Mashable: Report: Hackers use simple trick to target U.S. presidential campaign and government officials. “Hacking email accounts doesn’t have to be a sophisticated affair. We are reminded once again of this fact thanks to a report released Friday by the Microsoft Threat Intelligence Center detailing how a group of hackers targeted the email accounts of journalists, government officials, and the campaign of a U.S. presidential candidate. And here’s the thing, the bad actors didn’t use some fancy 1337 computer skills, but rather employed the oldest trick in the book: the password reset.”
Thompson Reuters Foundation: Medical data breach puts details of a million New Zealanders at risk. “Nearly a million New Zealanders face the risk that their medical data has been accessed illegally after a cyber attack on the website of Tū Ora Compass Health, the company said on Saturday.”
NBC News: Ex-Yahoo engineer pleads guilty to hacking thousands of accounts. “A former Yahoo software engineer pleaded guilty Monday to hacking into the accounts of thousands of Yahoo users while looking for sexual images and videos, according to federal prosecutors and court documents.”
CNET, dammit: Zynga data breach exposed 200 million Words with Friends players. “A hacker is reportedly claiming responsibility for a September data breach of popular mobile game Words with Friends that may have resulted in the theft of information from more than 200 million players accounts, including names, email addresses, login IDs and more.” Who has insomnia, two thumbs, and plays Words with Friends like a little ol’ fiend?….
Boston Magazine: New York Attorney General: Dunkin’s Response to App Breach Was Full of Holes. “On Thursday, [New York] Attorney General Letitia James announced a lawsuit against Dunkin’ Brands Inc. following a series of cyberattacks on the chain’s mobile DD Perks app. According to the lawsuit, Dunkin’ failed to notify nearly 20,000 customers impacted by the attacks, even though their information, including the funds loaded onto their accounts, was at risk.”
TechCrunch: DoorDash confirms data breach affected 4.9 million customers, workers and merchants. “The food delivery company said in a blog post Thursday that 4.9 million customers, delivery workers and merchants had their information stolen by hackers. The breach happened on May 4, the company said, but added that customers who joined after April 5, 2018 are not affected by the breach.”
Ars Technica: Payment card thieves hack Click2Gov bill paying portals in 8 cities. “In 2017 and 2018, hackers compromised systems running the Click2Gov self-service bill-payment portal in dozens of cities across the United States, a feat that compromised 300,000 payment cards and generated nearly $2 million of revenue. Now, Click2Gov systems have been hit by a second wave of attacks that’s dumping tens of thousands of records onto the Dark Web, researchers said on Thursday.”