David Campbell of SendGrid provides an update on a breach I had missed. It’s a very well-written disclosure and update if anyone is looking for a good model. Here’s how it begins: On April 8, the SendGrid account of a Bitcoin-related customer was compromised and used to send phishing emails. We initially believed that this…
Category: Hack
Russian Hackers Read Obama’s Unclassified Emails, Officials Say
Michael S. Schmidt and David E. Sanger report: Some of President Obama’s email correspondence was swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation. Read more on…
Out of prison and off the Internet
Remember Higinio Ochoa (“w0rmer” or @Anonwormer) of Cabin Cr3w? This site had reported on some of their hacking activities back in the day. “Back in the day” meaning before Ochoa was arrested and went to prison. Alex Goldman has a story on Digg about Ochoa’s life as an offline programmer following his release from prison. You young…
Oh, those old files left lying around on your server, Saturday edition
It turned out to be no huge deal (thankfully), but after an announcement on Twitter by @Compl3x1ty of a login dump involving a medical group’s site, DataBreaches.net attempted to contact the Lutheran Health Network to alert them that data from the St. Joseph Medical Group had been accessed and dumped. The data dump indicated that an SQL injection had…
Congress to banks: Admit you’ve been hacked!
Jose Pagliery reports: Banks have lost so much consumer information to hackers this year that two members of Congress are asking them to come clean with the extent of the damage. Tuesday morning, 16 financial institutions will receive letters from Sen. Elizabeth Warren and Rep. Elijah E. Cummings asking them to admit that they have…
Sony files Motion to Dismiss class-action; argues no ID theft = no standing
Josh Dickey reports: No one has been the victim of identity theft in the five months since the cyber attack on Sony Pictures Entertainment exposed reams of sensitive data, so a class-action lawsuit should be dismissed, the studio argues in court documents acquired Friday by Mashable. Read more on Mashable.