databreach

Latest

  • An Uber sticker is seen on a car at the start of a protest by ride share drivers on August 20, 2020 in Los Angeles, California. - Rideshare service rivals Uber and Lyft were given a temporary reprieve on August 20 from having to reclassify drivers as employees in their home state of California by August 21. (Photo by Robyn Beck / AFP) (Photo by ROBYN BECK/AFP via Getty Images)

    Former Uber security chief charged with covering up 2016 hack

    The hack exposed the email addresses and phone numbers of 57 million Uber drivers and customers.

    Igor Bonifacic
    08.20.2020
  • Encryption your data. Digital Lock. Hacker attack and data breach. Big data with encrypted computer code. Safe your data. Cyber internet security and privacy concept. Database storage 3d illustration

    Have I Been Pwned's code base will be open sourced

    It'll help ensure 'a more sustainable future' for the project after a failed acquisition process.

    Kris Holt
    08.07.2020
  • Smith Collection/Gado via Getty Images

    Federal prosecutors indict four Chinese military officers over Equifax hack

    The Justice Department has charged four Chinese People's Liberation Army (PLA) officers in relation to the 2017 Equifax hack in which the personal details of some 145 million US consumers and nearly a million UK and Canadian citizens were stolen. The data included names, addresses, birth dates, Social Security numbers and some drivers license details.

    Kris Holt
    02.10.2020
  • subman via Getty Images

    Alleged JPMorgan hacker set to plead guilty

    Andrei Tyurin, one of the key suspects in the huge JPMorgan Chase hack in 2014, is set to plead guilty, according to a court filing obtained by Bloomberg. The Russian reportedly struck a deal with federal prosecutors and will appear at a plea hearing next week in New York.

    Kris Holt
    09.16.2019
  • Mike Segar / Reuters

    MoviePass confirms breach that leaked credit card numbers

    On Tuesday TechCrunch reported that security researcher Mossab Hussein, with the firm SpiderSilk, found an exposed, unencrypted MoviePass database with millions of records. Some of those included numbers for its custom debit cards that are used when subscribers purchase tickets, while others listed customer's personal information including their credit card numbers, expiration dates and billing information. Another researcher had located the vulnerable information back in July and notified the company, but neither was able to get a response, while yet another found evidence the database had been public since May of this year. MoviePass took the database offline yesterday after the report, and today finally publicly responded with a statement from a spokesperson. MoviePass recently discovered a security vulnerability that may have exposed subscriber records. After discovering the vulnerability, we immediately secured our systems to prevent further exposure and to mitigate the potential impact of this incident. MoviePass takes this incident seriously and is dedicated to protecting our subscribers' information. We are working diligently to investigate the scope of this incident and its potential impact on our subscribers. Once we gain a full understanding of the incident, we will promptly notify any affected subscribers and the appropriate regulators or law enforcement. The company put its services "on hold" in July while saying it was working on its app, but couldn't close this security hole -- despite apparent attempts at notifications before restoring access "to a substantial number of our current subscribers."

    Richard Lawler
    08.21.2019
  • Comedy Central

    After Math: Plead the fifth

    With Dave Chappelle coming back to Netflix for the one, two, three, four, fif time later this month, we're taking a look at all of this week's headlines that will make you want to plead against self-incrimination.

  • designer491 via Getty Images

    Slack resets tens of thousands of passwords following 2015 data breach

    Tens of thousands of Slack users will have to change their passwords after the company learned new details about a 2015 data breach. If you created your account before March of that year, haven't changed your password since and don't log in via a single-sign-on provider (i.e. an organization's Slack network), you'll need to update your credentials.

    Kris Holt
    07.18.2019
  • Indian health agency exposes details on millions of pregnant women

    A health department in India exposed more than 12.5 million medical records for pregnant women after it failed to secure a database. The records span five years for a state in the north of the country, and include sensitive data such as family medical history, the mother's age, details of other children, doctor information and court case details.

    Kris Holt
    04.01.2019
  • Igor Golovniov/SOPA Images/LightRocket via Getty Images

    Iranian hackers stole terabytes of data from software giant Citrix

    Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company's internal network, swiping business documents in an apparent "password spraying" attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn't shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.

    Jon Fingas
    03.09.2019
  • Andrew Harrer/Bloomberg via Getty Images

    Judge rejects Yahoo's proposed settlement over data breaches

    Yahoo's proposed settlement over massive data breaches hasn't passed muster in the courtroom. Judge Lucy Koh has rejected the settlement from the company (now owned by Engadget parent Verizon) for not specifying how much victims could expect to recover. While the proposal included $50 million in damages and would pay $25 for every hour spent dealing with the breaches, Koh was concerned that it didn't reveal the scope of the settlement fund or the costs of the two years of promised credit monitoring. The judge was also worried the proposed class for the settlement was too large, as it didn't reflect the considerably smaller number of active users during the affected period.

    Jon Fingas
    01.29.2019
  • fizkes via Getty Images

    Collection 1 data breach covers more than 772 million email addresses

    If you're signed up for one of the many services that alerts you to data breaches when they're discovered (if you're not, you probably should be) then you likely have an email waiting for you. Troy Hunt runs Have I Been Pwned where he makes it his business to dig up these files as they're being passed around by hackers, and has alerted the world to "Collection #1," which claims to combine usernames and passwords from thousands of databases.

    Richard Lawler
    01.16.2019
  • Scott Olson via Getty Images

    Marriott breach included 5 million unencrypted passport numbers

    Marriott has good news and bad news for travelers who have passed through its hotels. The good news is the data breach disclosed back in November, which was originally believed to have exposed the data of more than 500 million people, affected fewer travelers than originally reported (though it didn't specify how many). The bad news is the data lifted from the company included millions of peoples' passport numbers.

    AJ Dellinger
    01.04.2019
  • Pinkypills via Getty Images

    Anonymous social network Blind left user data exposed

    Blind is a workplace social network that lets employees at various companies discuss sensitive topics anonymously. The company describes it as a safe place where workers can talk about salaries, workplace concerns and employee misconduct without being identified. But Blind recently left a database server unsecured, exposing some of its users' account information, including their corporate email addresses.

  • NASA NASA / Reuters

    NASA discloses October security breach

    In an internal memo obtained by Spaceref, NASA's chief human capital officer Bob Gibbs has revealed that the agency suffered a security breach a few months ago. Investigators discovered the breach on October 23rd, and they found that an intruder gained access to a server containing the personal information (including their Social Security numbers) of current and former employees. It's not entirely clear if the data itself was compromised, and the agency still doesn't know the full scope of breach, but Gibbs wrote that "NASA does not believe that any Agency missions were jeopardized by the cyber incidents."

    Mariella Moon
    12.19.2018
  • Andrew Harrer/Bloomberg via Getty Images

    House committee says Equifax data breach was 'entirely preventable'

    Congress clearly didn't buy Equifax's attempt to pin its massive data breach on one lone technician. The House Oversight and Government Reform Committee has released a staff report declaring that the breach was "entirely preventable" and the result of widespread, systemic flaws in Equifax's security policies. The company didn't have "clear lines of authority" in its IT structure that would have properly enacted policies, for one thing. It also had "complex and outdated" systems that didn't keep pace with its growth, wasn't prepared to help victims and made basic security missteps. Equifax let more than 300 security certificates expire, for example, making it difficult to spot intrusions.

    Jon Fingas
    12.10.2018
  • Another Google+ data bug exposes info for 52.5 million users

    Google's semi-defunct social media platform Google+ has suffered its second data breach in three months and, as a result, will be completely shuttered in April, four months earlier than previously planned.

  • SIPA USA/PA Images

    Quora breach leaks data on over 100 million users

    Today's big data breach has been announced by Q&A site Quora, affecting over 100 million registered users. What did the "unauthorized third party" get? According to CEO Adam D'Angelo: Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users Public content and actions, e.g. questions, answers, comments, upvotes Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages) Quora found the breach on November 30th and said it is still investigating. It has logged all users out, and forcing all accounts with a password to reset that password. It also said that the password data was salted and hashed to prevent attackers from using it, but to be cautious, users should also reset passwords on their other accounts if they shared the same one. There are emails going out notifying users of the breach, but right now all of the information available is organized in this FAQ.

    Richard Lawler
    12.03.2018
  • Marriott

    Marriott says Starwood data breach could affect 500 million guests

    Starwood Hotels has been hit by another data breach, the third such incident in as many years. Parent Marriott today revealed that the records of 500 million guests have been stolen from Starwood's guest reservation database. The hotel chain says it determined on November 19th that an "unauthorized party" had accessed the data as early as 2014.

    Saqib Shah
    11.30.2018
  • Evan Rodgers/AOL

    Hackers targeted Dell customer information in attempted attack

    Earlier this month, hackers attempted to breach Dell's network and obtain customer information, according to the company. While it says there's no conclusive evidence the hackers were successful in their November 9th attack, it's still possible they obtained some data.

    Kris Holt
    11.29.2018
  • Photothek via Getty Images

    Uber fined £385,000 in the UK for 2016 cyber-attack

    Uber has been fined £385,000 ($491,000) by the UK's privacy watchdog for "failing to protect" the personal info of around 2.7 million UK users during a cyber attack in 2016. The figure isn't far off from the maximum penalty of £500,000 ($638,000) handed down to Facebook by the Information Commissioner's Office (ICO) over its Cambridge Analytica-related failures.

    Saqib Shah
    11.27.2018