Bol.com partner Toppie Speelgoed loses 10000 Belgian and Dutch customer records, now for sale on hacker forum

Personal information and what they bought, where it was delivered to. De gegevens van vermoedelijk bijna 10.000 Belgische en Nederlandse klanten die een paar jaar geleden online speelgoed kochten, worden door een hacker te koop aangeboden op het internet. Dat blijkt uit onderzoek van VRT NWS. Het gaat om persoonlijke gegevens en bepaalde aankopen van Read more about Bol.com partner Toppie Speelgoed loses 10000 Belgian and Dutch customer records, now for sale on hacker forum[…]

Using LimeGPS to spoof a fake location to any GPS device inside the room

This page details experiences using LimeSDR to simulate GPS. Note, update (Aug 15, 2017) – The center frequency should be corrected below to 1575.42MHz. It would marginally work with the original 1545.42 but 1575.42 is rock solid gps sim performance. These experiments were inspired by the excellent procedure written up here [1]. We want to Read more about Using LimeGPS to spoof a fake location to any GPS device inside the room[…]

Princesses make terrible passwords – quite possible Disney+ hacks related to this being your password.

If you used the same password for an account that was previously breached as you did for your Disney+ password, a bad actor could gain access. Furthermore, hackers with stolen datasets at their fingertips could easily filter on key terms to find the Disney fans. Just look how many times the 12 Disney princesses showed Read more about Princesses make terrible passwords – quite possible Disney+ hacks related to this being your password.[…]

Cayman Bank Targeted By Phineas Fisher Confirms it Was Hacked – 2 TB of data can be searched through now, find the money launderers

On Sunday, Motherboard reported that the hacker or hackers known as Phineas Fisher targeted a bank, stole money and documents, and is offering other hackers $100,000 to carry out politically motivated hacks. Now, the bank Phineas Fisher targeted, Cayman National Bank from the Isle of Man, confirmed it has suffered a data breach. “It is Read more about Cayman Bank Targeted By Phineas Fisher Confirms it Was Hacked – 2 TB of data can be searched through now, find the money launderers[…]

Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases $18m blocked

$18 million of fraudulent charges from the app blocked by malware security platform Secure-D London, October 31st, 2019  – A popular Android keyboard app, ai.type, downloaded more than 40 million times and included in the Google Play app store, has been caught making millions of unauthorized purchases of premium digital content, researchers at mobile technology company Read more about Trick or treating Android Emoji keyboard app makes millions of unauthorized purchases $18m blocked[…]

“BriansClub” Hack finds 26M Stolen Cards

“BriansClub,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 Read more about “BriansClub” Hack finds 26M Stolen Cards[…]

Egypt caught spying on journalists and human rights activists through malware and phishing

Back in March 2019, Amnesty International published a report that uncovered a targeted attack against journalists and human rights activists in Egypt. The victims even received an e-mail from Google warning them that government-backed attackers attempted to steal their passwords. According to the report, the attackers did not rely on traditional phishing methods or credential-stealing Read more about Egypt caught spying on journalists and human rights activists through malware and phishing[…]

Iran tried to hack hundreds of politicians, journalists email accounts last month, warns Microsoft

The Iranian government has attempted to hack into hundreds of Office 365 email accounts belonging to politicians, government officials and journalists last month, Microsoft has warned. “We’ve recently seen significant cyber activity by a threat group we call Phosphorous, which we believe originates from Iran and is linked to the Iranian government,” Microsoft’s vice president Read more about Iran tried to hack hundreds of politicians, journalists email accounts last month, warns Microsoft[…]

Massive wave of account hijacks hits YouTube car community creators, bypassing 2FA

Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of our readers. Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already. The list Read more about Massive wave of account hijacks hits YouTube car community creators, bypassing 2FA[…]

Card stealing MageCart infection swipes customers details and payment cards from fragrancedirect.co.uk

Online merchant fragrancedirect.co.uk has confirmed a miscreant broke into its systems and made off with a raft of customers’ personal data, including payment card details. The e-retailer, based in Macclesfield, England, wrote to punters this week to inform them of the digital burglary and the subsequent data leakage. “We recently discovered that some of our Read more about Card stealing MageCart infection swipes customers details and payment cards from fragrancedirect.co.uk[…]

Doordash  Food delivery services Latest Data Breach – 4.9m people have their physical addresses floating around the internet now

Doordash is the latest of the “services you probably use, or at least have an account with” companies to suffer a large data breach. And while your passwords likely haven’t been compromised, it’s possible that your physical address is floating around in the Internet somewhere, among other identifying information. As Doordash wrote yesterday, an unknown Read more about Doordash  Food delivery services Latest Data Breach – 4.9m people have their physical addresses floating around the internet now[…]

Football Leaks: Possible Interest Conflict Dogs Probe

Eurojust, the European Union agency that facilitates cooperation between EU prosectuors, had extended the invitation for a working meeting, the focus of which was on the probes into findings from Football Leaks, the largest data leak in history. But the meeting produced more controversy than expected. Ten countries have expressed interest in the gigantic trove Read more about Football Leaks: Possible Interest Conflict Dogs Probe[…]

up to 2% of all Apple iPhones Hacked, says Google, and Breaks ALL messaging Encryption as well as sending location data

The potential impact of the latest attack on iPhones is massive, not to mention hugely concerning for every user of Apple’s famous smartphone. That simply visiting a website can lead to your iPhone being hacked silently by some unknown party is worrying enough. But given that, according to Google researchers, it’s possible for the hackers Read more about up to 2% of all Apple iPhones Hacked, says Google, and Breaks ALL messaging Encryption as well as sending location data[…]

Data Breach in Adult Site Luscious Compromises Privacy of All Users

Luscious is a niche pornographic image site focused primarily on animated, user-uploaded content. Based on the research carried out by our team, the site has over 1 million registered users. Each user has a profile, the details of which could be accessed through our research. Private profiles allow users to upload, share, comment on, and Read more about Data Breach in Adult Site Luscious Compromises Privacy of All Users[…]

Google’s AI can be manipulated into “accidentally” deactivating targetted user accounts

Jordan B. Peterson had his gmail account deactivated and I had the opportunity to inspect the bug report as a full-time employee. What I found was that Google had a technical vulnerability that, when exploited, would take any gmail account down. Certain unknown 3rd party actors are aware of this secret vulnerability and exploit it. Read more about Google’s AI can be manipulated into “accidentally” deactivating targetted user accounts[…]

Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants

A hacker raided Capital One’s cloud storage buckets and stole personal information on 106 million credit card applicants in America and Canada. The swiped data includes 140,000 US social security numbers and 80,000 bank account numbers, we’re told, as well as one million Canadian social insurance numbers, plus names, addresses, phone numbers, dates of birth, Read more about Capital One gets Capital Done: Hacker swipes personal info on 106 million US, Canadian credit card applicants[…]

Google to Pay only $13 Million for sniffing passwords and emails over your wifi using Street View cars between 2007 – 2010

After nearly a decade in court, Google has agreed to pay $13 million in a class-action lawsuit alleging its Street View program collected people’s private data over wifi from 2007 to 2010. In addition to the moolah, the settlement—filed Friday in San Francisco—also calls for Google to destroy all the collected data and teach people Read more about Google to Pay only $13 Million for sniffing passwords and emails over your wifi using Street View cars between 2007 – 2010[…]

Evite Invites Over 100 Million People to Their Data Breach – with cleartext passwords

“In April 2019, the social planning website for managing online invitations Evite identified a data breach of their systems. Upon investigation, they found unauthorised access to a database archive dating back to 2013. The exposed data included a total of 101 million unique email addresses, most belonging to recipients of invitations. Members of the service also Read more about Evite Invites Over 100 Million People to Their Data Breach – with cleartext passwords[…]

Bitpoint cryptocurrency exchange hacked for $32 million

Japan-based cryptocurrency exchange Bitpoint announced it lost 3.5 billion yen (roughly $32 million) worth of cryptocurrency assets after a hack that happened late yesterday, July 11. The exchange suspended all deposits and withdrawals this morning to investigate the hack, it said in a press release. Thoroughly compromised In a more detailed document released by RemixPoint, Read more about Bitpoint cryptocurrency exchange hacked for $32 million[…]

UK data regulator threatens British Airways with 747-sized fine for massive personal data blurt

The UK Information Commissioner’s Office has warned BA it faces a whopping £183.39m following the theft of million customer records from its website and mobile app servers. The record-breaking fine – more or less the lower end of the price of one of the 747-400s in BA’s fleet – under European General Data Protection Regulation Read more about UK data regulator threatens British Airways with 747-sized fine for massive personal data blurt[…]

Zipato Zipamicro smart home hub totally pwned

In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which, when chained together, could be abused to open a front door with a smart lock. Smart home technology has come under increasing scrutiny in the past year. Although convenient to some, security experts have long warned that adding Read more about Zipato Zipamicro smart home hub totally pwned[…]

Telcos around the world were so severely pwned, they didn’t notice the hackers setting up VPN points

Hackers infiltrated the networks of at least ten cellular telcos around the world, and remained hidden for years, as part of a long-running tightly targeted surveillance operation, The Register has learned. This espionage campaign is still ongoing, it is claimed. Cyber-spy hunters at US security firm Cybereason told El Reg on Monday the miscreants responsible Read more about Telcos around the world were so severely pwned, they didn’t notice the hackers setting up VPN points[…]

U.S. and Iran’s Hackers Are Trading Blows

Chris Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, issued a statement on June 22 following similar warnings from private American cybersecurity firms. Krebs, whose recently renamed agency is tasked with protecting American critical infrastructure, said CISA is “aware of a recent rise in malicious cyber activity” against American Read more about U.S. and Iran’s Hackers Are Trading Blows[…]