#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

data breach | Breaking Cybersecurity News | The Hacker News

Ubuntu Linux Forum Hacked! Once Again

Ubuntu Linux Forum Hacked! Once Again

Jul 15, 2016
No software is immune to being Hacked! Not even Linux. The Ubuntu online forums have been hacked, and data belonging to over 2 Million users have been compromised, Canonical just announced. The compromised users' data include their IP addresses, usernames, and email addresses, according to the company, who failed to apply a patch to secure its users' data. However, users should keep in mind that the hack did not affect the Ubuntu operating system, or it was not due to a vulnerability or weakness in the OS. Instead, the breach only affected the Ubuntu online forums that people use to discuss the OS, said BetaNews, who initially reported the news. "There has been a security breach on the Ubuntu Forums site," Jane Silber, Chief Executive Officer at Canonical wrote in a blog post . "We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation." "C
Another CEO Hacked... It's Twitter CEO Jack Dorsey!

Another CEO Hacked... It's Twitter CEO Jack Dorsey!

Jul 09, 2016
Twitter account of another high profile has been hacked! This time, it's Twitter CEO Jack Dorsey. OurMine claimed responsibility for the hack, which was spotted after the group managed to post some benign video clips. The team also tweeted at 2:50 AM ET today saying " Hey, its OurMine,we are testing your security, " with a link to their website that promotes and sells its own "services" for which it has already made $16,500. Although the tweets posted by the group did not contain any harmful content, both the tweet and linked to a short Vine video clip have immediately been removed. Ourmine is the same group of hackers from Saudi Arabia that previously compromised some social media accounts of other CEOs including: Google's CEO Sundar Pichai Facebook's CEO Mark Zuckerberg Twitter's ex-CEO Dick Costolo Facebook-owned virtual reality company Oculus CEO Brendan Iribe Since all tweets posted to Dorsey's account came through Vine,
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Over 1000 Wendy's Restaurants Hit by Credit Card Hackers

Over 1000 Wendy's Restaurants Hit by Credit Card Hackers

Jul 08, 2016
The Popular fast-food restaurant chain Wendy's on Thursday admitted that a massive cyber attack had hit more than 1,000 of its restaurants across the country. The burger chain did not speculate how many people may have been affected, though it did confirm that the hackers were able to steal its customers' credit and debit card information. The data breach is more than three times bigger than initially thought. The original data breach was believed to have affected " fewer than 300 " of its 5,144 franchised locations in the United States when the malware was discovered in May. The Malware had been installed on Point-of-Sale (PoS) systems in the affected restaurants and was able to obtain cardholder's name, payment card number, expiration date, service code, cardholder verification value, among other data. The data breach began in fall 2015 and discovered in February this year, and the company went public with in May. Just last month, Wendy's s
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Google makes 2-Factor Authentication a lot Easier and Faster

Google makes 2-Factor Authentication a lot Easier and Faster

Jun 22, 2016
When it comes to data breaches of major online services like LinkedIn , MySpace , Twitter and VK.com , it's two-factor authentication that could save you from being hacked. Two-factor authentication or 2-step verification is an effective way to secure online accounts, but many users avoid enabling the feature just to save themselves from irritation of receiving and typing a six-digit code that takes their 10 to 15 extra seconds. Now, Google has made the 2-Step Verification (2FV) process much easier for its users, allowing you to login with just a single tap instead of typing codes. Previously, you have had to manually enter a six-digit code received via an SMS or from an authenticator app, but now… Google has introduced a new method called " Google Prompt " that uses a simple push notification where you just have to tap on your mobile phone to approve login requests. Also Read: Google Plans to Kill your Passwords . In other words, while signing in to your
Insider Breach: T-Mobile Czech Employee Steals and Sells 1.5 Million Users Data

Insider Breach: T-Mobile Czech Employee Steals and Sells 1.5 Million Users Data

Jun 20, 2016
T-Mobile is the latest in the list of recent high-profile data breaches, though this time the breach is not carried out by "Peace" - the Russian hacker who was behind the massive breaches in some popular social media sites including LinkedIn , MySpace , Tumblr , and VK.com . Instead, one of the T-Mobile's employees stole more than 1.5 Million customer records at the T-Mobile Czech Republic in order to sell it on for a profit, according to local media , MF DNES. Yes, the customer service staff member tried to sell the T-Mobile customer marketing database, though it is not clear that how much of names, e-mail addresses, account numbers and other personal data of over 1.5 Million customers the database contained. The T-Mobile Czech Republic has also refused to provide any "additional specific information" about what data was leaked, due to an ongoing police investigation. Although the company assured its customers that the stolen database did not contai
Github accounts Hacked in 'Password reuse attack'

Github accounts Hacked in 'Password reuse attack'

Jun 17, 2016
Popular code repository site GitHub is warning that a number of users' accounts have been compromised by unknown hackers reusing email addresses and passwords obtained from other recent data breaches . Yes, GitHub has become the latest target of a password reuse attack after Facebook CEO Mark Zuckerberg and Twitter . According to a blog post published by Shawn Davenport, VP of Security at GitHub, an unknown attacker using a list of email addresses and passwords obtained from the data breach of " other online services " made a significant number of login attempts to GitHub's repository on June 14. After reviewing the logins, administrators at GitHub found that the attacker had gained access to a number of its users' accounts in order to gain illicit access to their accounts' data. Although the initial source of the leaked credentials isn't clear, the recent widespread "megabreaches" of LinkedIn , MySpace , Tumblr , and the dating site Fling,
Over 51 Million Accounts Leaked from iMesh File Sharing Service

Over 51 Million Accounts Leaked from iMesh File Sharing Service

Jun 13, 2016
How many more data dumps does this hacker have with him that has yet to be exposed? Well, no one knows the answer, but we were recently made aware of another data breach from Peace – the same Russian hacker who was behind the massive breaches in some of the most popular social media sites including LinkedIn , MySpace , Tumblr , and VK.com . The hacker under the nickname "Peace" (or Peace_of_mind) is now selling over 51 Million records obtained from iMesh – now defunct peer-to-peer file sharing service. The New York-based iMesh was one of the first and most popular file sharing services that allowed users to share multimedia files with their friends via the peer-to-peer (or P2P) protocol. Launched in the late 90s, iMesh became the third-largest service in the United States in 2009, but the service was unexpectedly closed down last month. LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that the comp
Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

Jun 09, 2016
The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn , MySpace , Tumblr , Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace. However, these are only data breaches that have been publicly disclosed by the hacker. I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released. The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter. Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800). LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com
BitTorrent Forum Hacked; Change your Password Immediately

BitTorrent Forum Hacked; Change your Password Immediately

Jun 08, 2016
If you are a torrent lover and have registered on  BitTorrent community forum website, then you may have had your personal details compromised, along with your hashed passwords. The BitTorrent team has announced that its community forums have been hacked, which exposed private information of hundreds of thousands of its users. As of now, BitTorrent is the most visited torrent client around the world with more than 150 Million monthly active users. Besides this, BitTorrent also has a dedicated community forum that has over hundreds of thousands of registered members with tens of thousands of daily visitors. A recent security alert by the team says the forum database has been compromised by hackers who were able to get their hands on its users' passwords, warning its users to update their passwords as soon as possible. The vulnerability is believed to be originated at one of its vendors, who alerted the BitTorrent team about the issue earlier this week. "The vulnera
VK.com HACKED! 100 Million Clear Text Passwords Leaked Online
Facebook CEO Zuckerberg's Twitter, Pinterest accounts Hacked! And the Password was...

Facebook CEO Zuckerberg's Twitter, Pinterest accounts Hacked! And the Password was...

Jun 06, 2016
The man who runs the biggest social network and continuously implements new security measures to boost its billion users security, himself failed to follow basics of Internet security for his own online accounts. Yes, I'm talking about Facebook CEO Mark Zuckerberg , who had his Twitter and Pinterest accounts compromised on Sunday. The hacker group from Saudi Arabia, dubbed OurMine , claimed responsibility for the hack and guess how the group did it? Thanks to the LinkedIn data breach ! The hackers tweeted that they found Zuck's account credentials in the recent LinkedIn data breach, from which they took his SHA1-hashed password string and then broke it and tried on several social media accounts. Also Read: Hacker Removed Zuckerberg's Facebook Cover Photo The group, which has more than 40,000 Twitter followers, then successfully broke into Zuck's Twitter ( @finkd ) and Pinterest profile and defaced its banners with its logo as well as tweeted out some offens
Has Your TeamViewer Account Been Hacked? Here's What to Do Immediately

Has Your TeamViewer Account Been Hacked? Here's What to Do Immediately

Jun 04, 2016
Do you have remote login software TeamViewer installed on your desktop? If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter suggests. According to recent reports, the popular TeamViewer software that is used to remotely control PCs appears to have been HACKED ! Over the past few days, a number of users headed on to the Internet forums to report that unknown attackers are taking control of their computers through their TeamViewer accounts and, in some cases, trying to steal money through services like eBay or PayPal. This same behavior has also been reported by the IBM security researcher Nick Bradley, who said: "In the middle of my gaming session, I lose control of my mouse, and the TeamViewer window pops up in the bottom right corner of my screen. As soon as I realize what is happening, I kill the application. Then it dawns
427 Million Myspace Passwords leaked in major Security Breach

427 Million Myspace Passwords leaked in major Security Breach

Jun 01, 2016
MySpace has suffered a major data breach in which hundreds of Millions of users have had their account details compromised. You may have forgotten Myspace and have not thought of it in years after Facebook acquired the market, but Myspace was once-popular social media website. On Tuesday, Myspace confirmed that the company was hacked in 2013 and that the stolen Myspace username and password combinations have been made available for sale in an online hacker forum. The hacker, nicknamed Peace, who is selling the database of about 360 Million Myspace accounts with 427 million passwords, is the same hacker who was recently in the news for leaking 164 Million LinkedIn and 65 Million Tumblr accounts . "We believe the data breach is attributed to Russian Cyberhacker 'Peace'," Myspace wrote in a blog post . "Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform ar
Hacker Selling 65 Million Passwords From Tumblr Data Breach

Hacker Selling 65 Million Passwords From Tumblr Data Breach

May 31, 2016
Earlier this month Tumblr revealed that a third party had obtained access to a set of e-mail addresses and passwords dating back from early 2013, before being acquired by Yahoo. At that time, Tumblr did not reveal the number of affected users, but in reality, around 65,469,298 accounts credentials were leaked in the 2013 Tumblr data breach, according to security expert Troy Hunt, who runs the site Have I Been Pwned . "As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts," read Tumblr's blog . A Hacker, who is going by "peace_of_mind," is selling the Tumblr data for 0.4255 Bitcoin ($225) on the darknet marketplace The Real Deal . The compromised data includes 65,469,298 unique e-mail addresses and "salted & hashed passwords." The Same hacker is also selling the compromised login account data from Fling, Li
Hacker puts up 167 Million LinkedIn Passwords for Sale

Hacker puts up 167 Million LinkedIn Passwords for Sale

May 18, 2016
LinkedIn's 2012 data breach was much worse than anybody first thought. In 2012, LinkedIn suffered a massive data breach in which more than 6 Million users accounts login details, including encrypted passwords, were posted online by a Russian hacker. Now, it turns out that it was not just 6 Million users who got their login details stolen. Latest reports emerged that the 2012's LinkedIn data breach may have resulted in the online sale of sensitive account information, including emails and passwords, of about 117 Million LinkedIn users. Almost after 4 years, a hacker under the nickname "Peace" is offering for sale what he/she claims to be the database of 167 Million emails and hashed passwords, which included 117 Million already cracked passwords, belonging to LinkedIn users. The hacker, who is selling the stolen data on the illegal Dark Web marketplace " The Real Deal " for 5 Bitcoins (roughly $2,200), has spoken to Motherboard, confirming th
Top 4 Data Breaches reported in last 24 Hours

Top 4 Data Breaches reported in last 24 Hours

May 10, 2016
There is no doubt that data breaches are on the rise. Hardly a day goes without headlines about any significant data breach. According to the latest ' Cyber Security Breaches Survey 2016 ' report published by UK government, two-thirds of the biggest firm in the UK have experienced at least a cyber attacks or data breaches within the past 12 months. Here's today, I am writing about top 4 data breaches reported in last 24 hours, threatened your data privacy and online security. 1. Kiddicare Hacked! 794,000 Accounts Leaked Kiddicare has admitted that the company has suffered a data breach, which led to the theft of sensitive data belonging to 794,000 users, including phone numbers and residential addresses. Kiddicare, company that sells child toys and accessories across the United Kingdom, became aware of the data breach after its customers started receiving suspicious text messages – most likely part of a phishing campaign – that attempted to pilfer them to click on a li
Hacker Arrested after Exposing Flaws in Elections Site

Hacker Arrested after Exposing Flaws in Elections Site

May 10, 2016
A security researcher responsibly disclosed vulnerabilities in the poorly secured web domains of a Florida county elections, but he ended up in handcuffs on criminal hacking charges and jailed for six hours Wednesday. Security researcher David Michael Levin, 31, of Estero, Florida was charged with three counts of gaining unauthorized access to a computer, network, or electronic instrument. On 19 December last year, Levin tested the security of Lee County website and found a critical SQL injection vulnerability in it, which allowed him to access site's database, including username and password. Levin was reportedly using a free SQL testing software called Havij for testing SQL vulnerabilities on the state elections website. According to Levin, he responsibly reported vulnerabilities to the respective authorities and helped them to patch all loopholes in the elections website. Video Demonstration of the Elections Website Hack Meanwhile, Levin demonstrates his finding via
Hacker is Selling 272 Million Email Passwords for Just $1

Hacker is Selling 272 Million Email Passwords for Just $1

May 05, 2016
A massive database of 272 million emails and passwords for popular email services, including Gmail, Microsoft, and Yahoo, are being offered for sale on the Dark Web for less than $1, media reports. An anonymous Russian hacker, who goes by the moniker " the Collector ," was first spotted by cybersecurity firm Hold Security advertising 1.17 Billion user records for email accounts on a dark web forum. The stolen credentials apparently came from some of the world's biggest email providers, including Gmail, Yahoo, Microsoft and Russia's Mail.ru. When security analysts at Hold Security reached out to the hacker and began negotiating for the dataset to verify the authenticity of those records, the hacker only asked for 50 Rubles (less than a buck) in return of the complete dump. However, it seems that there is actually nothing to worry about. Hold Security CEO Alex Holden said that a large number of those 1.17 Billion accounts credentials turned out to be duplicate an
In-Brief: Spotify Hack, Secret of Chrome OS, MIT Bug Bounty, Nanowire Batteries

In-Brief: Spotify Hack, Secret of Chrome OS, MIT Bug Bounty, Nanowire Batteries

Apr 26, 2016
1. Spotify Hacked! Change your Password ASAP If you are one of the millions of people around the world who love to listen to music on Spotify, you may need to change your password immediately. Has Spotify been hacked? The company says no, but some Spotify users have claimed their profiles were hijacked, and details were changed without knowledge, including passwords and email addresses, TC  reported . Spotify apparently suffered a security breach that leaked hundreds of Spotify accounts details, including emails, usernames, passwords and account type, which was published last week to the popular anonymous file sharing website Pastebin. Spotify is investigating the Pastebin leaks of Spotify user information. 2. Over 1 Million Android Apps Are Coming to Chrome OS Google is ready to integrate millions of Android applications onto its Chrome OS platform by bringing the entire Play Store to it. Redditor 'TheWiseYoda' first spotted a new option to "Enable And
Google makes it mandatory for Chrome Apps to tell Users what Data they collect

Google makes it mandatory for Chrome Apps to tell Users what Data they collect

Apr 19, 2016
In Brief Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data. But, now Google has updated its browser's User Data Policy requiring all Chrome extension and app developers to disclose what data they collect. Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users. Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they? The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users." Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data. Google's new User Data Policy will now force app developers, who use the Chrome We
Cybersecurity Resources