The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: data breach

Town of Salem Data Breach Exposes 7.6 Million Gamers' Accounts

Town of Salem Data Breach Exposes 7.6 Million Gamers' Accounts

January 05, 2019Mohit Kumar
A massive data breach at the popular online role-playing game 'Town of Salem' has reportedly impacted more than 7.6 million players, the game owner BlankMediaGames (BMG) confirmed Wednesday on its online forum. With the user base of more than 8 million players, Town of Salem is a browser-based game that enables gamers (which range from 7 to 15 users) to play a version of the famous secret role game Town, Mafia, or Neutrals. The data breach was first discovered and disclosed on December 28 when a copy of the compromised Town of Salem database was anonymously sent to DeHashed, a hacked database search engine. Over 7.6 Million Users Accounts Compromised The database included evidence of the server compromise and access to the complete gamer database which contained 7,633,234 unique email addresses (most-represented of the email providers being Gmail, Hotmail, and Yahoo.com). After analyzing the complete database, DeHashed disclosed that the compromised data contained
Mayday! NASA Warns Employees of Personal Information Breach

Mayday! NASA Warns Employees of Personal Information Breach

December 19, 2018Mohit Kumar
Another day, another data breach. This time it's the United States National Aeronautics and Space Administration (NASA) NASA today confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency's servers was hacked. In an internal memo sent to all employees on Tuesday, NASA said the unknown hackers managed to gain access to one of its servers storing the personally identifiable information (PII), including social security numbers, of current and former employees. The agency said NASA discovered the breach on October 23 when its cybersecurity personnel began investigating a possible breach of two of its servers holding employee records. After discovering the intrusion, NASA has since secured its servers and informed that the agency is working with its federal cybersecurity partners "to examine the servers to determine the scope of the potential data exfiltration and identify pot
Twitter Discloses Suspected State-Sponsored Attack After Minor Data Breach

Twitter Discloses Suspected State-Sponsored Attack After Minor Data Breach

December 18, 2018Swati Khandelwal
Twitter has been hit with a minor data breach incident that the social networking site believes linked to a suspected state-sponsored attack. In a blog post published on Monday, Twitter revealed that while investigating a vulnerability affecting one of its support forms, the company discovered evidence of the bug being misused to access and steal users’ exposed information. The impacted support form in question was used by account holders to contact Twitter about issues with their account. Discovered in mid-November, the support form API bug exposed considerably less personal information, including the country code of users' phone numbers associated with their Twitter account, and "whether or not their account had been locked." So far the company has declined to provide more details about the incident or an estimate for the number of accounts potentially impacted but says it believes that the attack may have ties to state-sponsored actors. "During our
New Facebook Bug Exposed 6.8 Million Users Photos to Third-Party Apps

New Facebook Bug Exposed 6.8 Million Users Photos to Third-Party Apps

December 14, 2018Mohit Kumar
Facebook's latest screw-up — a programming bug in Facebook website accidentally gave 1,500 third-party apps access to the unposted Facebook photos of as many as 6.8 million users. Facebook today quietly announced that it discovered a new API bug in its photo-sharing system that let 876 developers access users' private photos which they never shared on their timeline, including images uploaded to Marketplace or Facebook Stories. "When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories," Facebook said. What's worse? The bug even exposed photos that people uploaded to Facebook but chose not to post or didn't finish posting it for some reason. The flaw left users' private data exposed for 12 days, between September 13th an
Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users

Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users

December 10, 2018Mohit Kumar
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security vulnerability in one of Google+'s People APIs that could have allowed developers to steal private information on 52.5 million users, including their name, email address, occupation, and age. The vulnerable API in question is called "People: get" that has been designed to let developers request basic information associated with a user profile. However, software update in November introduced the bug in the Google+ People API that allowed apps to view users' information even if a user profile was set to not-public. Google engineers discovered the security issue during standard testing procedures and addressed it within a week of the issue being introduced. The company said
Quora Gets Hacked – 100 Million Users Data Stolen

Quora Gets Hacked – 100 Million Users Data Stolen

December 04, 2018Swati Khandelwal
The World's most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. Quora announced the incident late Monday after its team last Friday discovered that an unidentified malicious third-party managed to gain unauthorized access to one of its systems and stole data on approximately 100 million users—that's almost half of its entire user base. According to Adam D'Angelo, the chief executive officer and co-founder of Quora, the personal user information compromised in the breach includes: Account information , such as names, email addresses, encrypted (hashed) passwords, and data imported from linked social networks like Facebook and Twitter when authorized by users. Public content and actions , like questions, answers, comments, and upvotes. Non-public content and actions , including answer requests, downvotes,
500 Million Marriott Guest Records Stolen in Starwood Data Breach

500 Million Marriott Guest Records Stolen in Starwood Data Breach

November 30, 2018Mohit Kumar
The world's biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests. Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts, W Hotels, Westin Hotels & Resorts, Aloft Hotels, Tribute Portfolio, Element Hotels, Le Méridien Hotels & Resorts, The Luxury Collection, Four Points by Sheraton and Design Hotels. The incident is believed to be one of the largest data breaches in history, behind 2016 Yahoo hacking in which nearly 3 billion user accounts were stolen. The breach of Starwood properties has been happening since 2014 after an "unauthorized party" managed to gain unauthorized access to the Starwood's guest reservation database, and had copied and encrypted the information. Marriott dis
Dell Resets All Customers' Passwords After Potential Security Breach

Dell Resets All Customers' Passwords After Potential Security Breach

November 29, 2018Mohit Kumar
Multinational computer technology company Dell disclosed Wednesday that its online electronics marketplace experienced a "cybersecurity incident" earlier this month when an unknown group of hackers infiltrated its internal network. On November 9, Dell detected and disrupted unauthorized activity on its network attempting to steal customer information, including their names, email addresses and hashed passwords. According to the company, the initial investigation found no conclusive evidence that the hackers succeeded to extract any information, but as a countermeasure Dell has reset passwords for all accounts on Dell.com website whether the data had been stolen or not. Dell did not share any information on how hackers managed to infiltrate its network at the first place or how many user accounts were affected, but the company did confirm that payment information and Social Security numbers were not targeted. "Credit card and other sensitive customer information
Uber fined $1.1 million by UK and Dutch regulators over 2016 data breach

Uber fined $1.1 million by UK and Dutch regulators over 2016 data breach

November 27, 2018Mohit Kumar
British and Dutch data protection regulators Tuesday hit the ride-sharing company Uber with a total fine of $1,170,892 (~ 1.1 million) for failing to protect its customers’ personal information during a 2016 cyber attack involving millions of users. Late last year, Uber unveiled that the company had suffered a massive data breach in October 2016, exposing names, email addresses and phone numbers of 57 million Uber riders and drivers along with driving license numbers of around 600,000 drivers. Besides this, it was also reported that instead of disclosing the breach at the time, the company paid $100,000 in ransom to the two hackers with access to the stolen data in exchange for keeping the incident secret and deleting the information. Today Britain’s Information Commissioner’s Office (ICO) fined Uber 385,000 pounds ($491,102), while the Dutch Data Protection Authority (Dutch DPA) levied a 600,000 euro ($679,790) penalty on Uber for failing to protect the personal informatio
US Postal Service Left 60 Million Users Data Exposed For Over a Year

US Postal Service Left 60 Million Users Data Exposed For Over a Year

November 22, 2018Swati Khandelwal
The United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website. The U.S.P.S. is an independent agency of the American federal government responsible for providing postal service in the United States and is one of the few government agencies explicitly authorized by the United States Constitution. The vulnerability is tied to an authentication weakness in an application programming interface (API) for the USPS "Informed Visibility" program designed to help business customers track mail in real-time. 60 Million USPS Users' Data Exposed According to the cybersecurity researcher, who has not disclosed his identity, the API was programmed to accept any number of "wildcard" search parameters, enabling anyone logged in to usps.com to query the system for account details belonging to any other user. In other words, the attacker could
Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed

Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed

November 21, 2018Swati Khandelwal
The real identity of Tessa88—the notorious hacker tied to several high-profile cyber attacks including the LinkedIn , DropBox and MySpace mega breaches—has been revealed as Maksim Vladimirovich Donakov (Максим Владимирович Донаков), a resident of Penza, Russian Federation. In early 2016, a hacker with pseudonym Tessa88 emerged online offering stolen databases from some of the biggest social media websites in the world, including LinkedIn, MySpace, VKontakte (vk.com), Dropbox, Rambler , and Twitter , for sale in various underground hacking forums. The stolen data, taken years ago from several social media sites, included more than half a billion username and password combinations, which were then used in phishing, account takeover, and other cyber attacks. Though Tessa88's profile was active for a few months between February and May 2016, the OPSEC analysis revealed that the same person was involved in various cybercriminal activities since as early as 2012 under different
Two TalkTalk hackers jailed for 2015 data breach that cost it £77 million

Two TalkTalk hackers jailed for 2015 data breach that cost it £77 million

November 20, 2018Swati Khandelwal
Two hackers have been sent to prison for their roles in hacking TalkTalk , one of the biggest UK-based telecommunications company, in 2015 and stealing personal information, banking, and credit card details belonging to more than 156,000 customers. Matthew Hanley, 23, and Connor Allsopp, 21, both from Tamworth in Staffordshire, were sentenced Monday to 12 months and 8 months in prison, respectively, after they admitted charges relating to the massive breach that cost TalkTalk £77 million in losses. The total cost also included the massive £400,000 fine imposed by the Information Commissioner's Office (ICO) on TalkTalk for failings to implement the most basic security measures in order to prevent the hack from happening. At the Old Bailey, the judge Anuja Dhir described Hanley as a "dedicated hacker" and sentenced him to 12 months in prison; whereas, Allsopp gets 8-months prison for his lesser role in the cyber attack. The Judge also said that it was a tragedy
Another Facebook Bug Could Have Exposed Your Private Information

Another Facebook Bug Could Have Exposed Your Private Information

November 13, 2018Swati Khandelwal
Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world's most popular social network at risk. Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for entered queries. According to Imperva researcher Ron Masas, the page that displays search results includes iFrame elements associated with each outcome, where the endpoint URLs of those iFrames did not have any protection mechanisms in place to protect against cross-site request forgery (CSRF) attacks. It should be noted that the newly reported vulnerability has already been patched, and unlike previously disclosed flaw in Facebook that exposed personal information of 30 million users , it did not allow attackers to extract information from mass accounts at once. How Does the Facebo
Facebook Fined £500,000 for Cambridge Analytica Data Scandal

Facebook Fined £500,000 for Cambridge Analytica Data Scandal

October 25, 2018Swati Khandelwal
Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users . The fine has been imposed by the UK's Information Commissioner's Office ( ICO ) and was calculated using the UK's old Data Protection Act 1998 which can levy a maximum penalty of £500,000 — ironically that’s equals to the amount Facebook earns every 18 minutes. The news does not come as a surprise as the U.K.'s data privacy watchdog already notified the social network giant in July this year that the commission was intended to issue the maximum fine. For those unaware, Facebook has been under scrutiny since earlier this year when it was revealed that the personal data of 87 million users was improperly gathered and misused by political consultancy firm Cambridge Analytica , who reportedly helped Donald Trump win the US presidency in 2016. The ICO, who launched an investigation
30 Million Facebook Accounts Were Hacked: Check If You're One of Them

30 Million Facebook Accounts Were Hacked: Check If You're One of Them

October 13, 2018Swati Khandelwal
Late last month Facebook announced its worst-ever security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the 'View As' feature. At the time of the initial disclosure, Facebook estimated that the number of users affected by the breach could have been around 50 million, though a new update published today by the social media giant downgraded this number to 30 million. Out of those 30 million accounts, hackers successfully accessed personal information from 29 million Facebook users, though the company assured that the miscreants apparently didn’t manage to access any third-party app data . Here's How Facebook Classified the Stolen Data: Facebook vice president of product management Guy Rosen published a new blog post  Friday morning to share further details on the massive security breach, informing that the hackers stole data from those affected accounts, as follows: For about 1
Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data

October 08, 2018Swati Khandelwal
Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their usernames, email addresses, occupation, date of birth, profile photos, and gender-related information. Since Google+ servers do not keep API logs for more than two weeks, the company cannot confirm the number of users impacted by the vulnerability. However, Google assured its users that the company found no evidence that any developer was aware of this bug, or that the profile data was misused by any of the 438 developers that could have had access. "However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,00
Facebook Hacked — 10 Important Updates You Need To Know About

Facebook Hacked — 10 Important Updates You Need To Know About

September 29, 2018Swati Khandelwal
If you also found yourself logged out of Facebook on Friday, you are not alone. Facebook forced more than 90 million users to log out and back into their accounts in response to a massive data breach. On Friday afternoon, the social media giant disclosed that some unknown hackers managed to exploit three vulnerabilities in its website and steal data from 50 million users and that as a precaution, the company reset access tokens for nearly 90 million Facebook users. We covered a story yesterday based upon the information available at that time. Facebook Hack: 10 Important Updates You Need To Know About However, in a conference call [ Transcript 1 , Transcript 2 ] with reporters, Facebook vice president of product Guy Rosen shared a few more details of the terrible breach, which is believed to be the most significant security blunder in Facebook's history. Here's below we have briefed the new developments in the Facebook data breach incident that you need to know abo
Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw

Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw

September 28, 2018Swati Khandelwal
Logged out from your Facebook account automatically? Well you're not alone… Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts. UPDATE:  10 Important Updates You Need To Know About the Latest Facebook Hacking Incident . In a brief blog post published Friday, Facebook revealed that its security team discovered the attack three days ago (on 25 September) and they are still investigating the security incident. The vulnerability, whose technical details has yet not been disclosed and now patched by Facebook, resided in the "View As" feature—an option that allows users to find out what other Facebook users would see if they visit your profile. According to the social media giant, the vulnerability allowed hackers to steal secret access tokens that could then be used to directly access users' private in
SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users

SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users

September 25, 2018Swati Khandelwal
U.S. online fashion retailer SHEIN has admitted that the company has suffered a significant data breach after unknown hackers stole personally identifiable information (PII) of almost 6.5 million customers. Based in North Brunswick and founded in 2008, SHEIN has become one of the largest online fashion retailers that ships to more than 80 countries worldwide. The site has been initially designed to produce "affordable" and trendy fashion clothing for women. SHEIN revealed last weekend that its servers had been targeted by a "concerted criminal cyber-attack" that began in June this year and lasted until August 22, when the company was finally made aware of the potential theft. Soon after that, the company scanned its servers to remove all possible backdoored entry points, leveraging which hackers could again infiltrate the servers. SHEIN assured its customers that the website is now safe to visit. Hackers Stole Over 6.42 Million SHEIN Customers' Data
UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

UK Regulator Fines Equifax £500,000 Over 2017 Data Breach

September 20, 2018Swati Khandelwal
Atlanta-based consumer credit reporting agency Equifax has been issued a £500,000 fine by the UK's privacy watchdog for its last year's massive data breach that exposed personal and financial data of hundreds of millions of its customers. Yes, £500,000—that's the maximum fine allowed by the UK's Data Protection Act 1998, though the penalty is apparently a small figure for a $16 billion company. In July this year, the UK's data protection watchdog issued the maximum allowed fine of £500,000 on Facebook over the Cambridge Analytica scandal , saying the social media giant Facebook failed to prevent its citizens' data from falling into the wrong hands. Flashback: The Equifax Data Breach 2017 Equifax suffered a massive data breach last year between mid-May and the end of July, exposing highly sensitive data of as many as 145 million people globally. The stolen information included victims' names, dates of birth, phone numbers, driver's licens
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.