Entries in hack (33)

Saturday
Dec092023

Canadian Reviewer Weekly Roundup - 12/3- 12/9

Saturday
Dec092023

23andMe changes terms of service to block class action lawsuits after massive hack

Image: 23andMe

Genetic testing company 23andMe updated its terms of service to prevent customers from filing class action lawsuits or participating in a jury trial against the company, days after disclosing that hackers had breached its system and accessed the personal information of nearly seven million customers (half of its user base) in October.

The company emailed customers to announce that it had revised the “Dispute Resolution and Arbitration section” of its terms, which barred customers from filing class action lawsuits, a likely scenario given the scale of the hack. Customers who did not opt out of the new terms within 30 days would automatically agree to them, the email said.

Click to read more ...

Friday
Feb102023

Reddit got hacked through a phishing attack targeting its employees

Photo: Brett Jordan/Unsplash

Bad actors were able to steal a Reddit employee's credentials through a targeted phishing attack, and hackers were able to infiltrate its systems on February 5. According to a spokesperson from the company, they were able to access some of the site's "internal docs, code, as well as some internal dashboards and business systems." Data like contact information for hundreds of company contracts, current and former employees, and some advertisers were also exposed. However, Reddit assures users that the security team investigating the incident hasn't found any evidence so far that the passwords or any other non-public data have been compromised. They haven't found any indication that the stolen information was shared online, at least for now. Reddit said they are "continuing to investigate and monitor the situation closely."

Reddit employees were apparently getting "plausible-sounding prompts" that lead to a website that mimics the look and behaviour of its intranet gateway. It was designed this way so they can steal people's logins and second-factor tokens. An employee, unfortunately, fell for the scheme but immediately self-reported. This allowed Reddit's security team to respond to the situation.

Source

Monday
Mar072022

Samsung confirms hackers stole Galaxy source code

Embed from Getty Images

Samsung has confirmed today that hackers have gotten their hands on internal company data and source code for Galaxy devices. Still, it wanted to assure employees and customers that no personal data has been taken. The company won't also name who the hackers were or whether the data stolen was related to encryption and biometrics.

Hacking group Lapsus$ claimed responsibility for the breach, sharing screenshots supposedly showing roughly 200GB of stolen data, including source code used by the company for encryption and biometric unlocking functions on Galaxy hardware. Samsung said in a statement about the breach, "According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees. Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption." 

Source