The DNC keeps the Watergate file cabinet next to server hacked by Russia

The basement of the Democratic National Committee’s Washington, DC, headquarters holds one of the most fitting images to come out of the hacks that dogged Democrats in the 2016 presidential election. On the left: a 1960s era file cabinet that wa…

The basement of the Democratic National Committee's Washington, DC, headquarters holds one of the most fitting images to come out of the hacks that dogged Democrats in the 2016 presidential election. On the left: a 1960s era file cabinet that was jimmied open during the 1972 Watergate break-in. On the right: a DNC server that was hacked by what the US intelligence community says were Russian operatives.

The photo is from an 8,300-word New York Times article about how two separate Russian government groups hacked the DNC. The hacks first came to light in June, and the rough outline is well known. For months, the intruders had free reign over the DNC's computers. Over time, the Russians extended their reach into the Gmail accounts of Clinton campaign chairman John Podesta, former secretary of State Colin Powell, and others. The series of DNC blunders, bordering on ineptitude, that allowed the attacks to succeed has been well documented. Those blunders are now coming into sharper focus.

Like the feeble filing cabinet, the shortcomings exposed in the New York Times' blow-by-blow account show just how ineffective and doomed the DNCs's defenses were against a much-better organized adversary. Equally important, the report reveals how a "series of missed signals, slow responses, and a continuing underestimation of the seriousness of the cyberattack"—apportioned in almost equal parts by members of the FBI, the DNC, and the Clinton campaign—allowed the hacking drama to play out.

Read 3 remaining paragraphs | Comments

AdultFriendFinder hacked: 400 million accounts exposed

Enlarge
AdultFriendFinder has been hacked, revealing the account details of more than 400 million people who would undoubtedly prefer to keep their identities private on the “world’s largest sex and swinger community” site.
The hacked database—wh…

Enlarge

AdultFriendFinder has been hacked, revealing the account details of more than 400 million people who would undoubtedly prefer to keep their identities private on the "world's largest sex and swinger community" site.

The hacked database—which appears to be one of the largest ever single data breaches in history—apparently contains account details for numerous adult properties belonging to the California-based Friend Finder Network, and includes customers' e-mail addresses, IP addresses last used to log-in to the site, and passwords.

According to data breach notification site LeakedSource.com, the passwords were either kept in plain text format, or used the largely discredited SHA1 hashing algorithm. It claimed to have cracked 99 percent "of all available passwords" which "are now visible in plaintext."

Read 6 remaining paragraphs | Comments

Dropbox hackers stole e-mail addresses, hashed passwords from 68M accounts

“Scope of password reset completed last week protected all impacted users,” says Dropbox.

(credit: Jim Barton)

Dropbox hurriedly warned its users last week to change their passwords if their accounts dated back prior to mid-2012. We now know why: the cloud-based storage service suffered a data breach that's said to have affected more than 68 million accounts compromised during a hack that took place roughly four years ago.

The company had previously admitted that it was hit by a hack attack, but it's only now that the scale of the operation has seemingly come to light.

Tech site Motherboard reported—citing "sources in the database trading community"—that it had obtained four files, totalling 5GB in size, which apparently contained e-mail addresses and hashed passwords for 68,680,741 Dropbox users.

Read 7 remaining paragraphs | Comments

20 hotels suffer hack costing tens of thousands their credit card information

Starwood, Hyatt, Marriott, and Intercontinental hotels across the country hacked.

(credit: HEI Hotels & Resorts)

The chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels—HEI Hotels & Resorts—said this weekend that the payment systems for 20 of its locations had been infected with malware that may have been able to steal tens of thousands of credit card numbers and corresponding customer names, expiration dates, and verification codes. HEI claims that it did not lose control of any customer PINs, as they are not collected by the company’s systems.

Still, HEI noted on its website that it doesn’t store credit card details either. “We believe that the malware may have accessed payment card information in real-time as it was being inputted into our systems,” the company said.

The breach appears to have hit 20 HEI Hotels, and in most cases, the malware appears to have been active from December 2, 2015 to June 21, 2016. In a few cases, hotels may have been affected as early as March 1, 2015. According to a statement on HEI’s website, the malware affected point-of-sale (POS) terminals at the affected properties, but online booking and other online transactions were not affected.

Read 4 remaining paragraphs | Comments