Wired: How My Instagram Hacker Changed My Life. “I met Mohamad four months ago when I discovered that my Instagram account had been hacked. I was early to Instagram, a feat that allowed me to nab the handle for my popular first name: @negar. I’d become attached to my account. But in mid April I’d opened up the app and noticed that my username had changed. I wasn’t @negar anymore: I was @negar76795, with all my personal information and 6,300 followers. At first I assumed it must be some routine maintenance. But I noticed that no one else had a modified handle.” ….wow.
The Hacker News: Someone Hijacks A Popular Chrome Extension to Push Malware. “Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users.”
NLTimes: Dutch Police Launch Database With Hacked Email Addresses. “The police launched a special database on which citizens can check whether their email address or other login details have been hacked or stolen. The database contains the email addresses the police found during cybercrime investigations, RTL Nieuws reports.”
ZDNet: Hard Rock, Loews hotels admit data breach. “Hard Rock Hotels & Casinos alongside Loews Hotels have warned customers that a security failure may have resulted in the theft of their information. Both incidents appear to have been linked to a third-party reservation platform, SynXis, which only begun informing client hotels of the security breach in June, months after the attacks took place.”
The Register: For all the chaos it sows, fewer than 1% of threats are actually ransomware. “Ransomware dominated the threat landscape last year even though file-encrypting nasties made up less than one in a hundred examples of different Windows malware during 2016. The mode of action and damage created by file-encrypting trojans makes them a much greater threat than implied by a consideration of the numbers, according to a study by security testing outfit AV-Test.”
The Inquirer: Google employee data exposed in travel agency breach. “GOOGLE HAS TOLD ITS STAFFERS that a hack on a travel and hospitality firm may have cost them their personal information, and advised them to complain to the Federal Trade Commission and to check their financial statements for any gaping holes.”
Krebs on Security: Credit Card Breach at Buckle Stores. “On Friday morning, KrebsOnSecurity contacted The Buckle after receiving multiple tips from sources in the financial industry about a pattern of fraud on customer credit and debit cards which suggested a breach of point-of-sale systems at Buckle stores across the country. Later Friday evening, The Buckle Inc. released a statement saying that point-of-sale malware was indeed found installed on cash registers at Buckle retail stores, and that the company believes the malware was stealing customer credit card data between Oct. 28, 2016 and April 14, 2017.”