Digital Trends has a very scary story about how easy it is for an Amazon account to be hacked. “It turns out if you want to break into someone else’s Amazon account, you don’t need to know their password, mother’s maiden name, or what their first pet was called. You just need to keep asking for information. That’s what happened with the case of Eric Springer, who found that Amazon customer support had handed over his personal information with just some gentle prodding.” Good grief, Amazon.
Time Warner is warning that some customer data might have been stolen. “Time Warner Cable Inc. said on Wednesday up to 320,000 customers may have had their email passwords stolen. The company said email and password details were likely gathered either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored Time Warner Cable’s customer information, including email addresses.” I’m just now reading about this. 320,000 doesn’t sound like a lot, but in my experience these numbers tend to go up…
Microsoft has jumped on the “we will warn users of possible state-sponsored hacking” bandwagon. “Microsoft told Reuters about the plan in a statement. It comes nine days after Reuters asked the company why it had decided not to tell victims of a hacking campaign, discovered in 2011, that had targeted international leaders of China’s Tibetan and Uighur minorities in particular.” This service mentions Outlook.com specifically. It’s not clear if users of other Microsoft services would be warned.
The country of Turkey is getting an unhappy Christmas present: a heavy cyber attack. “Turkish Internet servers are suffering a powerful cyber attack, slowing banking services and fanning fears that it could be a politically motivated attack from abroad….Nic.tr, a non-governmental organisation that administers addresses for websites using the ‘tr’ domain, said Thursday that the attack appeared to be from ‘organised sources’ outside Turkey.”
Yahoo is now warning users about potential state-sponsored attacks. “Yahoo’s security team, dubbed the ‘Paranoids,’ will provide notifications to targeted users with ‘specific actions’ so that they can ensure their Yahoo accounts are safe and secure.”
Bait and switch hacking is gaining some ground in Google. “With bait-and-switch hacking, someone gains access to a site and begins publishing pages on topics that the site itself doesn’t normally cover. The site might not even be aware that the pages exist. The hackers are hoping to leverage the authority of the sites they hack. The idea is that publishing such content on an existing site might do better than trying to publish it on a new site.” I see this fairly frequently on .edu sites, unfortunately…
And in TODAY’S episode of “Hotels reporting hacking/malware incidents,” it’s Hyatt. From a press release yesterday: “Hyatt Hotels Corporation (NYSE: H) today announced that it recently identified malware on computers that operate the payment processing systems for Hyatt-managed locations. As soon as Hyatt discovered the activity, the company launched an investigation and engaged leading third-party cyber security experts.”
Twitter is now warning some of its users about state-sponsored attacks. “The attack is currently being investigated by Twitter. In their notice to users, Twitter said that the attack only impacted usernames, IP address, email addresses, and phone numbers if a phone number was associated with the account. Twitter did not say which state was implicated—it could have been China, Russia, or even the US.”
Interesting: a recent attempt to spear-phish US government employees was first detected by… Facebook? “The first warning of the attacks came from Facebook, which alerted some of the affected users that their accounts had been compromised by a state-sponsored attack, The New York Times reports. The Iranian Revolutionary Guard hackers used the access to identify the victims’ contacts and build ‘spear-phishing’ attacks that gave them access to targeted individuals’ e-mail accounts. The attack ‘was very carefully designed and showed the degree to which they understood which of our staff was working on Iran issues now that the nuclear deal is done,’ an unnamed senior US official told the Times.”
I am now officially scared to give my credit card to a hotel. Hilton has finally acknowledged that it was the victim of seventeen weeks of hacking. “Two months after KrebsOnSecurity first reported that multiple banks suspected a credit card breach at Hilton Hotel properties across the country, Hilton has acknowledged an intrusion involving malicious software found on some point-of-sale systems.”
Starwood Hotels has been the victim of a hack. “Starwood Hotels, which operates well-known hotel brands such as Westin, Sheraton, W Hotels and Le Méridien, said Friday that hackers had infected point of sale payment systems in some of its locations in North America.”
Victims of the Patreon hack are being threatened with extortion. “In the wee hours of the morning scammers took to the Internet to demand payment in the form of Bitcoin in exchange for keeping your private Patreon data — including tax ID, tax forms, SSN, DOB, and credit card details — off the Web.”
Comcast is having 200,000 customers reset their passwords but says it wasn’t hacked. “[A] package of personal data, including the e-mail addresses and passwords of Comcast customers, was listed for sale for $1,000 on a Dark Web site that was also marketing a number of other questionable goods. The Dark Web is a collection of sites that are publicly accessible but cannot found by search engines. “
And TODAY’S hack to tell you about IS… Vodafone. “In a statement today, the company said that between midnight on October 28th and midday on the 29th, it saw an unauthorised party attempt to access customer’s details, including bank account numbers. Unlike its telecoms rival, which saw its website compromised via SQL injection, the carrier believes the source of the attack stems from criminals utilising ’email addresses and passwords acquired from an unknown source external to Vodafone.’”
The low-cost Web hosting service 000Webhost has been hacked, and it appears it had some revolting security practices. “[Troy] Hunt uncovered a variety of weaknesses, including the use of unencrypted HTTP communications on the login page and a code routine that placed a user’s plaintext password in the resulting URL. That means the unobfuscated passwords were likely written to all kinds of administer logs. It’s also possible that the site didn’t follow standard industry practices and cryptographically hash the passwords when storing them.”