Category Archives: breach

Hacked French TV network admits “blunder” that exposed YouTube password

The head of the French TV network that suspended broadcasting following last week's hack attack has confirmed the service exposed its own passwords during a TV interview, but said the gaffe came only after the breach.

"We don't hide the fact that this is a blunder," the channel's director general Yves Bigot, told the AFP news service.

The exposure came during an interview a rival TV service broadcast on the TV5Monde attack. During the questioning, a TV5Monde journalist sat in front of several scraps of paper hanging on a window. One of them showed the password of for the network's YouTube account. As Ars reported last week, the pass code was "lemotdepassedeyoutube," which translates in English to "the password of YouTube."

Read 3 remaining paragraphs | Comments

String of big data breaches continues with hack on health insurer Anthem

Over the past 18 months, hackers have struck again and again, with incursions on Target, Staples, JPMorgan Chase, and Sony Pictures, as well as a raft of smaller companies. Now, one of the largest US health insurers, Anthem, says it suffered a breach that exposed Social Security Numbers and other personal information for tens of millions of people, including its CEO.

In all, Anthem said the compromised database included 80 million records related to current and former customers and employees. The intruders accessed names, Social Security numbers, birthdays, addresses, e-mail, income data and other employment information. At this early stage, company officials don't think credit card details and medical information such as insurance claims and test results were taken. Company officials have hired security firm Mandiant to determine how the hackers got in and what information they accessed. The FBI is also investigating.

Anthem operates under a variety of health insurance brands, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, and Empire Blue Cross and Blue Shield. The breach was discovered on January 29. The company plans to notify affected customers and employees in the coming weeks. It has also published this list of frequently asked questions and this statement from CEO and President Joseph R. Swedish apologizing for the data theft.

Read 2 remaining paragraphs | Comments

Sony hackers could have slipped past 90% of defenses, FBI director says

The malware that thoroughly penetrated Sony Pictures Entertainment was so sophisticated it likely would have worked against nine out of 10 security defenses available to companies, a top FBI official told members of Congress.

The comments, made under oath Wednesday by Joseph Demarest, assistant director of the FBI's cyber division, are the latest to largely let Sony officials off the hook. Last month's rooting of servers operated by Sony's movie division is believed to have exposed more than 100 gigabytes of data, including not only unreleased movies but, more importantly, personal details on tens of thousands of employees. Speaking before the Senate Banking, Housing, and Urban Affairs Committee, Demarest's apologist comments closely resembled those reported earlier this week from the CEO of Mandiant, the security firm investigating the breach on behalf of Sony.

"The level of sophistication is extremely high and we can tell...that [the hackers] are organized and certainly persistent," Demarest said, according to IDG News. "In speaking with Sony and separately, the Mandiant security provider, the malware that was used would have slipped or probably gotten past 90% of Net defenses that are out there today in private industry and [likely] challenged even state government."

Read 1 remaining paragraphs | Comments

Hacked payment card service transmitted some data in plaintext

Charge Anywhere, a company that routes payment transactions between merchants and payment card processors, said that malicious software planted on its network may have accessed unencrypted sensitive cardholder data for almost five years.

In a statement, the company warned that some of the card data it sends or receives appears in plaintext, allowing attackers to copy it and use it in fraudulent transactions. Details including names, account numbers, expiration dates, and verification codes are known to be exposed for transactions that occurred this year from August 17 through September 24, although it's possible transactions dating back to November 5, 2009 may also have been accessed, the statement said. The disclosure came after company officials hired an unidentified security firm to investigate the breach.

"The investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic," the release stated. "Much of the outbound traffic was encrypted. However, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests."

Read 2 remaining paragraphs | Comments

Copyright © 1995 - 2015. Kashif Ali.