Mid-August seems to have been the perfect time for a fresh increase in hacking incidents that lead to sensitive data being lost or exposed. Maybe the security incidents have been powered by all the news on Anonymous and LuizSec of late, or maybe companies still don’t know what they’re facing. The truth is the simplest hacks seem to get straight to the sensitive information they store on their projects, their partners and mostly their clients.
The first such incident targeted Epson Korea, where a website hack managed to compromise the details of about 350,000 customers. The data accessed by hackers included names, user IDs, passwords and resident registration numbers. Read more
Hackers love big players in the gaming industry, it seems. After the prolonged downtime of Sony’s PlayStation Network due to subsequent hacks that exposed about 70 million players to fraud or identity theft, SEGA was the next target in the same industry segment. As a result, 1.2 million customers of the Japanese gaming company had their information stolen by the hackers, being exposed to the same risks as in the PSN breach.
SEGA stated that only Japanese players and the Japanese website were affected and that fortunately they do not store any sensitive information, such as credit card details. Yet even less details are sometimes enough to be used as a start point to get someone’s life turned upside down. Read more
After analyzing the couple of dozens of breaches that made it to the security news pages last week, we concluded hackers going wild on websites and stolen hardware, particularly laptops, were the most frequent causes for data loss last week. The Citigroup breach did take center stage, as it turned out they downplayed the number of exposed accounts a little. By a little we mean they almost cut them in half! The originally disclosed 200,000 turned out to be 360,000. Just a minor overlook, I’m sure.
But the Citigroup situation was far from feeling lonely last week. Here are part of the security fails caused by successful hacking attempts and lost hardware:
Hackers breaching security
Workspace reported a hack that breached its legacy platform and exposed client data.
Hackers also breached WriterSpace.com, accessed 12,000 members’ email addresses and then posted them online for everyone to see.
BioWare also dealt with a hacker breaching their security. The result was 18,000 user account names, passwords, email addresses, and birth dates being exposed.
After the hacking of the PBS network website, Sony’s movie division website was also hacked and at least 50,000 consumer email addresses have published. A group called LulzSec has claimed responsibility for the attack and stated the security breach was made possible by an existing SQL vulnerability.
“What’s worse is that every bit of data we took wasn’t encrypted,” the group wrote in a press release announcing the hack. “Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.” Read more
Servers belonging to Automattic, the company which maintains the WordPress.com platform have recently been hacked via root access. The latest details regarding this breach that is still under investigation comes from an advisory from Automattic. However, the initial findings are quite unsettling for the 18 million publishers hosted by wordpress.com.
“Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed,” the company’s founder, Matt Mullenweg, wrote. “We presume our source code was exposed and copied. While much of our code is open source, there are sensitive bits of our and our partner’s code. Beyond that, however, it appears information disclosed was limited.”
An official investigation is still on at this moment with the purpose of determining how Poo hacked the well guarded computers at the Federal Reserve and other major financial institutions.
U.S. Attorney Loretta Lynch said this case is an example of how “cybercriminals continue to use their sophistication and skill as hackers to attack our financial and national security sectors.” Read more
If you had any doubt that security breaches cost companies a lot, it is all clear now – the damages companies have to deal with after one breach are overwhelming! According to recent reports by te Ponemon Institute, organizations get hit by at least one successful attack per week, and the annualized cost to their bottom lines from the attacks ranges from1 million to 53 million USD per year. The reports were based on the analysis of 45 U.S. organizations hit by data breaches.
Ponemon Institute’s released two separate reports, “The First Annual Cost of Cyber Crime Study” (PDF), which was sponsored by ArcSight, “The Leaking Vault” (PDF) released today by the Digital Forensics Association, both showing troubling findings for companies’ finances: Read more