Los Angeles Times: Equifax hack exposed more information than we thought, documents show. “… Atlanta-based Equifax Inc. recently disclosed in a document submitted to the Senate Banking Committee, which was shared with Associated Press, that a forensic investigation found criminals accessed other information from company records. That included tax identification numbers, email addresses and phone numbers. Details, such as the expiration dates for credit cards or issuing states for driver’s licenses, were also included in the list.”
Motherboard: New Tool Automatically Finds and Hacks Vulnerable Internet-Connected Devices. “Hacking isn’t always hard. Some lower-tier hackers use programs to automatically churn through breached login details to break into other accounts, and some penetration testing tools are designed to streamline processes so hackers can get to the more interesting stuff as quickly as possible. Enter AutoSploit, a program which takes that idea of efficient hacking, but severely ramps up the potential for damage by automating pretty much everything, including the process of finding a vulnerable target to attack.” Hoo boy.
Phys.org: Combating data breach fatigue. “If you shop online or swipe a credit or debit card when out to eat, you’ve likely received a notice your personal information was compromised in a data breach. And if you’re like most consumers, chances are you did nothing in response, says an Iowa State University researcher. Cyberattacks are so prevalent that Rui Chen, an associate professor of information systems in ISU’s Ivy College of Business, says consumers are experiencing data breach fatigue. Chen and colleagues at the University of Texas at San Antonio (Eric Bachura, Rohit Valecha, H. Raghav Rao) are working to understand this behavior.”
The Next Web: Reddit admits its email provider was hacked to steal Bitcoin Cash tips. “Following a brigade of spooked Redditors reporting hacked accounts and missing Bitcoin Cash tips, Reddit has now revealed the results of its internal investigation – and it doesn’t look good. A hacker purportedly breached the platform’s third-party password reset system, forcing access to the accounts of multiple victims.”
CNET: Homeland Security breach exposes data on 240,000 employees. “The breach at the DHS Office of Inspector General (OIG) Case Management System affected 247,167 people employed by DHS in 2014, as well as subjects, witnesses and complainants associated with DHS OIG investigations from 2002 through 2014, the department said in a statement. Information exposed included Social Security numbers, dates of birth, positions, grades and duty stations.”
BetaNews: 2017: Year of the data breach. “Barely a week seemed to go by in 2017 without news of a new data breach exposing customer or commercial data. But just how bad was it? File transfer specialist Ipswitch has put together an infographic looking at the year in breaches.”
CNET: Forever 21: Yes, hackers breached our payment system. “A breach at Forever 21 left customer payment card information exposed to hackers, the retailer confirmed Thursday. The company didn’t specify how many customers had information stolen, but said various point of sales terminals were affected between April 3 and November 18, 2017. Hackers collected credit card numbers, expiration dates, verification codes and sometimes cardholder names.” Over six months.