet sadly in every sector, criminal organisations using phone and email scams are on the rise." "As part of our ongoing approach to security we continually test our systems and processes ... following further investigation into these reports, we have now become aware that some limited, non-sensitive information about some customers could have been illegally accessed in violation of our security procedures." "We are aware of a small, but nonetheless significant, number of customers who have been directly targeted by these criminals and we have been supporting them directly," it continued. "We want to reassure customers that no sensitive information, such as bank account details, has been illegally accessed, and TalkTalk Business customers are not affected," it added. The company said it is liaising with the Information Commissioner's Office and is writing to all its customers to offer advice about the criminal activity. An ICO spokesperson said: “We are aware of a possible data breach involving TalkTalk and are making enquiries into the circumstances.” Source
Breach Notification refers to the notification that businesses, government agencies and other entities are required by law in most states to do when certain personally identifiable information is obtained or believed to have been obtained by an unauthorized party. The breach can occur when a system is hacked or when a device containing sensitive information is lost, stolen or inadvertently sold. Personally identifiable information, also known as PII, is information that on its own or in conjunction with other information can be used to identify a person—the latter can include, for example, a name combined with a Social Security number, driver’s license number, bank account or credit card number. The first state breach notification law was passed in California in 2002 and went into effect the following year. Among the first breaches reported under the new law occurred in 2004 when a bank card processing company CardSystems Solutions was hacked. CardSystems Solutions processed purchasing transactions for its retailer customers by sending the card account data to the correct bank or issuer for authorization. Some 263,000 card numbers were verified stolen in the hack, but nearly 40 million card numbers were exposed to the hackers. The data involved card transactions that CardSystems had retained on its system long after the transactions were completed and that had been stored in an unencrypted format. The breach began in September 2004 but wasn’t discovered until May 2005. It was the first major breach disclosed under the new California law. Also among the first companies disclosing a breach under the new law was Choicepoint. The data broker sent letters to 145,000 people in February 2005 notifying them that it had mistakenly sold personal data about them to identity thieves. ChoicePoint was in the business of collection financial, medical and other information on billions of people in order to sell it to other marketers, other businesses and government agencies. The thieves had posed as legitimate businesses to open customer accounts with the massive data broker, then subsequently succeeded to purchase Social Security numbers, credit histories and other information that ChoicePoint had collected on them. Since the California law was passed, another forty-six states and the District of Columbia have passed similar legislation. Alabama, New Mexico and South Dakota do not have breach laws. This patchwork of laws has resulted in uneven and confusing requirements for businesses with customers in multiple states. The laws vary on a number of things, including when notification needs to occur, how notification should occur and exemptions from notification. Federal lawmakers have been trying for years to remedy this confusing patchwork of laws by passing a federal law that would take precedent over all of them. But the proposed bills have failed to take hold on Capitol Hill. President Obama and the White House began pushing another bill in January 2015 that would require breached entities to notify affected victims within 30 days of discovering the breach, though critics say this renewed push for a mandatory notification period will likely suffer the same problems previous bills had. Source