Entries in security breach (9)

Sunday
Aug162020

CRA disables online services after 'credential stuffing' cyberattack

Embed from Getty Images 

The Canada Revenue Agency's website was just hit with a "credential stuffing" cyberattack, giving hackers access to 9,041 users' usernames and data. The Government of Canada temporarily shut down access to its online services as the bad actors tried to access GC's services. Approximately 5,500 GCKey service and CRA accounts were affected by this attack and another recent credential stuffing attack. 

The attacks use passwords and usernames taken from previous hacks of accounts globally, taking advantage of the fact that many people reuse passwords and usernames on multiple accounts. Here's another reminder to please use different usernames and passwords for different accounts.

Click to read more ...

Sunday
Nov172019

'Magic: The Gathering' developer exposes data of 452,000 players

Wizards of the Coast, the developer of Magic: The Gathering, exposed user data of 452,634 players because of a security lapse. The Washington-based game maker left a file in a public Amazon Web Services storage bucket without a password or encryption, giving anyone access to the information. 

The data included 470 staff email addresses, players' names and usernames, email addresses, the date and time the accounts were made, and hashed and salted user passwords. The account data ranged from 2012 to 2018.

Click to read more ...

Tuesday
Jul102018

Timehop reveals July 4th data breach

Timehop, an app that resurfaces your social media posts from years’ past, revealed it suffered a data breach on July 4th, giving the hacker access to data of 21 million users, including names, email addresses, and some phone numbers. According to Timehop, the hacker entered the app’s cloud computing account (which wasn’t protected by multifactor authentication then), transferred data, and then attacked its production database. Timehop noticed the breach two hours after it began and was able to put a stop to it. But not before the aforementioned number of users’ data have been stolen.

Click to read more ...

Thursday
Dec152016

Yahoo discloses a second major hack that affected over 1 billion accounts

Looks like the late 2014 hack of over 500 million Yahoo user accounts isn’t the only big security issue the company has to deal with. Yahoo just disclosed that more than one billion accounts might have been compromised by a hack of an unauthorized third party back in August 2013. The information stolen from the affected accounts include names, email addresses, birth dates, hashed passwords, encrypted and unencrypted security questions and answers, as well as telephone numbers. The only information believed to not have been accessed by the hackers include clear text passwords, bank account information, and credit/debit card details.

The hack was discovered after law enforcement officials gave the company what looked like user data from an unknown source. Yahoo hasn’t been able to identify the specific breach yet but says it’s “likely” distinct from the 2014 hack. If you’re affected by this hack, Yahoo will be reaching out to you to help secure your account, including implementing mandatory password changes and invalidating unencrypted security questions and answers. Now, is probably the best time for you to change those passwords and use two-factor authentication when you can—not just with your Yahoo accounts but also double up on your other online accounts.

Source: MacRumors