Articles about Hacking

MyHeritage -- a website that helps people research their family tree and also offers a DNA testing service -- has suffered a "cybersecurity incident". A file containing the usernames and hashed passwords of more than 92 million users was discovered on an external server by a security researcher.

The file was found to be genuine and MyHeritage is now undertaking an investigation to determine what happened. The security breach affects all users who signed up to the site up to October 26, 2017. The company says that it is taking steps to inform the relevant authorities in line with GDPR.

Continue reading →

Event ticketing service Ticketfly -- owned by Eventbrite -- has fallen victim to what it describes as a "cyber incident". The company took down its website late on Thursday, and it remains inaccessible two days later.

The full extent of the security breach is not yet known, but Ticketfly says that "some client and customer information" was compromised. The attack saw the site defaced with an Anonymous-style masked figure from the movie V for Vendetta, and the hacker threatened to provide download links to customer databases. A hacker by the name of IShAkDz has claimed responsibility.

Continue reading →

Over the weekend, the Bank of Montreal and Simplii Financial both issued statements indicating that they had fallen victim to hackers. In the case of Simplii Financial, around 40,000 customer accounts have been affected, but numbers have not been revealed for the Bank of Montreal.

Both banks' statements indicate that they were contacted by "fraudsters" on Sunday, May 27, but it is not clear whether the two incidents relate to the same group.

Continue reading →

Security researchers have discovered a bug in the Comcast website that makes it possible to gather information about Xfinity users. As well as customer data such as home addresses, it is also possible to access wireless network details including passwords.

The bug was reported by Karan Saini and Ryan Stevenson after they found it was possible to use the Xfinity activation website to access customer data using nothing more than a customer account ID and that customer's house or apartment number.

Continue reading →

The number of data breaches disclosed in the first three months of this year fell to 686 compared to 1,444 breaches reported in the same period of 2017, according to a new report.

This still represents the exposure of some 1.4 billion records, although this figure too is down from 3.4 billion in the same quarter last year.

Continue reading →

For Microsoft, the patches it produced for the Meltdown chip vulnerability proved to be just about as problematic as the original issue, further reducing the security of systems. Following the emergence of an exploit for the Windows-maker's first patch, users are advised to hurry up and install the patch-for-a-patch that was later released.

Last month, Ulf Frisk from Sweden revealed that Microsoft's Meltdown patches were making things worse for Windows 7 and Windows Server 2008, making it possible to read and write kernel memory and gain total control over the system. Now code has been posted online that can be used to exploit the "Total Meltdown" vulnerability.

Continue reading →

Most hotel chains these days rely on some sort of electronic key card mechanism rather than more traditional locks.

Researchers at F-Secure have found that hotels worldwide are using an electronic lock system with a flaw that could be exploited by an attacker to gain access to any room in the building.

Continue reading →

The CEO of TaskRabbit has informed users that "certain personally identifiable information may have been compromised" in a security incident that saw the website and app taken offline earlier in the week.

TaskRabbit -- a service that puts "taskers" in touch with people who need help with jobs around the home -- is now back online, and the company is now on a damage limitation exercise, issuing a statement in the name of "trust, openness, and transparency". Stacy Brown-Philpot says that an investigation is still underway to determine what happened, but explains that "preliminary evidence shows that an unauthorized user gained access to our systems".

Continue reading →

Most businesses are seeking to automate the more tedious aspects of their operations and some new research from security analytics platform Cybereason reveals that hackers are no exception.

The company set up a honeypot system masquerading as a financial services company and introduced security flaws in several stages.

Continue reading →

IKEA-owned TaskRabbit is offline while the company investigates a "cybersecurity incident". Very little information has been given about the incident, but the company says that it is working with "an outside cybersecurity firm and law enforcement to determine specifics" of what happened.

While even vague details are unavailable, the fact that the TaskRabbit website and app have been taken offline could well be indicative of the severity. The company is advising its customers to change their passwords elsewhere if they have reused their TaskRabbit credentials for other sites and services.

Continue reading →

Global fears about cyberattacks by Russia are not calming down, and the US and UK have just issued a joint alert warning of state-sponsored attacks on network infrastructure devices, including residential routers.

The west is accusing Russia of an espionage-driven malicious cyberoffensive, and the Technical Alert -- which comes following a joint effort between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the UK's National Cyber Security Centre (NCSC) -- warns that both governmental and residential hardware is being targeted to "potentially lay a foundation for future offensive operations".

Continue reading →

Concern about Russian interference in both the US presidential election and the UK Brexit referendum highlighted the importance the internet now plays in political campaigns. But as well as being a powerful tool, it's also something that is open to abuse and manipulation.

This is something Microsoft recognizes, and the company is launching a new Defending Democracy Program with the express aim of safeguarding the electoral processes.

Continue reading →

YouTube was today hit by hackers, with the attackers managing to deface or delist a number of big name videos. Despacito by Luis Fonsi and Daddy Yankeee -- the most popular video of all time -- was among those that were temporarily inaccessible.

While little is known for certain about the source of the attack, it seems that Vevo was possibly the intended target as the videos that were attacked were in Vevo accounts. The ease with which the attack appears to have been carried out -- and the number of high-profile videos affected -- will be of major concern to YouTube and its users.

Continue reading →

Verge may not be the biggest cryptocurrency out there, but it does have quite a following and has generated enough interest to attract hackers. The cryptocurrency came under attack for three hours yesterday, enabling a hacker to net 15.6 million Verge coins worth around $780,000.

There was initially speculation that Verge had fallen victim to a ">51% attack" -- in which an attacker is able to forge transactions by taking control of more than half of the network -- but this has been denied by developers. A hard fork is being prepared to patch the bug that allowed the attack to take place.

Continue reading →

Geting in shape can be very hard. Not only do you need the means to get fit -- education on what to eat, for instance -- but you also need time. Sadly, so many people put in long hours at work -- sometimes toiling away at two or more jobs -- that finding time (and energy) to exercise can be a near-impossibility. Luckily, technology can help with these deficiencies, as software can educate, while hardware -- such as wearables -- can (potentially) motivate and track progress.

While technology can be good, it can also be vulnerable, leading to stolen user data. Under Armour's 'MyFitnessPal' is the latest platform to experience a security breach. If you aren't familiar with it, Under Armour calls it a "Free calorie counter, diet, and exercise journal." Unfortunately, hackers have made off with the data of 150 million users. I guess you could say MyFitnessPal has become MyFitnessFoe!

Continue reading →