Entries in data breach (6)

Wednesday
Sep232020

Shopify reveals 'rogue' employees stole customer data from around 200 merchants

Embed from Getty Images 

Data breaches are incidents we, unfortunately, can't escape. But the Ottawa-based Shopify's data breach occurred within the company. Shopify revealed in a blog post that two "rogue" members of its support team were caught "in a scheme to obtain customer transactional records of certain merchants."

Shopify claims less than 200 merchants were affected, but it isn't known how much data was stolen. The company is quick to say that payment information like credit card and account numbers weren't affected. But customer information and order details of what was purchased were accessed. Shopify didn't name the stores involved, but it has informed the sellers. So, best keep an eye out on your inbox to see if you've been affected by the breach.

Source: Engadget

Friday
Jan182019

Massive breach exposes 773 million emails, 21 million passwords

You can check if your account or password has been breached through sites like Have I Been Pwned

Data breaches are unfortunately something we seem to be constantly straddled with lately. And one of the ones that are being reported now isn’t something to scoff at either. So, we’re just here to remind you to change passwords, don’t use the same password for different accounts, enable multifactor authentication where available, and think of finally getting a password manager, or better ways to come up with a password (this is a good podcast episode to listen to). It’s been called the “Collection #1” breach and considered the largest public data breach by volume. It’s said to have hit 772,904,991 unique emails and 21,222,975 unique passwords. Have I Been Pwned’s Troy Hunt reported about the breach. He says a large file of 12,000 separate files and 87GB of data were uploaded to cloud service MEGA, and this information was later posted to a popular hacking forum. The data is said to be an amalgamation of over 2,000 databases, and that this database contains “dehashed” passwords. This means the methods used to scramble passwords into unreadable strings has been cracked and the passwords are exposed. So, again, if you’re affected, it’s better to change those passwords now. Or if you aren’t but haven’t updated your passwords in a while, we suggest you do that now.

Unfortunately, it doesn’t end there. According to security reporter Brian Krebs, Collection #1 is a single offering from a seller who claims to have at least six more batches of data. And Krebs writes that this person is selling “almost 1 Terabyte of stolen and hacked passwords.” And this breach is at least two to three years old. But while it’s old, it doesn’t exactly mean it couldn’t still be used for malicious means.

Source: Gizmodo

Wednesday
Oct242018

Cathay Pacific suffers data breach, up to 9.4 million passengers data have been stolen

Embed from Getty Images

Major international airline Cathay Pacific suffered a massive data breach in March and just revealed today that as many as 9.4 million passengers had their data stolen. Passport information, including identity card numbers, names, dates of birth, and postal addresses, may have all been compromised. Details such has where each passenger had traveled and any comments made by customer service representatives might have been taken as well. The amount of data accessed varied among passengers. Cathay Pacific said 403 expired credit card numbers were accessed and so were 27 credit card numbers with no CVV numbers attached. It wasn’t said yet how many credit cards with CVVs that aren’t expired have been accessed. However, no passwords were said to be compromised.

In a statement on Wednesday, the airline said, “The company has no evidence that any personal information has been misused. The IT systems affected are totally separate from its flight operations systems, and there is no impact on flight safety.” The airline said its working with local police in Hong Kong and other relevant authorities and customers who think they’ve been affected should visit this link or call or email the airline directly.

Source: The Verge

Friday
Mar302018

Under Armour says data of 150 million MyFitnessPal users has been compromised

Sporting goods brand Under Armour says that 150 million user accounts of its MyFitnessPal app and service have been compromised and has asked that users with accounts and passwords on the service change passwords on other services is they are using these. Not a good look for a service that's trying to compete with the likes of Fitbit of Apple in the highly competitive fitness app space. MyFitnessPal tracks exercise and diet for a more holistic picture of a user's health.

MyFitnessPal customers got a rude awakening from Under Armour with an email stating user account information involved in the breach includes user names, email addresses, and hashed passwords, but no financial information like credit card numbers or government or identifiers like social security numbers. It seems no service is safe as millions are still reeling from the Cambridge Analytica fiasco. Companies need to do a better job at protecting user data, it needs to be a priority, otherwise the resulting loss of goodwill and trust will result in users abandoning these services in droves.