Seen up for sale on a forum (I’m redacting the ads and samples): Healthcare Database (48,000 Patients) from Farmington, Missouri, United States This product is a considerably large database in plaintext from a healthcare organization in Farmington, Missouri, United States. It was retrieved from a Microsoft Access database within their internal network using readily available plaintext…
Category: Other
Carbonite forces password reset after password reuse attack
Should a company force an entire user password reset proactively because some users’ credentials, obtained elsewhere, are being used to attempt to steal their data? Carbonite, a provider of online computer and server backup services, notified its more than 1.5 million individual and small business customers that they were forcing a password reset. The reset, announced…
WVSU email accounts ‘compromised’ earlier this year
Jake Jarvis reports: Two-dozen student email addresses at West Virginia State University were “compromised” earlier this year, but the students weren’t told that someone else might have gotten into their accounts. WVSU’s information technology department received a list in March of about 1,600 email addresses. The person who sent the list said they had been…
Note claiming to be from DAO cryptocurrency hacker says stolen $53 million is legally his
You may feel like you’re entering the Twilight Zone after reading this report from Russell Brandom: One day after $53 million abruptly disappeared from an experimental cryptocurrency project, a note claiming to be from the attacker has surfaced on PasteBin, claiming that the money drained from the system is now legally his. The attacker withdrew the money by exploiting a…
Bank of Montreal ATM “hacked” with default password
CORRECTION: This story was originally reported in 2014. Not sure why CJAD reported it as recent news, but thanks to Catalin Cimpanu for letting me know. Original post: So… in a story about another breach, which was also linked to using a default password, CJAD in Canada mentioned a breach that occurred last week: Two 14-year-old high school…
GitHub Security Update: Reused password attack
Posted June 16, and yet another reminder why you shouldn’t re-use passwords across sites. I know my readers don’t really need any such reminders, but do talk to your kids, parents, grandparents, friends…. What happened? On Tuesday evening PST, we became aware of unauthorized attempts to access a large number of GitHub.com accounts. This appears to…