Posts in the Hack Category at DataBreaches.net

Microsoft says hackers tried to breach European think tanks and non-profit organizations

Posted by Dissent at 10:31 am Hack, Non-U.S.

Feb 202019

Saheli Roy Choudhury reports:

Microsoft said hackers targeted European think tanks and non-profit organizations which often have contact with government officials.

The attacks were carried out late last year through phishing campaigns to steal employee credentials and deliver malware, the tech giant said in a blog post on Wednesday.

The company said it detected attacks targeting employees of the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund through malicious websites and spoofed email addresses that looked legitimate.

Hacker puts up for sale third round of hacked databases on the Dark Web

Posted by Dissent at 5:22 pm Business Sector, Hack

Feb 172019

Catalin Cimpanu reports:

A hacker going by the name of Gnosticplayers has put up for sale another set of hacked databases on a Dark Web marketplace.

This is the third round of hacked databases the hacker has published on the Dark Web marketplace known as Dream Market. He previously posted a batch of 16 databases containing the data of 620 million users and a second batch of eight databases with the data of 127 million users.

Today, the hacker published eight more hacked DBs containing data for 92.76 million users. The biggest name in today’s batch is GfyCat, the famous GIF hosting and sharing platform.

TN: Ex-Rhodes College student pleads guilty to hacking into system, changing his grades

Posted by Dissent at 7:47 am Education Sector, Hack, Insider, U.S.

Feb 172019

Linda A. Moore reports:

A former Rhodes College student pleaded guilty Tuesday to hacking into the college’s computer system to change his grades and keep his scholarship.

Michael Geddati, 20, was a freshman pre-med major when between December 2017 and May 2018, he accessed various systems without authorization to raise his grades.

Geddati’s actions were detected after a faculty member noticed that the grade in the computer system was higher than the one Geddati had earned.

The investigation showed that on dozens of occasions, Geddati logged in as an instructor. He frequently changed his grades and was able to download an exam ahead of when it was given.

Read more on Commercial Appeal, including a description of the terms of a plea deal and a statement from the college. And because Geddati’s job involves working with computers, he has been ordered to tell his employer about the case. The judge told Geddati, “They need to know what you’ve done and what you’re capable of doing.”

Update: Wendy’s settles financial firms’ lawsuit over data breach for $50 mln

Posted by Dissent at 9:05 am Business Sector, Hack, U.S.

Feb 162019

Dena Aubin reports:

Restaurant company Wendy’s has agreed to pay $50 million to resolve a 2016 lawsuit by financial institutions nationwide alleging that the company’s negligence allowed hackers to steal credit and debit card information in a 2015 data breach.

Disclosed in a filing on Wednesday in Pittsburgh federal court, the settlement will be paid to approximately 7,500 banks and credit unions that issued about 18 million credit or debit cards exposed in the data breach. The deal must still be approved by the court.

To read the full story, you’ll need an account on WestlawNext Practitioner Insights.

Major Crypto Brokerage Coinmama Reports 450,000 Users Affected by Data Breach

Posted by Dissent at 9:05 am Business Sector, Hack

Feb 162019

CoinTelegraph reports:

Israel-based crypto brokerage Coinmama — which allows users to purchase Bitcoin (BTC) and Ethereum (ETH) using a credit card — has suffered a major data breach affecting 450,000 of its users. The incident was disclosed in an official company announcement on Feb. 15.

The breach is reportedly part of a mammoth, multi-platform hack that affected 24 companies and a total of 747 million records — among them gaming, travel booking and streaming sites.

Coinmama says a list of around “450,000 email addresses and hashed passwords” of users who registered on its platform before Aug. 5, 2017 have been posted on a dark web registry:

Read more on CoinTelegraph.

The following statement was posted on CoinMama yesterday:

Today, February 15, 2019 Coinmama was informed of a list of emails and hashed passwords that were posted on a dark web registry. Our Security Team is investigating, and based on the information at hand, we believe the intrusion is limited to about 450,000 email addresses and hashed passwords of users who registered until August 5th, 2017. This comes as part of a larger breach affecting 24 companies and a total of 747 million user records.

As of February 15, 2019, there has been no evidence of this data being used by perpetrators. Given the dated nature of the published data, we have no reason to suspect that any other Coinmama systems are compromised. Coinmama does not store credit card information.

What we are doing

As soon as we became aware of the incident, we immediately established an Incident Response Team to identify the nature and scope of the intrusion. We also took immediate action consulting with leading cybersecurity firms, and are taking steps to protect our customers, including:

Notifying users that were affected by this breach with steps to safeguard their accounts and protect their data

Requiring users who are possibly affected to reset their password upon next login and urging all other users to verify that their passwords are unique and strong

Monitoring our systems for suspicious activity

Adding continuous enhancements to our systems to detect and prevent unauthorized access to user information

Monitoring for any external indication that the compromised data is being used, and keeping our customers notified

What this means for you

We take your privacy very seriously and are alerting you about this incident so you can take steps to help protect your information:

If you registered prior to August 5th, 2017, immediately change your password and change it on any other service using the same login details (email and password). We’ve sent you an email with further instructions on how to protect your account and data

We’re taking this opportunity to remind all users to use a unique password with at least 8 characters, using both upper-case and lower-case letters and a mixture of number and symbols

Be careful of any unexpected communication that asks for your personal data or directs you to a website asking for your personal data

Avoid clicking links or downloading attachments from suspicious emails

Contact us

For questions, comments or any information you might have that could help us mitigate and communicate this incident, send an email at [email protected]

We will keep this post updated with any new information that our investigation might uncover.

By: Coinmama

Older Entries