ZDNet: Canadian retailer’s servers storing 15 years of user data sold on Craigslist

ZDNet: Canadian retailer’s servers storing 15 years of user data sold on Craigslist. “A security researcher has found customer and employee data belonging to one of Canada’s biggest PC hardware retailers on servers put up for sale on Craigslist. The data, believed to go back as far as 15 years, belongs to NCIX, a PC retailer that filed for bankruptcy and closed shop in December 2017. The massive privacy breach appears to have taken place after the retailer closed its stores last year and retired old servers and employee workstations.”

Engadget: Hackers gain access to millions of T-Mobile customer details

Engadget: Hackers gain access to millions of T-Mobile customer details. “T-Mobile has fallen foul of yet another cybersecurity issue. In a statement released this week the company said that an unauthorized entry into its network may have given hackers access to customer records, including billing ZIP codes, phone numbers, email addresses and account numbers. According to T-Mobile, the intrusion was quickly shut down, and no financial data, social security numbers or passwords were compromised.”

Ars Technica: Password breach teaches Reddit that, yes, phone-based 2FA is that bad

Ars Technica: Password breach teaches Reddit that, yes, phone-based 2FA is that bad. “In a post published Wednesday, Reddit said an attacker breached several employee accounts in mid-June. The attacker then accessed a complete copy of backup data spanning from the site’s launch in 2005 to May 2007. The data included cryptographically salted and hashed password data from that period, along with corresponding user names, email addresses, and all user content, including private messages. The attacker also obtained email digests that were sent between June 3 and June 17 of this year. Those digests included usernames and their associated email address, along with Reddit-suggested posts from safe-for-work subreddits users were subscribed to.”

TechCrunch: Dixons Carphone now says ~8.8M more customers affected by 2017 breach

TechCrunch: Dixons Carphone now says ~8.8M more customers affected by 2017 breach . “A Dixons Carphone data breach that was disclosed earlier this summer was worse than initially reported. The company is now saying that personal data of 10 million customers could also have been accessed when its systems were hacked. The European electronics and telecoms retailer believes its systems were accessed by unknown and unauthorized person/s in 2017, although it only disclosed the breach in June, after discovering it during a review of its security systems.”

BetaNews: Timehop admits its security breach was worse than first thought

BetaNews: Timehop admits its security breach was worse than first thought. “The security breach suffered by Timehop on July 4 was much more serious than the company first thought. In an update to its original announcement, the company has revealed that while the number of account affected by the breach — 21 million — has not changed, the range of personal data accessed by hackers is much broader.”

Bleeping Computer: Timehop Security Breach Affects the Company’s Entire 21 Million Userbase

Bleeping Computer: Timehop Security Breach Affects the Company’s Entire 21 Million Userbase. “Timehop, a mobile app that surfaces old social media posts from the same day but from previous years, has announced a security breach affecting its entire userbase of over 21 million users. Not all users were affected to the same extent. The company said a hacker gained access to its infrastructure and stole details on its users that included usernames, emails, telephone numbers, and access keys.”

BetaNews: Dixons Carphone suffers two major security breaches exposing customers’ bank card details and personal information

BetaNews: Dixons Carphone suffers two major security breaches exposing customers’ bank card details and personal information. “Another week, another cyberattack. This time around, it’s the Dixons Carphone group which says it has fallen victim to not one but two major breaches. The bank card details of 5.9 million customers have been accessed by hackers in the first breach. In the second, the personal records of 1.2 million people have been exposed.”