Follow us:
  1. Home
  2. News
  3. Cybersecurity News

The Weekly Hack: MyPillow admits it was hacked years after the fact

Hackers were on the site for months, but MyPillow never alerted consumers

Photo (c) Alexandr Mitiuc - Fotolia
Independent security researchers have discovered that hackers planted malware to steal credit card information from people who shopped online at MyPillow and AmeriSleep.

The hackers accessed the credit card systems in April 2017 and stayed on the site for several months, according to researchers with the firm RiskQ.

After RiskQ made its results public, MyPillow confirmed in a statement to CENT that it detected the breach back in 2017.

MyPillow says it never alerted consumers earlier because MyPillow "found no indication that the breach was effective or that any customers' information was compromised,” the company’s CEO said.

AmeriSleep has yet to release a statement explaining why it didn’t alert the public earlier.

Facebook employees

Facebook is admitting that its employees had access to millions of users’ Facebook passwords, but only after the site Krebs on Security reported on its discovery. Security expert Brian Krebs said that Facebook stored the personal passwords in unencrypted form on a company server that could be viewed by anyone who worked for Facebook.

Facebook confirmed that it discovered it was storing the unencrypted passwords during a “routine security review” conducted in January. The company says it has since fixed the error.

“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” the company responded in a blog post.

Government contractor

Iranian-backed hackers recently targeted Citrix, a communications agency that often contracts with the United States government, according to the FBI. 

“While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents,” Citrix said in a statement.

“The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised.”

Take an Identity Theft Quiz

Get matched with an Authorized Partner