It’s going to take more than a bunch of posies to make up for this one. The Canadian branch of 1-800-FLOWERS revealed in a filing with the California attorney general’s office that malware on its website had siphoned off customers’ credit cards over a four-year period. Four years. Let that sink in. The company said […]
View More Credit card stealing malware on Canada’s 1-800-FLOWERS website went undetected for four yearsCategory: Hack
Marriott’s poor data breach response is putting victims at risk of phishing
Last Thursday, Marriott sent out millions of emails warning of a massive data breach — some 500 million guest reservations had been stolen from its Starwood database. One problem: the email sender’s domain didn’t look like it came from Marriott at all. Marriott sent its notification email from “email-marriott.com,” which is registered to a third […]
View More Marriott’s poor data breach response is putting victims at risk of phishingMarriott says 500 million Starwood guest records stolen in massive data breach
Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach. The hotel and resorts giant said in a statement filed with U.S. regulators that the “unauthorized access” to its guest database was detected on or before September 10 — but may have dated back as far […]
View More Marriott says 500 million Starwood guest records stolen in massive data breachAmazon admits it exposed customer email addresses, but refuses to give details
Amazon’s renowned secrecy encompasses its response to a new security issue, withholding info that could help victims protect themselves. Amazon emailed users Tuesday, warning them that a it exposed an unknown number of customer email addresses after a “technical error” on its website. When reached for comment, an Amazon spokesperson told TechCrunch that the issue […]
View More Amazon admits it exposed customer email addresses, but refuses to give detailsA leaky database of SMS text messages exposed password resets and two-factor codes
A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more. The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek […]
View More A leaky database of SMS text messages exposed password resets and two-factor codesFacebook bug let websites read ‘likes’ and interests from a user’s profile
Facebook has fixed a bug that let any website pull information from a user’s profile — including their ‘likes’ and interests — without that user’s knowledge. That’s the findings from Ron Masas, a security researcher at Imperva, who found that Facebook search results weren’t properly protected from cross-site request forgery (CSRF) attacks. In other words, […]
View More Facebook bug let websites read ‘likes’ and interests from a user’s profileTwitter, those ‘verified’ bitcoin-pushing pillocks are pissing everyone off
Elon Musk’s tweets piss me off for two reasons. When he’s not accusing actual heroes of sex crimes or trolling the federal government, it’s what comes after that drives me batshit. The top reply to most of his tweets is some asshat impersonating him to try to trick his followers into falling for a bitcoin […]
View More Twitter, those ‘verified’ bitcoin-pushing pillocks are pissing everyone offUtah man pleads guilty to causing 2013 gaming service outages
A Utah man has pleaded guilty to computer hacking charges, after admitting to knocking several gaming services offline five years ago. Austin Thompson, 23, launched several denial-of-service attacks against EA’s Origin, Sony PlayStation and Valve’s Steam gaming services during the December holiday season in 2013. At the time, those denial-of-service attacks made it near-impossible for […]
View More Utah man pleads guilty to causing 2013 gaming service outagesTwo hackers behind 2016 Uber data breach have been indicted for another hack
Two hackers who stole millions of users’ data from ride-hailing firm Uber have been indicted on separate hacking charges related to a data breach at online learning portal Lynda, two people familiar with the case have told TechCrunch. Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, were indicted earlier […]
View More Two hackers behind 2016 Uber data breach have been indicted for another hackIn its first cyberoperation against Russian trolls, U.S. takes a gentle approach
Russia has been blamed for shutting down power grids, hacking into critical systems, and more recently launching a massive misinformation campaign aimed at meddling with past and upcoming elections. Now, the U.S. is striking back ahead of the midterm elections in an unconventionally gentle way. U.S. Cyber Command, the military wing tasked with offensive cyberoperations, […]
View More In its first cyberoperation against Russian trolls, U.S. takes a gentle approachSaudi Arabia’s ‘Davos in the Desert’ website was hacked and defaced
The website of the Saudi government’s upcoming Future Investment Initiative conference was hacked and defaced with images of the murdered Saudi journalist Jamal Khashoggi. Several reporters tweeted screenshots of the site after its defacement, purporting to show Saudi crown prince Mohammed bin Salman — the kingdom’s de facto ruler — brandishing a sword. A portion of […]
View More Saudi Arabia’s ‘Davos in the Desert’ website was hacked and defacedHackers breach Healthcare.gov system, taking files on 75,000 people
A government system used by insurance agents and brokers to help customers sign up for healthcare plans was breached, allowing hackers to siphon off sensitive and personal data on 75,000 people. The Centers for Medicare and Medicaid Services confirmed the breach in a late Friday announcement, but revealed few details about the contents of the […]
View More Hackers breach Healthcare.gov system, taking files on 75,000 people