Oh my. DataBreachWallofShame.org posted some of CISO Darknet Group’s attempts to alert Adult Friend Finder back on March 12 that their data had been stolen and were up for sale. The alert was pretty clear, and they got a read receipt – but not actual acknowledgement. Note that their alert made it clear that FFN did not have to…
Uber hack claims probed… as black taxi drivers prepare to strike
Companies really look foolish – and untrustworthy – when they don’t know what’s going on or deny problems while customers keep reporting misuse of their accounts. As reported in today’s London Evening Standard: An investigation into claims that Uber customers have fallen victim to hackers on the dark web has widened as one user told how…
Beacon Health System notifies patients after phishing attack (update2)
The following press release was issued on May 22 by Beacon Health System. Note the attempt to characterize this as a “sophisticated” attack. That’s PR-speak for “our employees fell for it.” Of note, it appears that this attack went back to November 2013. Was there any audit between then and now that could have detected…
mSpy and Adult Friend Finder Breaches a Boon to Extortionists
Brian Krebs reports: The recent breaches involving the leak of personal data on millions of customers at online hookup site Adult Friend Finder and mobile spyware maker mSpy give extortionists and blackmailers plenty of ammunition with which to ply their trade. And there is some evidence that ne’er-do-wells are actively trading this data and planning to abuse it for…
ZA: MTN shuts down e-billing portal
Duncan McLeod reports: MTN South Africa has shut down its e-billing portal until security concerns have been addressed, the mobile operator said on Friday. “This has been implemented with immediate effect and customers will receive their bills via e-mail as an interim measure,” a spokesman said. The decision to shut down the e-billing website follows…
CareFirst breach demonstrates how assumptions hurt healthcare
Steve Ragan reports: Last week, CareFirst BlueCross BlueShield (CareFirst) reported a data breach that was initially discovered last year. When the incident was first noticed, the company assumed they had taken care of the problem – only to learn that wasn’t the case ten months later. The healthcare sector has taken center stage in the recent months…