Data loss

LiveAuctioneers security breach puts users at risk

LiveAuctioneers, the online website which broadcasts live auctions selling antiques, art, and collectibles, has warned that user details have fallen into unauthorised hands following a security breach.

bitdefender.com

Ex-Yahoo employee avoids jail, despite hacking 6000 accounts, and stealing nude photos and videos

A former employee of Yahoo has been sentenced and ordered to pay a fine after exploiting his privileged access to hack into the personal accounts of thousands of Yahoo users, in his hunt for naked photographs and videos of young women.

Read more in my article on the Hot for Security blog.

Hackers hijack Twitter account of Russia’s Ministry of Foreign Affairs, offer to sell stolen data

A hacked Russian government Twitter account offers to sell a tourist database for 66 bitcoins (approximately US $499,000).

How to better protect your Roblox account from hackers with two-step verification (2SV)

Accounts on the popular online gaming platform keep getting hacked. So, how can you better protect your Roblox account?

Websites of eight US cities poisoned by malware skimming the credit card details of residents

Beware if you’re paying your bills for local government services – the payment information you type into that web form may be heading straight to cybercriminals.

tripwire.com

22,900 MongoDB databases held to ransom by hacker threatening to report firms for GDPR violations

Hackers are once again finding unsecured MongoDB databases, wiping their contents, and leaving ransom demands.

So far, so normal. But what’s different this time is that they’re also threatening to report their victims for violating GDPR.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Voice recordings from domestic violence alerting app exposed on the internet

A smartphone app, disguised as a regular app delivering the top world, sports, and entertainment news, containing a secret feature that allows victims of domestic abuse to send a covert distress call for help at the touch of a button.

What could possibly go wrong?

Read more in my article on the Hot for Security blog.

Smashing Security podcast #184: Vanity Bitcoin wallets, BlueLeaks, and a Coronavirus app conspiracy

A conspiracy spreads on social media about Coronavirus tracing apps, US police find decades’ worth of sensitive data leaked online, and is there a Bitcoin bonanza to be had from watching Elon Musk YouTube videos?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by Graham Cluley and Carole Theriault, joined this week by the BBC’s Zoe Kleinman.

bitdefender.com

DDoSecrets thrown off Twitter after distributing 269GB BlueLeaks data dump

The activist group Distributed Denial of Secrets, perhaps better known by their shorter but clumsy moniker DDoSecrets, has been permanently banned from Twitter.

Read more in my article on the Hot for Security blog.

Stalker Online hacked! Over one million gamers’ passwords made available for download

More than one million players of the video game Stalker Online have been put at risk after hackers offered them for sale on the darknet.

bitdefender.com

Woman who deliberately deleted firm’s Dropbox is sentenced

58-year-old Danielle Bulley may not look like your typical cybercriminal, but the act of revenge she committed against a company had just as much impact as a conventional hacker breaking into a business’s servers and causing havoc.

Read more in my article on the Hot for Security blog.

bitdefender.com

Credit-card skimming malware hit websites as Coronavirus lockdown forced retailers to close high street stores

On March 20th, the Claire’s accessories retail chain beloved by young girls around the world made the sensible decision to close all of its physical stores in response to the Coronavirus Covid-19 pandemic.

A nuisance for shoppers, certainly. But also an opportunity if you were a malicious hacker.

Read more in my article on the Bitdefender Business Insights blog.

tripwire.com

Babylon Health app leaked patients’ video consultations

Babylon Health, makers of a smartphone app that allows Brits to have consultations with NHS doctors, has admitted that a “software error” resulted in some users being able to access other patients’ private video chats with GPs.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #182: Space Force, credit card fraud, and beep-ti-beep

Graham finds himself in hot water with a security firm after a data breach, Carole discusses credit card fraud, and we have a pleasant surprise for Thom Langford, who appears to have mostly agreed to be a guest to promote his own podcast.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s Thom Langford.

Nintendo warns 300,000 accounts have been hacked since early April

Video gaming firm Nintendo has warned customers to not reuse passwords on different services after releasing an increased tally of compromised accounts since April.

After threatening me with legal action, Keepnet Labs finally issues statement over data breach

UK security company Keepnet Labs has finally publicly confirmed that a database it had collated containing more than five billion records from past data breaches was “briefly exposed” on the internet.