Posted on

Yahoo admits it’s been hacked again, and 1 billion accounts were exposed

Someone had faster access to over a billion Yahoo accounts' data. (credit: Scott Schiller)

On December 14, Yahoo announced that after an investigation into data provided by law enforcement officials in November, the company and outside forensics experts have determined that there was in fact a previously undetected breach of data from over 1 billion user accounts. The breach took place in August 2013, and is apparently distinct from the previous mega-breach revealed this fall—one Yahoo claims was conducted by a "state-sponsored actor".

The information accessed from potentially exposed accounts "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers," Yahoo's chief information security officer Bob Lord reported in the statement issued by the company. "The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected."

It's not clear whether the data provided by law enforcement to Yahoo is connected to samples offered on an underground site this past August, particularly since Yahoo still remains unsure of how the user data was spirited out of its systems in the first place. But the breach news doesn't end there.

Read 4 remaining paragraphs | Comments

Posted on

Feds pin brazen kernel.org intrusion on 27-year-old programmer

Enlarge (credit: Ildar Sagdejev)

In August 2011, multiple servers used to maintain and distribute the Linux operating system kernel were infected with malware that gave an unknown intruder almost unfettered access. Earlier this week, the five-year-old breach investigation got its first big break when federal prosecutors unsealed an indictment accusing a South Florida computer programmer of carrying out the attack.

Donald Ryan Austin, 27, of El Portal, Florida, used login credentials belonging to a Linux Kernel Organization system administrator to install a hard-to-detect backdoor on servers belonging to the organization, according to the document that was unsealed on Monday. The breach was significant because the group manages the network and the website that maintain and distribute the open source OS that's used by millions of corporate and government networks around the world. One of Austin's motives for the intrusion, prosecutors allege, was to "gain access to the software distributed through the www.kernel.org website."

The indictment refers to kernel.org officials P.A. and J.H., who are presumed to be Linux kernel developer H. Peter Anvin and kernel.org Chief System Administrator John "'Warthog9" Hawley, respectively. It went on to say that Austin used the credentials to install a class of extremely hard-to-detect malware known as a rootkit and a Trojan that logs the credentials of authorized users who use the secure shell protocol to access an infected computer.

Read 7 remaining paragraphs | Comments

Posted on

Over 40 million usernames, passwords from 2012 breach of Last.fm surface

Enlarge / If you haven't changed your password for Last.fm since 2012, it's long past time—the passwords are now easily grabbed from the Internet.

The contents of a March 2012 breach of the music tracking website Last.fm have surfaced on the Internet, joining a collection of other recently leaked "mega-breaches" from Tumblr, LinkedIn, and MySpace. The Last.fm breach differs from the Tumblr breach, however, in that Last.fm knew about the breach when it happened and informed users in June of 2012. But more than 43 million user accounts were exposed, including weakly encrypted passwords—96 percent of which were cracked within two hours by researchers associated with the data breach detection site LeakedSource.

Last.fm is a music-centered social media platform—it tracks the music its members play, aggregating the information to provide a worldwide "trending" board for music, letting users learn about new music and share playlists, among other things. The 2012 database breach contained usernames, passwords, the date each member joined the service, and internal data associated with the account. The passwords were encrypted with an unsalted MD5 hash.

"This algorithm is so insecure it took us two hours to crack and convert over 96 percent of them to visible passwords, a sizable increase from prior mega breaches," a member of LeakedSource wrote in a post about the data. Ars confirmed the LeakedSource data using our own Last.fm account information.

Read 2 remaining paragraphs | Comments

Posted on

Oracle-owned point-of-sale service suffers from malware attack

MICROS, an Oracle-owned division that's one of the world's top three point-of-sale services, has suffered a security breach. The attack possibly comes at the hands of a Russian crime gang that siphoned out more than $1 billion from banks and retailers in past hacks, security news site KrebsOnSecurity reported Monday.

Oracle representatives have told reporter Brian Krebs that company engineers "detected and addressed malicious code in certain legacy MICROS systems" and that the service has asked all customers to reset their passwords for the MICROS online support site. Anonymous people have told Krebs that Oracle engineers initially thought the breach was limited to a small number of computers in the company's retail division. The engineers later realized the infection affected more than 700 systems.

Krebs went on to report that two security experts briefed on the breach investigation said the MICROS support portal was seen communicating with a server that's known to be used by the Carbanak Gang. Over the past few years, Carbanak members are suspected of funneling more than $1 billion out of banks, retailers, and hospitality firms the group hacked into.

Read 4 remaining paragraphs | Comments