Articles about Hacking

Reddit has revealed details of a security breach that enabled a hacker to gain access to private messages, usernames and encrypted passwords. The self-proclaimed "front page of the internet" is undertaking an investigation and taking steps to improve security.

The attack took place between June 14 and June 18 this year, and the perpetrator was able to access "all Reddit data from 2007 and before including account credentials and email addresses", the site said in an announcement. The breach was made possible after the attacker beat SMS-based two-factor authentication and compromised several employee accounts.

Continue reading →

The security breach suffered by Timehop on July 4 was much more serious than the company first thought. In an update to its original announcement, the company has revealed that while the number of account affected by the breach -- 21 million -- has not changed, the range of personal data accessed by hackers is much broader.

Timehop has released an updated timeline of events, having initially felt forced by new GDPR rules to publish some details of the breach before all information had been gathered. The company says that it is also unsure of where it stands with GDPR, and is working with specialists and EU authorities to ensure compliance.

Continue reading →

Timehop -- the social network for those who like to reminisce -- has revealed that it fell victim to a security breach on Independence Day. The attacker managed to access an internal database stole the personal data of 21 million users from Timehop's Cloud Computing Environment.

The vast majority of those affected by the "security incident" (as Timehop refers to it) had their names and usernames exposed, but for nearly a quarter of them -- 4.7 million -- phone numbers were also exposed. The hacker also took access tokens which could be used to view users' posts.

Continue reading →

The team behind Gentoo Linux has revealed the reasons for the recent hack of its GitHub organization account. The short version: shoddy security.

It seems that the hackers were able to gain access to the GitHub organization account by using the password of one of the organization administrators. By the team's own admission, poor security meant that the password was easy to guess. As the Register points out, "only luck limited the damage", but the Gentoo Linux team is keen to let it be known that it has learned a lot from the incident.

Continue reading →

Vulnerabilities have been discovered in LTE that would make it possible for an attacker to tap into 4G networks for the purposes of spying on and hijacking 4G browsing sessions.

Security researchers from Ruhr-Universität, Bochum and New York University, Abu Dhabi show how three different attacks can be launched on the second layer of LTE -- also known as the data link layer. Two passive attacks allow for identity mapping and website fingerprinting, while the active cryptographic aLTEr attack allows for DNS spoofing and network connection redirection.

Continue reading →

Sportswear company Adidas has warned US customers about a security breach that took place earlier this week.

The firm says that on Tuesday it was made aware that "an unauthorized party claims to have acquired limited data associated with certain Adidas consumers". Two days later, the company started to notify its customers that personal data -- including contact information and usernames -- may have been compromised.

Continue reading →

A hacker managed to take control of the Github account for Gentoo Linux, going as far as inserting malicious code into the distros. The malware was designed to delete user data.

Although the situation is now under control, an investigation is underway to determine what happened. Anyone who has downloaded a Gentoo distro or other files recently, is warned to "refrain from using code from the Gentoo Github Organization" for the time being.

Continue reading →

Enter the wrong passcode into an iPhone and you'll not only be denied access to it, but also run the risk of wiping its contents if you enter an incorrect code too many times. This is a problem faced by law enforcement agencies when they encounter iPhones in the cases they're working on -- as well as people trying to hack into phones for nefarious purposes -- so it's little wonder that hackers are constantly trying to find a way to earn unlimited guesses at passcodes.

One hacker thought he had cracked it. Security researcher Matthew Hickey proudly boasted at having discovered a delightfully simple method for brute-forcing entry into an iPhone -- he even posted a video of his hack in action. But there's no need to panic. Apple explains that "incorrect testing" renders Hickey's method worthless.

Continue reading →

Global financial services organizations are targeted by sophisticated cyber attackers in an attempt to steal critical data, according to a new report.

The study from threat hunting company Vectra says attackers build 'hidden tunnels' masquerading as other web traffic to break into networks and access critical data and personal information. These tunnels are used to remotely control an attack and steal data while remaining largely undetected.

Continue reading →

Kaspersky Lab has published a report in which it reveals that a Chinese hacking group has attacked the national data center of an unnamed Central Asian country.

The cyberattacks are said to have been carried out by a group known as LuckyMouse -- but also goes by the names Iron Tiger, Threat Group-3390, EmissaryPanda and APT27. The attacks started in 2017, and Kaspersky says that malicious scrips were injected into official website to conduct country-level waterholing campaign.

Continue reading →

Apple says that it is planning to release an iOS update that will block a loophole used by police to access iPhones.

Law enforcement agencies and hackers have been able to exploit a handset's Lightning port to get around passcode limits and brute force their way into a phone. But with the upcoming update, Apple will shut down data access via the Lightning port after an hour if the correct passcode is not entered.

Continue reading →

Another week, another cyberattack. This time around, it's the Dixons Carphone group which says it has fallen victim to not one but two major breaches.

The bank card details of 5.9 million customers have been accessed by hackers in the first breach. In the second, the personal records of 1.2 million people have been exposed.

Continue reading →

Bitcoin has once again demonstrated its volatility, dropping in value by 10 percent following news of an attack and theft from the South Korean exchange Coinrail.

Coinrail has confirmed that it suffered a "cyber intrusion" and while it did not specify the value of the coins stolen, local news outlet Yonhap News estimated it to be $37.28 million based on a loss of about 30 percent of the coins traded on the exchange.

Continue reading →

Last week event ticketing company Ticketfly suffered a cyberattack which saw the site taken offline for a number of days. The site is now back up and running, and Ticketfly has revealed the extent and impact of the hack.

The company says that data from 27 million Ticketfly accounts was accessed, including names, addresses, email addresses and phone numbers. Customers are assured that passwords and credit card details remain safe.

Continue reading →

Using one of four common attack vectors, 71 percent of surveyed IT professionals believe they could successfully hack any organization.

Based on a survey carried out among attendees to the RSA Conference in April 2018 by vulnerability management specialist Outpost24, 34 percent say that they would use social engineering, 23 percent say they would enter via insecure web applications, 21 percent via mobile devices, while a further 21 percent say they would enter via a public cloud.

Continue reading →