Tens of thousands of dollars worth of cryptocurrency have been stolen by hackers, once again raising concerns about the security of blockchain technology.
MyEtherWallet.com is a free site that allows consumers to trade Ethereum, or Ether, a cryptocurrency currently valued in the ballpark of $650. The site warns all visitors that it doesn't consider itself responsible should hackers access users’ Ether accounts.
“We cannot recover your funds or freeze your account if you visit a phishing site or lose your private key,” a notice on the site says. “You and only you are responsible for your security.”
That’s bad news for MyEtherWallet users who recently fell victim to a DNS hijacking scam. Hackers apparently redirected people who visited MyEtherWallet.com to a fake look-alike site. When users logged into the spoof site, the hackers were able to access their passwords and subsequently empty their accounts.
In all, the hackers reportedly made off with 215 Ether -- or the equivalent of $160,000.
According to a statement that MyEtherWallet published on Reddit, the hack was no fault of their own. Instead, the site blames vulnerabilities in Google’s DNS servers for the theft.
“This redirecting of DNS servers is a decade-old hacking technique that aims to undermine the Internet’s routing system,” MyEtherWallet said. “It can happen to any organization, including large banks. This is not due to a lack of security on the @myetherwallet platform. It is due to hackers finding vulnerabilities in public facing DNS servers.”
It’s unclear if affected traders will get their funds back. MyEtherWallet adds in its statement that “we are currently in the process of verifying which servers were targeted to help resolve this issue as soon possible.”
Uber’s Dubai competitor
Careem, a Dubai-based ride-hailing app that is Uber’s largest competitor in the Middle East, admitted that it discovered a security breach that exposed consumer data back in January.
The company did not disclose the breach until Monday because “Cybercrime investigations are immensely complicated and take time.”
“We wanted to make sure we had the most accurate information before notifying people,” a statement published by Careem added. Now that the breach has been disclosed, Careem is advising users to change their passwords and to monitor their bank accounts for any suspicious activity.
Law enforcement in Colorado are asking for the public's help in finding suspects accused of taking part in a popular and relatively easy phone hijacking scam.
Using online services that identify the carriers of any phone number, identify thieves took information to a mobile phone store, where they impersonated the carrier to get a new phone without paying for it. Instead the cost of the phone showed up as an unpleasant surprise on consumers’ monthly bill.
According to the Federal Trade Commission, reports of this crime doubled since 2013, with 2,658 complaints submitted in 2016.
Yahoo rises from the grave
The company Yahoo may be no more after getting sold to Verizon in 2016, but it still owes the government some money -- $35 million to be exact. The SEC is fining Yahoo for failing to alert investors and consumers about a massive security breach that happened back in 2014.
The SEC alleges that Yahoo’s information security team learned that “Rusian hackers had stolen what the security team referred to internally as the company’s ‘crown jewels’” several days after the attack took place in 2014.
To be more specific, the security team that stolen information included “usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions and answers for hundreds of millions of user accounts.”
Yahoo eventually did disclose the breach two years later, shortly before it closed the deal with Verizon. Altaba, the company behind the Yahoo brand, has now agreed to pay a $35 million penalty for the cover-up.
Forget pirates. A group of hackers based in Nigeria have figured out how to steal money from shipping companies via the internet, according to a report by a cybersecurity firm.
The hacking group, which goes by the name Gold Galleon, attempted to steal at least $3.9 million from maritime shipping businesses and their customers, the researchers said.