Massive Security Breach Exposes 14 Million Verizon Subscribers’ Data

verizonMillions of Verizon customer records have been exposed by an Israeli technology company, a ZDNetreport claimed last night. According to the report, as many as 14 million Verizon customers who called the company’s customer service in the past six months may have their data exposed.

Verizon has now confirmed that 6 million records were compromised by Nice Systems – carrier’s partner company that handles customer service calls.

The data was found by a security researcher on an unprotected Amazon S3 storage server, which was controlled by an employee of Nice Systems. However, the data was accessible to anyone who knew the “easy-to-guess” web address. Speaking to CNN, Verizon claims that no other external party had access to this data and that there has been no loss of customer data. The company hasn’t explained how it’s certain that no one has had access to this data.

Read More at Source: Massive Security Breach Exposes 14 Million Verizon Subscribers’ Data

Largest Cryptocurrency Exchange Hacked! Over $1 Million Worth Bitcoin and Ether Stolen

bitcoin-ethereum-cryptocurrency-exchange

One of the world’s largest Bitcoin and Ether cryptocurrencies exchanges Bithumb has recently been hacked, resulting in loss of more than $1 Million in cryptocurrencies after a number of its user accounts compromised.

Bithumb is South Korea’s largest cryptocurrency exchange with 20% of global ether trades, and roughly 10% of the global bitcoin trade is exchanged for South Korea’s currency, the Won.

Bithumb is currently the fourth largest Bitcoin exchange and the biggest Ethereum exchange in the world.

Last week, a cyber attack on the cryptocurrency exchange giant resulted in a number of user accounts being compromised, and billions of South Korean Won were stolen from customers accounts.

Around 10 Million Won worth of bitcoins were allegedly stolen from a single victim’s account, according to the Kyunghyang Shinmun, a major local newspaper.

A survey of users who lost cryptocurrencies in the cyber attack reveals “it is estimated that hundreds of millions of won [worth of cryptocurrencies] have been withdrawn from accounts of one hundred investors. One member claims to have had 1.2 billion won stolen.

Besides digital currencies, hackers were succeeded in stealing the personal information of 31,800 Bithumb website users, including their names, email addresses, and mobile phone numbers, the South Korean government-funded Yonhap News reported.

However, Bithumb claims that this number represents approximately 3% of its customers.

The exchange also told Yonhap that it contacted South Korea’s cybercrime watchdog on June 30, Friday after it learned of the hack on June 29.

Source: Largest Cryptocurrency Exchange Hacked! Over $1 Million Worth Bitcoin and Ether Stolen

As Bitcoin’s Price Rises Security Shouldn’t Be Taken for Granted – Bitcoin News

bitcoinsecurityRecently there have been numerous reports of people losing their bitcoins to hackers and malware as bitcoin’s price continues to grow in value. It is safe to assume that organizations and individuals trying to steal people’s bitcoin reserves will persistently increase because the decentralized cryptocurrency becomes more valuable to thieves.

Also read: Rising Network Fees Are Causing Changes Within the Bitcoin Economy

‘Faster and More Lucrative Than Robbing a Suburban Bank’

As Bitcoin's Price Rises Security Shouldn't Be Taken for GrantedAt the time of writing one bitcoin is worth roughly $2900 as it has become a treasured digital asset. While bitcoin’s value has increased the number of people losing money to malware attacks and hackers cracking bitcoin accounts usually follows the price rise in unison. Just recently Cody Brown, founder of the virtual reality community Roomscale.org, lost $8000 worth of bitcoin held on Coinbase.

Brown’s attack vector was through Verizon where the hacker easily took over his cell phone number with a some “simple billing information.” After his phone was compromised the attacker swiped his Coinbase funds in less than fifteen minutes. Brown does detail that he did not use two-factor authentication with his email account, but feels that it shouldn’t be so easy to access Verizon information. He also believes that he may have been targeted after tweeting about bitcoin a week prior.

Source: As Bitcoin’s Price Rises Security Shouldn’t Be Taken for Granted – Bitcoin News

TV Manufacturer Vizio Spies On Customers Using Advanced Big Data Analytics

US TV manufacturer Vizio’s underhanded Big Data dealing may have just cost it $2.2 million but I think it is something we can unfortunately expect to see a lot more of.

The FTC this week announced that viewing data of individual households was monitored through a built-in spy device which used image recognition technology. Once every second, software in the Vizio TVs would read pixel data from a segment of the screen. This was sent home and compared against a database of film, television and advertising content to determine what was being watched.

The FTC has revealed that Vizio went further than this – matching data on what was being watched with IP addresses, and selling it, along with third party demographic data, to businesses and organizations with a need for audience measurement.

This week we heard that Vizio paid $2.2 million to settle the FTC complaint, agreed to stop collecting viewing data in this way, and to delete the data it had already collected from its servers. That might seem like a comparatively low figure, but this may be, as Vizio point out in their statement, because personally identifiable information wasn’t transmitted.

Source: Shocking: Smart TV Manufacturer Vizio Spies On Customers Using Advanced Big Data Analytics

Yahoo is expected to confirm massive data breach, impacting hundreds of millions of users

yahooYahoo is poised to confirm a massive data breach of its service, according to several sources close to the situation, hacking that has exposed several hundred million user accounts. While sources were unspecific about the extent of the incursion, since there is the likelihood of government investigations and legal action related to the breach, they noted that it is widespread and serious.

Earlier this summer, Yahoo said it was investigating a data breach in which hackers claimed to have access to 200 million user accounts and was selling them online. “It’s as bad as that,” said one source. “Worse, really.”

The announcement, which is expected to come this week, also possible larger implications on the $4.8 billion sale of Yahoo’s core business — which is at the core of this hack — to Verizon. The scale of the liability could be large and bring untold headaches to the new owners. Shareholders are likely to worry that it could lead to an adjustment in the price of the transaction.That deal is now moving to completion, but the companies cannot be integrated until it is approved by a number of regulatory agencies, as well as Yahoo shareholders. But representatives of Verizon and Yahoo have started meeting recently to review the Yahoo business, so that the acquisition will run smoothly once complete.

But there’s nothing smooth about this hack, said sources, which became known in August when an infamous cybercriminal named “Peace” said on a website that he was selling credentials of 200 million Yahoo users from 2012 on the dark web for just over $1,800. The data allegedly included user names, easily decrypted passwords, personal information like birth dates and other email addresses.

Continue Reading: Yahoo is expected to confirm massive data breach, impacting hundreds of millions of users

The Cyber Short: Cybersecurity Implications and Considerations for M&A

Abbott Laboratories (ABT), a global manufacturer of healthcare product, announced the acquisition of St. Jude Medical (STJ) in April 2016. The $25 billion deal is now in peril after a recently-released cybersecurity report alleged that STJ’s pacemakers and defibrillators – part of a category that represents 50% of STJ’s revenues – were vulnerable to wireless cyberattack by hackers, jeopardizing the safety of thousands of device recipients.

The author of the security report, MedSec Holdings, fed their findings to Muddy Waters Research, an investment research firm that subsequently shorted STJ stock. This arrangement financially benefited Muddy Waters and Medsec when the damaging report was made public and the STJ’s stock price dropped more than 10%. As a result of the report, more shares of STJ were traded on the date of the cybersecurity report release than on the day the acquisition was announced in April.  Muddy Waters and other short-sellers stand to profit even more if the deal falls through because of these cybersecurity lapse disclosures.

Public scrutiny around acquisitions has heightened for both companies involved in a deal. Senior leadership, including the Board of Directors, must ensure that cybersecurity due diligence is conducted as faithfully as any other diligence area.  In a 2016 NYSE Governance survey, three-quarters of respondents said that a high profile data breach at an acquisition target would have serious implications on a pending acquisition.  Moreover, more than half of the respondents said that a high profile cyber breach would diminish an acquisition target’s value.   Cybersecurity risk can be viewed and managed as a risk amplifier of other categories like financial, operational and strategic risk. Though cybersecurity issues sometimes surface during the early diligence phase, it is more often the case that issues don’t become apparent until after the deal closes – during the integration phase – leading to integration delays, cost overruns, and, worse case, a breach.

Source: The Cyber Short: Cybersecurity Implications and Considerations for M&A

Apparent Amazon breach yields login credentials of over 80,000 Kindle users | The Daily Dot

A hacker claiming to have breached an Amazon server has released more than 80,000 usernames and passwords belonging to Amazon users after the online retail giant failed to heed his warnings about vulnerabilities in its servers. The hacker, who goes by 0x2Taylor on Twitter, told the Daily Dot he had attempted to contact Amazon three days ago to bring to the company’s attention a significant security risk that he spotted in ones of its servers. Contained on the server were the usernames and passwords of over 80,000 Amazon Kindle users, along with a considerable amount of information linked to each account including: city, state, ZIP code, phone number, and the IP address from the user’s last login.  ADVERTISEMENT Ox2Taylor said he tested a selection of passwords and confirmed they were valid.

Source: Apparent Amazon breach yields login credentials of over 80,000 Kindle users | The Daily Dot