Category: breaches

Auto Added by WPeMatico

LastPass Breach

Posted on By infossl
breaches, cloud computing, data breaches, Password Safe, passwords, Security technology, Uncategorized

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which … Read More “LastPass Breach” »

Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security

Posted on By infossl
breaches, cia, leaks, reports, Security technology, wikileaks

The Washington Post is reporting on an internal CIA report about its “Vault 7” security breach: The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have … Read More “Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security” »

Bank Card “Master Key” Stolen

Posted on By infossl
banking, breaches, dataprotection, keys, pins, Security technology, theft

South Africa’s Postbank experienced a catastrophic security failure. The bank’s master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank’s encrypted master key in plain, unencrypted digital language at the Postbank’s old data centre in the Pretoria city centre. According to … Read More “Bank Card “Master Key” Stolen” »

Password Changing After a Breach

Posted on By infossl
academicpapers, breaches, passwords, Security technology

This study shows that most people don’t change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this … Read More “Password Changing After a Breach” »

California Needlessly Reduces Privacy During COVID-19 Pandemic

Posted on By infossl
breaches, covid19, medicine, privacy, Security technology

This one isn’t even related to contact tracing: On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those … Read More “California Needlessly Reduces Privacy During COVID-19 Pandemic” »

Marriott Was Hacked — Again

Posted on By infossl
accountability, breaches, disclosure, hacking, hotels, Security technology

Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details (e.g., name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account number and points … Read More “Marriott Was Hacked — Again” »

NordVPN Breached

Posted on By infossl
breaches, certificates, cryptography, disclosure, encryption, keys, Security technology, vpn

There was a successful attack against NordVPN: Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates. Those certificates might be issued for other servers in NordVPN’s network or for a variety of other sensitive purposes. The name of the … Read More “NordVPN Breached” »