Steam hit by hackers. Are all their 35 million user accounts breached?

November 14th, 2011 by Agent Smith (0) Data Theft & Loss,Identity Theft,security breach

Almost two weeks ago, we revealed the major changes that had happened this year in the major data breaches top of all times. 2011 was leading in what the number of high profile of breaches is concerned. The top might change once more, ensuring an even stronger position for the current year as hackers hit Steam, a gaming giant that is home to 35 million user accounts.

What we know so far is that the Steam customer data base has been indeed accessed by hackers.

“We learned that intruders obtained access to a Steam database in addition to the forums,” said Gabe Newell, co-founder and managing director of Steam parent company Valve. “This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.”

Are Hackers Going to Be This Year’s Top News Item?

September 5th, 2011 by Agent Smith (0) Data Theft & Loss,Identity Theft,security breach

We have recently written quite a few pieces on hacking, hacker-caused data breaches, and other such incidents. As we kick off the week and this first month of fall, more pieces of news along the same line come to our attention.

Two students hacked into the Birdville Independent School District’s servers and ran across a file containing 14,500 student names, ID numbers as well as social security numbers.

Borlas.net was also the playground of hackers. After managing to access their files, the hackers responsible for the security breach also leaked names, passwords, emails and phone numbers of nearly 15,000 registered users. Read more

New Spike in Hacking-related Data Loss

August 22nd, 2011 by Agent Smith (2) Data Theft & Loss,security breach

Mid-August seems to have been the perfect time for a fresh increase in hacking incidents that lead to sensitive data being lost or exposed. Maybe the security incidents have been powered by all the news on Anonymous and LuizSec of late, or maybe companies still don’t know what they’re facing. The truth is the simplest hacks seem to get straight to the sensitive information they store on their projects, their partners and mostly their clients.

The first such incident targeted Epson Korea, where a website hack managed to compromise the details of about 350,000 customers. The data accessed by hackers included names, user IDs, passwords and resident registration numbers. Read more

Hackers Partially Close down the Hong Kong Stock Exchange

August 11th, 2011 by Agent Smith (0) In the News

Hackers targeting the Hong Kong stock exchange have managed to do enough damage to force them to close afternoon trading for seven listed companies. The attack targeted the news section of the stock exchange and managed to severely disrupt day-to-day activities.

The news website, which publishes companies’ regulatory filings, started going down at noon, however according to Hong Kong stock exchange representative, the trading part of the website had not been breached. The stop in trading that affected HSBC, Cathay Pacific Airways and the Hong Kong Exchanges & Clearing, which runs the stock exchange, was a necessary measure as all had released price-sensitive information earlier in the day. As the fresh news could not be accessed, it was safer to end the afternoon trading for the seven companies. Read more

Sony’s PlayStation Network Hack Created 70 Million Potential Fraud Victims

April 28th, 2011 by Agent Smith (1) Data Theft & Loss,In The Spotlight,security breach

According to the PlayStation blog, the 70 million users of Qriocity and PlayStation Network may have had their personal information compromised due to a successful hacker attack. Also the network has been shut down since April 20th and users have been unable to download content or play online.

The hacker attack resulted in personal information such as names, home addresses, e-mail addresses, birth dates and passwords being compromised, but the damage to credit card information has not yet been assessed. Read more

Massive data breach discovered at Ohio State University

December 17th, 2010 by Agent Smith (0) Data Theft & Loss,security breach

Personal information of more than 760,000 of the current and former Ohio State University students, faculty and staff was repeatedly compromised earlier this year by hackers who managed to access an unsecured university server. Starting this week, according to an advisory posted on the university’s website, school officials said they began sending out notification letters all affected individuals.

A routine IT security review discovered the breach, during late October. This breach allowed hackers to access student and staff files containing names, social security numbers, birth dates and addresses. Read more

Federal Reserve computers hacked, 400000 credit card numbers stolen

November 22nd, 2010 by Agent Smith (0) Data Theft & Loss,Identity Theft,security breach

Lin Mun Poo, a Malaysian hacker, was arrested last month by the Secret Service at JFK Airport and charged with hacking the Federal Reserve computers in Cleveland in June 2010, as well as with stealing 400,000 credit card numbers.

An official investigation is still on at this moment with the purpose of determining how Poo hacked the well guarded computers at the Federal Reserve and other major financial institutions.

U.S. Attorney Loretta Lynch said this case is an example of how “cybercriminals continue to use their sophistication and skill as hackers to attack our financial and national security sectors.” Read more

Was there or wasn’t there a loss of data?

January 12th, 2010 by Agent Smith (0) Data Theft & Loss,In the News,security breach

A recent DOS attack on an Eugene School District server managed to succeed in breaching their security and access the said computer which contained the names, employee ID numbers and phone numbers of about 2500 current and former employees. While other sensitive information such as security numbers were not stored on the breached machine, the server was connected with others (apparently protected by other security systems as well), that contained private details on a total of 26000 people and vendors.

Luckily all student data are stored on different networks of the Eugene School District, so none of those studying in the region have been affected. The supposed breach seems to have only affected adults.

Yet the safetly of the 26000 different records is in no way guaranteed. There is no proof of further breaching, but there isn’t any to show there was none either. In the mean time, the breach is being investigated, while the school district’s website has been updated with information on the breach.

“A thorough investigation of the security breach has been initiated, police have been notified, and the district has taken measures to further safeguard the involved server,” the district said. “We are continuing to assess our information security systems to make certain that we have all appropriate measures in place to ensure that personal information is secure. We sincerely regret any inconvenience this may cause to our staff and vendors.”

More information here.

Website exposes sensitive data on Californian commuters

September 11th, 2009 by Agent Smith (2) Identity Theft,In The Spotlight

Military personnel included in exposed group of carpooling employees

A website built to help commuters carpool to work is exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation. The reason for the data breach was caused by programming errors in the website code.

The bugs, discovered on the RideMatch.info website enable hackers to easily access personal information such as names, home addresses, phone numbers, the times they commute to and from work, and in some cases employee numbers. According to a recent article published by The Register, the SQL injection vulnerability was still active 2 days ago, although it has been discovered two weeks before and reported to a developer who runs the website.

The issue has been discovered and reported bu Kristian Hermansen, a security researcher. Upon receiving a form to fill in by his employer, apparently a legal requirement for all employees, he investigated the website where the information was to be posted.

RideMatch.info is a joint project developed by transit authorities in five regional governments in Southern California. Each individual using the website enters work and home addresses and the time they leave from each. Based on the data, the website then teams them with others who live and work nearby and commute at similar times, thus providing an effective carpool matchmaking services. Too bad the same range of data can be accessed by any hacker willing to exploit the vulnerability!

All-time-record hacker pleads guilty

August 30th, 2009 by Agent Smith (0) Data Theft & Loss,Identity Theft,In The Spotlight,security breach

The “I am legend” of the hacking and data theft world, Albert Gonzales, decided to plead guilty and now faces 15 to 25 years in jail. Gonzales is accused of masterminding a hacking circle that stole 130 million credit and debit card numbers from major retail chains such as Barnes and Noble, T.J. Maxx, Sports Authority, and OfficeMax.

According to The Register, Gonzales, who also used to be a government informant, agreed to plead guilty to 19 felony counts in Massachusetts by September 11. He also intends to plead guilty to a New York indictment accusing him of similar crimes that targeted 11 Dave & Buster’s restaurants. And that’s not all!

The deal does not cover a third indictment in New Jersey against Gonzalez related to the alleged theft of data from more than 130 million credit card accounts from card payment processor Heartland Payment Systems and retailers Hannaford Brothers and 7-Eleven.

In what money is concerned, Gonzales will also say goodbye to nearly 1.65 million US dollars in cash, his Miami condominium, a 2006 BMW, laptop computers, three Rolex watches, and then some more!