Cybersecurity News
Twitter disclosed on Tuesday that it inadvertently shared some user phone numbers and email addresses with advertisers. The information had been submitted by users in order to set up two-factor authentication on their accounts.
“We recently discovered that when you provided an email address or phone number for safety or security purposes, this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences adv...
The Federal Bureau of Investigation (FBI) recently warned in a private-industry notification (PIN) that companies could be vulnerable to attacks that bypass multi-factor authentication systems, ZDNet reports.
“The FBI has observed cyber actors circumventing multi-factor authentication through common social-engineering and technical attacks,” the agency said in a September advisory. “The primary methods are social-engineering attacks which attack the users, and technical...
Sort By
When Microsoft and Sony released new, updated versions of their popular game consoles within days of each other last month, gamers around the world were in seventh heaven. So, it seems, were hackers.
Cyber security firm Kaspersky Lab has been measuring the hacking attempts against the new Playstation 4 and Xbox One units – as well as other game platforms – and has seen a surge, coinciding with the late November releases.
Globally, the company estimates an aver...
Google’s plans to close down its consumer version of its social network Google+ has been escalated thanks to a bug that impacted approximately 52.5 million users in connection with a Google+ API. In layman’s terms, an API is a set of communication methods used to coordinate development and programming of a computer program.
“With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days,” wrote D...
Hackers broke into Marriott International's database, and the hotel chain says they may have gained access to 500 million customers' data. That would make it the largest data breach on record, surpassing the 2017 Equifax breach that exposed credit records of more than 145 million consumers. According to Marriott, the breach occurred at its Starwood Hotel brand. An investigation has revealed that unknown parties gained access to the database sometime in 2014, copying ...
U.S. Customs and Border Protection (CPB) says license plate images and photos of travelers headed into and out of the country were stolen in a "malicious cyberattack" of an unnamed subcontractor at the end of May, the Washington Post reported.
In a statement, the agency said a subcontractor "had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network. The subcontractor's network was subsequently compromised b...
For consumers with smartphones, it’s not uncommon to receive emergency alert notifications for bad weather or other similar concerns.
While the government tested its alert system this past October, a recent study conducted by researchers from the University of Colorado Boulder discovered that this communication method could be susceptible to hackers, particularly when a lot of people are confined to one area, such as a sporting event or concert.
“We think this is someth...
Hackers and identity thieves are increasingly focused on mobile computing. With so many smartphones and tablets now in use, mobile is increasingly becoming how consumers use the web.
Criminals also like the fact that many mobile devices have little or no security protection – not on the device itself and not on the data that is stored in the cloud.
Mobile data can be stored both places and security experts say both need strong protection. Chris Rancourt, an editor at NextAdvisor.com, says consumers who use an online backup service to store and share their data in the cloud need to be especially careful.
“When you put your information on the cloud, you get this extra level of security with their encryption,” Rancourt said. “Most services now use encryption but some are stronger than others.”
Increasingly popular
Cloud storage and backup services have become increasingly popular. They store data off-site, protecting it from a catastrophic computer crash or other physical damage. They also make it accessible from other computers in other locations.
“Pretty much any information you can upload to the cloud – pictures, documents, videos. And all that information can be encrypted and stored safely inside your cloud or online back-up service,” Rancourt said. “The backup services that we use provide coverage for Apple, Android – pretty much the whole spectrum.”
Rancourt suggests picking a backup service with very robust encryption. One service that falls into that category, he says, is SpiderOak. There is one security feature, in particular, that he likes.
'Zero-knowledge' security
“They have this policy where no one in their company will know your password,” he said. “If you lose your password they can't go in and retrieve it for you. It's really up to you, which makes the security a lot stronger, but at the same time you have to be responsible for your own stuff.”
Absent-minded consumers can run the risk of losing everything if they forget or lose their password. Writing it down in several secure places, however, might be all the insurance policy you need.
Sugarsync is another secure backup service. With Sugarsync, you can safely store important files and then sync them across an unlimited number of computers. If the data is updated on one computer, it's also updated on the rest.
Mozy is a low-cost cloud storage service. The company's backup plans start with one computer per subscription, but it can sync up with other computers that aren't part of the plan.
First line of defense
The best feature of these companies' backup services may be the sophisticated encryption. Rancourt says it provides a great first line of defense.
“For companies like SpyderOak you actually have to have an encryption key in order to decode the information and read it as something legible,” he said. “Most services have something like that as well.”
But hackers are resourceful individuals. Suppose they get access to your cloud and your encrypted information by stealing or finding your lost device. It might look like gibberish at first, but given a few hours, it's just possible some hackers might be able to crack the encryption. That's why you need a second level of defense – remote wipe.
If your device is lost or stolen, remote wipe will still give you access to all your files and documents from another computer but allow you to block access on the missing device. You can even delete files.
“Let's say you keep all your bank information on your cloud,” Rancourt said. “Someone can actually hack in there and steal your identity.”
It should go without saying that you should have robust security features on your hardware as well. Getting a strong mobile security package for your smartphone or tablet will reduce the risks from lost or stolen devices.
Hackers and identity thieves are increasingly focused on mobile computing. With so many smartphones and tablets now in use, mobile is increasingly becoming how consumers use the web.
Criminals also like the fact that many mobile devices have little or no security protection – not on the device itself and not on the data that is stored in the cloud.
Mobile data can be stored both places and security experts say both need strong protection. Chris Rancourt, an editor a...
Everyone is vulnerable to a data breach, but a new international survey shows millennial consumers are most likely to suffer a financial loss when their sensitive information is compromised.
Ping Identity, an identity security firm, surveyed consumers in Europe and the United States about how they interact with brands and how much they trust those companies to safeguard their data. The researchers also investigated how consumers change their behavior following a breach.
A...
News that over 1,000 accounts at online ticket-seller StubHub have been hacked should serve to remind you of this important online safety rule: don't use the same password across multiple accounts.
The Associated Press first reported on Tuesday that “cyber thieves” managed to fraudulently access more than 1,000 StubHub accounts, and buy themselves tickets in the legitimate accountholders' names.
As hacks go, a mere thousand compromised accounts in a company as large as StubHub sounds like pretty small potatoes. Why was the damage so limited?
According to StubHub spokesman Glenn Lehrman, the thieves never broke into the StubHub customer database. Instead, they got customers' login and password information from other sources, either hacking into different retail databases or even putting keylogging software or other forms of malware on user's computer.
The thieves presumably know how commonplace is it for people to use the same passwords (and sometimes even login names) across multiple accounts, so if thieves have, for example, the password you use for your email, bank account, favorite web-discussion forum or any other password-protected thing you do, they'll also try plugging that password into your other accounts on the off-chance it will work. Where over 1,000 StubHub customers are concerned, it did.
News that over 1,000 accounts at online ticket-seller StubHub have been hacked should serve to remind you of this important online safety rule: don't use the same password across multiple accounts.
The Associated Press first reported on Tuesday that “cyber thieves” managed to fraudulently access more than 1,000 StubHub accounts, and buy themselves tickets in the legitimate accountholders' names.
As hacks go, a mere thousand compromised accounts in a company as...
Even though what happened in Facebook’s recent password bungle was likely more an “oversight” than a hacking invasion, experts recommend that consumers double down to protect their accounts and their personal data when using the platform.
Tech security gurus at the International Institute of Cyber Security told ConsumerAffairs there are two recommended steps to enhance online protection.
The first recommendation is straightforward enough -- change your Facebook password. ...
Question-and-answer website Quora says it was impacted by a security breach which may have exposed the personal data of as many as 100 million of its users.
Adam D'Angelo, the site’s CEO and co-founder, said Quora discovered late last week that one of its systems had been hacked by “a malicious third party.”
“On Friday we discovered that some user data was compromised by a third party who gained unauthorized access to one of our systems,” D’Angelo said in a blog post. ...
Pretty much any collection of online security tips will remind you not to use the same password across multiple accounts, and this week's news that scammers have managed to hijack and steal points from large numbers of Starwood Preferred Guest loyalty accounts offers another example of why.
Security blogger Brian Krebs reported today that he'd personally heard complaints from two of his readers whose SPG accounts had been hijacked. As Krebs diplomatically explained: &ldq...
These days, when you get ready to swipe your card at a big box store, a thought may flash through your mind – “sure hope my data is safe.”
After all, Target, Home Depot, Neiman Marcus and Michaels, among others, have seen their systems breached by hackers in the recent past.
But do you have the same worries about transactions with your church, or other nonprofits? A cybersecurity firm says you should.
TechSoup, an oganization that makes software and techn...
Facebook CEO Mark Zuckerberg, who will testify before a House committee next week, took questions from reporters on a conference call Wednesday and discussed his company's efforts to better protect users’ data.
Zuckerberg took responsibility for the data leak and pledged to make the system better. However, he cautioned his listeners not to expect instant results.
"These are big issues," he said. "This is a big shift for us to take a lot more responsibility. It's going to ...
A newly discovered data breach has reportedly exposed 772,904,991 unique emails and 21,222,975 unique passwords. The breach, dubbed “Collection #1,” was first detailed by Troy Hunt, who operates the website Have I Been Pwned (HIBP).
On Thursday, Hunt said the data cache stolen was approximately 87GB in size (a large file made up of 12,000 separate files). It was likely “made up of many different individual data breaches from literally thousands of different sources,” he ...
The massive ransomware attack that struck the world late last week was a stark reminder that we live in a world where criminals are more powerful and have extended their reach.
Here's another reminder if you needed one: credit and debit card fraud alerts are up 15% from 2015.
In a new report, CreditCards.com says 31% of adult consumers have received a fraud alert about suspicious activity on their credit card, while 25% have received a similar alert about their debit card...