#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

identity theft | Breaking Cybersecurity News | The Hacker News

Category — identity theft
DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud

DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud

Jan 08, 2024 Financial Fraud / Cybercrime
The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace , which is estimated to have facilitated more than $68 million in fraud. In  wrapping up its investigation  into the dark web portal, the agency said the transnational operation was the result of close cooperation with law enforcement authorities from Belgium, Germany, the Netherlands, Ukraine, and Europol. Of the 19 defendants, three have been sentenced to 6.5 years in prison, eight have been awarded jail terms ranging from one year to five years, and one individual has been ordered to serve five years' probation. One among them includes Glib Oleksandr Ivanov-Tolpintsev, a Ukrainian national who was  sentenced to four years in prison  in May 2022 for selling compromised credentials on xDedic and making $82,648 in illegal profits. Dariy Pankov, described by the DoJ as one of the highest sellers by volume, offered credentials of no less than 35,000 ha
German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation

German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation

Dec 21, 2023 Dark Web / Cybercrime
German law enforcement has announced the disruption of a dark web platform called  Kingdom Market  that specialized in the sales of narcotics and malware to "tens of thousands of users." The  exercise , which involved collaboration from authorities from the U.S., Switzerland, Moldova, and Ukraine, began on December 16, 2023, the Federal Criminal Police Office (BKA) said. Kingdom Market is said to have been accessible over the TOR and Invisible Internet Project (I2P) anonymization networks since at least March 2021, trafficking in illegal narcotics as well as advertising malware, criminal services, and forged documents. As many as 42,000 products have been sold via several hundred seller accounts on the English language platform prior to its takedown, with 3,600 of them originating from Germany.  Transactions on the Kingdom Market were facilitated through cryptocurrency payments in the form of Bitcoin, Litecoin, Monero, and Zcash, with the website operators receiving a 3
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

Oct 01, 2024Generative AI / Data Protection
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security concerns, many have been forced to choose between unrestricted GenAI usage to banning it altogether. A new e-guide by LayerX titled 5 Actionable Measures to Prevent Data Leakage Through Generative AI Tools is designed to help organizations navigate the challenges of GenAI usage in the workplace. The guide offers practical steps for security managers to protect sensitive corporate data while still reaping the productivity benefits of GenAI tools like ChatGPT. This approach is intended to allow companies to strike the right balance between innovation and security. Why Worry About ChatGPT? The e
Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

Dec 20, 2023 Identity Theft / SMS Phishing
The Chinese-speaking threat actors behind  Smishing Triad  have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country. "These criminals send malicious links to their victims' mobile devices through SMS or iMessage and use URL-shortening services like Bit.ly to randomize the links they send," Resecurity  said  in a report published this week. "This helps them protect the fake website's domain and hosting location." Smishing Triad was  first documented  by the cybersecurity company in September 2023, highlighting the group's use of compromised Apple iCloud accounts to send smishing messages for carrying out identity theft and financial fraud.  The threat actor is also known to offer ready-to-use smishing kits for sale to other cybercriminals for $200 a month, alongside eng
cyber security

2024 State of SaaS Security Report eBook

websiteWing SecuritySaaS Security / Insider Threat
A research report featuring astonishing statistics on the security risks of third-party SaaS applications.
Microsoft Takes Legal Action to Crack Down on Storm-1152's Cybercrime Network

Microsoft Takes Legal Action to Crack Down on Storm-1152's Cybercrime Network

Dec 14, 2023 Cybercrime / Threat intelligence
Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors, netting the operators millions of dollars in illicit revenue. "Fraudulent online accounts act as the gateway to a host of cybercrime, including mass phishing, identity theft and fraud, and distributed denial-of-service (DDoS) attacks," Amy Hogan-Burney, the company's associate general counsel for cybersecurity policy and protection,  said . These cybercrime-as-a-service (CaaS) offerings, per Redmond, are designed to get around identity verification software across various technology platforms and help minimize the efforts needed to conduct malicious activities online, including phishing, spamming, ransomware, and fraud, effectively lowering the barriers to entry for attackers. Multiple threat actors,
34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams

34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams

Oct 24, 2023 Cyber Fraud / Cyber Crime
Spanish law enforcement officials have  announced  the arrest of 34 members of a criminal group that carried out various online scams, netting the gang about €3 million ($3.2 million) in illegal profits. Authorities conducted searches across 16 locations Madrid, Malaga, Huelva, Alicante, and Murcia, seizing two simulated firearms, a katana sword, a baseball bat, €80,000 in cash, four high-end vehicles, and computer and electronic material worth thousands of euros. The operation also uncovered a database with cross-referenced information on four million people that was collated after infiltrating databases belonging to financial and credit institutions. The scams, which were conducted via email, SMS, and phone calls, entailed the threat actors masquerading as banks and electricity supply companies to defraud victims, in some cases even perpetrating  "son in distress" calls  and manipulating delivery notes from technology firms. In one instance, the miscreants reportedly
Android Banking Trojan Tricks Victims into Submitting Selfie Holding their ID Card

Android Banking Trojan Tricks Victims into Submitting Selfie Holding their ID Card

Oct 15, 2016
While some payment card companies like Mastercard have switched to selfies as an alternative to passwords when verifying IDs for online payments, hackers have already started taking advantage of this new security verification methods. Researchers have discovered a new Android banking Trojan that masquerades primarily as a video plugin, like Adobe Flash Player, pornographic app, or video codec, and asks victims to send a selfie holding their ID card, according to a blog post published by McAfee. The Trojan is the most recent version of Acecard that has been labeled as one of the most dangerous Android banking Trojans known today, according to Kaspersky Lab Anti-malware Research Team. Once successfully installed, the trojan asks users for a number of device's permissions to execute the malicious code and then waits for victims to open apps, specifically those where it would make sense to request payment card information. Acecard Steals your Payment Card and Real ID det
How Hackers Can Hack Your Chip-and-PIN Credit Cards

How Hackers Can Hack Your Chip-and-PIN Credit Cards

Oct 21, 2015
October 1, 2015, was the end of the deadline for U.S. citizens to switch to Chip-enabled Credit Cards for making the transactions through swipe cards safer. Now, a group of French forensics researchers have inspected a real-world case in which criminals played smart in such a way that they did a seamless chip-switching trick with a slip of plastic that it was identical to a normal credit card. The researchers from the École Normale Supérieure University and the Science and Technology Institute CEA did a combined study of the subject, publishing a research paper [ PDF ] that gives details of a unique credit card fraud analyzed by them. What's the Case? Back in 2011 and 2012, police arrested five French citizens for stealing about 600,000 Euros (~ $680,000) as a result of the card fraud scheme, in spite of the Chip-and-PIN cards protections. How did the Chip-and-Pin Card Fraud Scheme Work? On investigating the case, the researchers discovered that the n
Data Breach Day — Patreon (2.3M), T-Mobile (15M) and Scottrade (4.6M) — HACKED!

Data Breach Day — Patreon (2.3M), T-Mobile (15M) and Scottrade (4.6M) — HACKED!

Oct 03, 2015
This week, three high-profile data breaches took place, compromising personal and sensitive details of millions of people. Telecommunication giant T-Mobile Crowdfunding website Patreon US brokerage firm Scottrade In T-Mobile's case, its credit application processor Experian was hacked , potentially exposing highly sensitive details of 15 Million people who applied for its service in the past two years. The stolen data includes home addresses, birth dates, driver's license number, passport number, military I.D. numbers and – most unfortunately – the Social Security numbers, among other information. Patreon Hack Hits 2.3 Million Users In Patreon's case, hackers managed to steal almost 15 gigabytes' worth of data including names, shipping addresses and email addresses of 2.3 Million users . In a post published late Wednesday, Patreon CEO Jack Conte confirmed that the crowdfunding firm had been hacked and that the personal data of its users h
How to Freeze Credit Report To Protect Yourself Against Identity Theft

How to Freeze Credit Report To Protect Yourself Against Identity Theft

Oct 03, 2015
If your Social Security number gets hacked in any data breaches, including recently hacked T-Mobile , then there's a way to prevent hackers from misusing your identity (i.e. identity theft ). The solution here is that you can institute a security freeze at each of the three credit bureaus, Equifax , Experian , or TransUnion . Once frozen, nobody will be allowed to access your credit report, which will prevent any identity thieves from opening new accounts in your name. Because most creditors required to see your credit report before approving a new account. But, if they are restricted to see your file, they may not extend the credit or open a new account in your name. However, there are some disadvantages of doing so. 1.   Cost The cost of a security freeze differs by state (check yours here ). However, it is often free for already affected people, but the issue is – if you want to let anyone check your credit, you will need to pay a fee every time to
Experian Breach: 15 Million T-Mobile Customers' Data Hacked

Experian Breach: 15 Million T-Mobile Customers' Data Hacked

Oct 03, 2015
If you applied for financing from T-Mobile anytime between 1 September 2013 and 16 September 2015, you have been HACKED! – even if you never had T-Mobile service. T-Mobile's credit application processor Experian was hacked, potentially exposing the highly personal information of more than 15 million people in the United States. The stolen information includes names, addresses, phone numbers and – most unfortunately – Social Security numbers . The massive data breach was first discovered in mid-September and has now been confirmed by T-Mobile CEO John Legere . According to Legere, Hackers successfully obtained Millions of people's private information through Experian, one of the world's largest credit check companies that process T-Mobile's credit applications. Both customers and people who submitted to a T-Mobile credit check ( but either canceled or never activated their T-Mobile service ) between September 1, 2013, and September 16, 2015, are most at ris
25 Million 'NAVER' Accounts Breached using Stolen Data

25 Million 'NAVER' Accounts Breached using Stolen Data

Mar 27, 2014
A 31-year-old South Korean has been recently accused by the police for the allegation of infiltrating and hacking the accounts of 25 million users of   Naver , one of the popular search portal in South Korea. On Wednesday, the Asian National Police Agency revealed that the suspect purchased the private information of 25 million users, including names, residential numbers, Internet IDs and passwords from a Korean-Chinese, back in August last year, Korea Herald reported. The suspect surnamed  ' Seo ', supposedly used the purchased information to hack into the accounts of Naver users and sent out spam messages and other ' illicit emails ' to the account holders. He had made an illegal profit of some 160 million won ( $148,000 ) using this, according to the report. Also a hacker surnamed  ' Hong ', has been arrested by the police who was suspected to develop the hacking program that automatically enter users' IDs and passwords, which was apparently used by
16 Million German Users' Data Compromised in mysterious Botnet Malware attack

16 Million German Users' Data Compromised in mysterious Botnet Malware attack

Jan 22, 2014
A New day begins with a Cup of Coffee and with new massive Data Breach News. This time in Germany, the Digital identities of about 16 million online users had been stolen, and posing a risk to their accounts linked to social media and other services. Federal Office for Information Security (BSI) discovered a security breach after running an analysis of the botnet network of computers infected with malware . The compromised accounts have email addresses as their username and also the passwords were stolen, that could also be sold to spammers and people looking to " phish " account holders. Until now it hasn't been known that how and when the analysis was carried out and who exactly were involved behind this massive data breach, as the BSI refused to give details on the source of the information. Authorities have set up a German-language website which allows users to enter their email address and check whether their email accounts are compromised or not.
Russian hackers stole Personal details of 54 million Turkish Citizens

Russian hackers stole Personal details of 54 million Turkish Citizens

Dec 17, 2013
The Publicized Hacks, Cyber attacks and Data breaches continue to increase, and the majority of attacks are from outsiders. Recently, Some unknown Russian hackers have reportedly stolen Personal details of nearly 54 million Turkish citizens, about 70% of the whole Turkish population. According to a report published by ' Hurriyet News ', Researchers from  KONDA  Security firm revealed that the hackers have stolen data from a political party's  vulnerable  system that include Name, ID numbers and address of 54 million voters across the Nation. Researchers claimed that the hacked system (being used for Database and website Management) did not have any antivirus product installed and voter information was also uploaded online on a vulnerable website. This was really a bad idea, and they mentioned that " in two hours hackers downloaded all the information. " In another statement, they mentioned that some government institutions share citizen's personal data online with o
Hacker sold personal data of 4 million US citizens online; risk of potential Identity Theft

Hacker sold personal data of 4 million US citizens online; risk of potential Identity Theft

Sep 27, 2013
An illegal service that sells personal data of US citizens online, which can then be used for identity theft hacked into the networks of three major data brokers and Hacker stole their databases. Cyber attack has given them access to Social Security Numbers , dates of birth, and other personal details that could put all our finances at risk. Krebs's blog revealed that the service, known as SSNDOB ( ssndob.ms)  (Social Security Number Date of Birth) used malware to obtain secret access to the databases of LexisNexis, Dun & Bradstreet and Kroll Background America. Hackers are charging from 50 cents to $2.50 per record and from $5 to $15 for credit and background checks. It was discovered in March that another website, exposed.su was using data collected by SSNDOB to sell to its customers.  Through the use of a botnet Malware, ID thieves the ID thieves gained access to the networks of LexisNexis, that it provides coverage of more than 500 million unique consumer identities.
22 million Yahoo IDs stolen from their Japanese Server

22 million Yahoo IDs stolen from their Japanese Server

May 18, 2013
22 million Yahoo! Japan's user IDs may have been stolen during an unauthorised attempt to access the administrative system of its Japan portal. " We don't know if the file of 22 million user IDs was leaked or not, but we can't deny the possibility given the volume of traffic between our server and external terminals ", Yahoo said. The information did not include passwords and the kind of data necessary to verify a user's identity or reset passwords, it said, adding that the company had updated its security measures to prevent a repeat of the incident. In 2011, Sony said information such as usernames, passwords and birth dates of more than 100 million people may have been compromised after hackers struck the PlayStation Network and Sony Online Entertainment services. Japan acknowledges that its preventative measures against cyberattacks remain underdeveloped, with the national police agency having announced this month it would launch a team to analyze and combat cyberatt
Philippine court suspends Anti Cybercrime law

Philippine court suspends Anti Cybercrime law

Oct 10, 2012
The Philippine Supreme Court on Tuesday suspended implementation of Republic Act 10175 or the Cybercrime Prevention Act for 120 days, while it decides whether certain provisions violate civil liberties. The law, signed last month, aims to combat Internet crimes such as hacking, identity theft, spamming, cybersex and online child pornography. Human Rights Watch, a human rights monitoring group, hailed reports of the TRO, and called on the tribunal to strike down what it called a "seriously flawed law." Many Facebook and Twitter users, and the portals of several media organisations in the Philippines, have replaced their profile pictures with black screens to protest against the law. Hackers also defaced several government websites in protest. Journalists and citizen groups are protesting because the law also doubles the normal penalty for libel committed online and blocks access to websites deemed to violate the law. They fear such provisions will be used by politicians
Minnesota Man Faces Prison for Hacking Neighbor's WiFi

Minnesota Man Faces Prison for Hacking Neighbor's WiFi

Dec 23, 2010
Animosity between neighbors has landed a Minnesota man in serious legal trouble. Vincent Ardolf of Blaine, Minn., is facing decades in prison after pleading guilty to hacking his neighbor's WiFi, distributing child pornography, and threatening the Vice President of the United States. Ardolf halted his trial on December 17 by admitting to these crimes. He confessed to two counts of aggravated identity theft, one count of possession of child pornography, distribution of child pornography, unauthorized access to a protected computer, and making threats against Vice President Joe Biden. Authorities revealed that in February 2009, Ardolf hacked into his neighbor's WiFi and created multiple Yahoo email accounts under his neighbor's name. On May 6, 2009, he used one of these accounts to send an email to Biden's office. The email read: "This is a terrorist threat! Take this seriously. I hate the way you people are spending money you don't have... I'm assigning myself to be judge
CitySights NY Data Breach Exposes 110,000 Customers' Personal Information

CitySights NY Data Breach Exposes 110,000 Customers' Personal Information

Dec 23, 2010
CitySights NY, a company that organizes New York City tours on double-decker buses, has experienced a significant data breach. The personal information of 110,000 customers, including names, addresses, email addresses, credit card numbers, expiration dates, and Card Verification Value (CVV2) codes, was stolen. The breach likely occurred on September 26, when attackers used an SQL injection to upload a malicious script to the web server. The intrusion was discovered on October 25 by a web programmer who found the unauthorized script. According to a breach notification letter sent to and published by New Hampshire's attorney general, Twin America, CitySights NY's parent company, confirmed the compromise. In response to the breach, Twin America has taken several steps to enhance data security, including: Changing all administrative-level passwords to more complex ones. Restricting access to the administration panel and server to a few pre-approved IP addresses. Patching scri
January: Prime Month for Mail Theft and Identity Fraud

January: Prime Month for Mail Theft and Identity Fraud

Dec 23, 2010
Checking the mail in December is typically a pleasant experience, filled with holiday cards and packages. Then comes January. Besides the Christmas bills, mailboxes begin to overflow with W-2s, 1099s, statements from financial institutions, and IRS forms. It's no wonder John Ulzheimer, president of consumer education for Smartcredit.com, calls January the most dangerous month for mail. "January is a high-value month for thieves," he said. It's particularly easy for thieves to dip into someone's mailbox, take the envelopes, and gain all the information needed to steal someone else's identity. How to best protect mail, short of meeting the mail carrier at the mailbox each day, is a significant challenge. You shouldn't stop your mail because many items are time-sensitive. Creating an alternative delivery destination, like a P.O. box, could cause more trouble than it's worth, said Ulzheimer. The first step is to know what tax-related statements you should be receiving. For mos
Law Enforcement Officers Witness Cyber Theft Demonstration at UNLV Conference

Law Enforcement Officers Witness Cyber Theft Demonstration at UNLV Conference

Dec 21, 2010
Nearly 100 law enforcement officers recently witnessed how easily an identity thief can steal electronic information. During a UNLV conference, a cybercrime expert used a $30 device to intercept data from their smartphones. Welcome to the dark side of the 21st century. As technology advances, so do the methods of thieves. They now target computers, phones, ATMs, credit card machines, and any device holding personal information. Identity theft is a severe crime. Criminals can quickly wreak havoc by draining bank accounts, taking out loans, and racking up credit card debts. A victim's credit score can be ruined in no time. As reported by Steve Kanigher in the Las Vegas Sun, Nevada has been a hotspot for identity theft. According to the Federal Trade Commission, Nevada ranked fifth in the nation for identity theft last year. This is an improvement from 2005 when it was second. Metro Police reported 2,063 cases from January to November 13 this year, down from 2,440 during the same
Cybersecurity
Expert Insights / Articles Videos
Cybersecurity Resources