Asha McLean reports: Yahoo has said that an unauthorised third party accessed the company’s proprietary code to learn how to forge certain cookies, which it said resulted in an intruder accessing approximately 32 million user accounts without a password. “The outside forensic experts have identified approximately 32 million user accounts for which they believe forged…
Category: Business Sector
It was a good day for dumpster divers…
Steve Barrett reports from Florida: An Orlando man searching for scrap metal Tuesday night reported finding thousands of financial documents ripe with people’s personal information tossed in a dumpster. For identity thieves, the documents would have been a gold mine of information. “(They contained) emails, phone numbers, date of birth, child’s date of birth, you…
Website of Korea retail giant Lotte hacked in China
Allen Cone reports: The Lotte Group said Wednesday its website in China was hacked, one day after South Korea’s retail giant signed a deal to sell land for a U.S. missile defense system in South Korea. The website, www.lotte.cn, was inaccessible since Tuesday afternoon because of a virus planted by hackers, a Lotte official said, citing an analysis of…
Spiral Toys sends something to the California Attorney General, but what is it?
This just gets stranger and stranger in terms of how Spiral Toys is responding to the CloudPets leak and hack reported by Troy Hunt. The following is a Spiral Toy notification, sent to the California Attorney General’s Office today, below. All typos are as in the original. Why they sent this thing to the California Attorney General’s…
Aptos malware breach affected 40 online retail stores
Aptos, Inc. provides e-commerce solutions for a number of online e-tailers. In November, 2016, Aptos discovered it had a malware breach from February, 2016 – December, 2016. At law enforcement’s request, they delayed notification to their clients, so we are first finding out about it now as the clients begin to disclose the breach to their customers. So far,…
Data from connected CloudPets teddy bears leaked due to misconfigured database; 820,000 kids’ files exposed
Troy Hunt reports that a misconfigured MongoDB installation resulted in audio files of children’s and parents’ conversations recorded by CloudPets being exposed in a Shodan search. And as we’ve seen many other times, the exposed files were deleted by an attacker, and a purported “ransom” note left in place of the database – a ransom note that was…