Liam Tung reports: Google has released the results of a year-long investigation into Gmail account hijacking, which finds that phishing is far riskier for users than data breaches, because of the additional information phishers collect. Hardly a week goes by without a new data breach being discovered, exposing victims to account hijacking if they used…
Category: Of Note
Eavesdropper: The Mobile Vulnerability Exposing Millions of Conversations
Michael Bentley writes: Appthority has discovered a significant data exposure vulnerability we’ve named Eavesdropper that affects almost 700 apps in enterprise environments. The vulnerability is caused by including hard coded credentials in mobile applications that are using the Twilio Rest API or SDK. By hard coding their credentials, the developers have effectively given global access…
Cracking the Code
Jason Leopold reports: One late morning in May 2016, the leaders of the Democratic National Committee huddled around a packed conference table and stared at Robert Johnston. The former Marine Corps captain gave his briefing with unemotional military precision, but what he said was so unnerving that a high-level DNC official curled up in a…
Exclusive: Government attempt to compromise us with NIT failed – TheDarkOverlord
In an exclusive interview with DataBreaches.net, TheDarkOverlord discusses government attempts to compromise them and the commercial success of their operations. While reporting on TheDarkOverlord hack involving the information of Flathead, Montana students, Matt Hoffman of the Billings Gazette included a somewhat surprising detail: At one point, unsuccessful raids were conducted in London attempting to locate hackers,…
“We’ve maintained access to Line 204’s network for a year” – TheDarkOverlord
First it was Larson Studios. Then an attempt to extort its clients, like Netflix. And now it’s Line 204. Lest there be any doubt, TheDarkOverlord wants you to know it is serious about attacking Hollywood “with prejudice.” And despite what Line 204’s owner claimed, the hack on Line 204 was not last week. It occurred…
Hilton pays $700,000 to settle late notification and PCI DSS noncompliance charges by NY and VT over data breaches
From the NYS Attorney General’s Office, yesterday: Attorney General Eric T. Schneiderman today announced a $700,000 settlement with Hilton Domestic Operating Company, Inc., formerly known as Hilton Worldwide, Inc. (“Hilton”), after data security incidents exposed over 350,000 credit card numbers in two separate breaches in 2015. Attorney General Schneiderman’s investigation, conducted in collaboration with the…