Laura Hautala reports: Yahoo users found out Wednesday that hackers used a technical trick with cookies to log into their accounts without passwords. “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account,” Yahoo users were told in an email. Yahoo revealed the…
Category: Business Sector
Data breach hits San Antonio Symphony employees
At first I thought this might be another W-2 phishing incident, but it reads more like a hack. Davi Hendricks reports: Computer hackers broke into the computer network for the San Antonio Symphony this week, stealing the names, birth dates, social security numbers and addresses for about 250 employees, the organization confirmed Tuesday. “This was…
Senators’ letter points out Yahoo!’s lack of cooperation with Congressional investigation of breaches
Amir Nasr reports: Two Republican senators on Friday pressed Yahoo Inc. Chief Executive Marissa Mayer about her company’s failure to answer questions about data breaches from 2013 and 2014. “Despite several inquiries by committee staff seeking information about the security of Yahoo! user accounts, company officials have thus far been unable to provide answers to many…
Missouri Man Indicted for Stealing Public School Employees’ IDs and Filing Fraudulent Tax Returns in Their Names (Updated)
A federal grand jury sitting in St. Louis, Missouri, indicted a St. Louis resident on mail fraud and aggravated identity theft charges relating to a scheme to steal public school employees’ IDs and use them to file federal tax returns. According to the indictment returned on Feb. 1 and unsealed yesterday, Kevin K. Williams stole…
Clusters f**ked: Insecure Hadoop file systems wiped by miscreants
Thomas Claburn reports: Administrators of Hadoop Distributed File System (HDFS) clusters have evidently not heeded warnings that surfaced last month about securing software with insecure default settings. Attacks on Hadoop clusters have wiped the data of at least 165 installations, according to GDI Foundation security researchers Victor Gevers, Niall Merrigan, and Matt Bromiley. The trio report that…
Fast Food Chain Arby’s Acknowledges Breach at Hundreds of Locations
Brian Krebs reports: Sources at nearly a half-dozen banks and credit unions independently reached out over the past 48 hours to inquire if I’d heard anything about a data breach at Arby’s fast-food restaurants. Asked about the rumors, Arby’s told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of…