ICT Security-Sécurité PC et Internet

Bloomberg reports on what seems to be a security scandal at Uber.

The ride-sharing firm concealed the theft of personal information related to 57 million customers and drivers, and rather than inform the concerned parties "paid hackers $100,000 to delete the data and keep the breach quiet."

The hack which Uber says is said to have happened in October 2016, and included the names, email addresses and phone numbers of 50 million Uber customers across the globe.

Bloomberg has the skinny on how the hack occurred, and it doesn't portray Uber in a good light, being the latest example of careless developers leaving internal login passwords lying around online:

Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

Joe Sullivan, Uber's chief security officer (and at one time the main security honcho at Facebook), spearheaded the company's response to the breach alongside one other employee. Both are said to have left their positions at Uber this week.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Uber concealed a massive data breach for more than a year, according to a report by Bloomberg.

Hackers stole names, email addresses, and phone numbers of 57 million Uber riders around the world in a breach dating back to October 2016. Data on more than 7 million drivers was also stolen, including over 600,000 drivers' license records.

Trip records, location data, and social security numbers were not stolen in the breach, the company said.

But instead of alerting users of the breach, the company paid the hackers $100,000 to delete the data and to keep details of the breach quiet.

The company confirmed the breach, in a lengthy statement posted on Tuesday.

"As Uber's CEO, it's my job to set our course for the future, which begins with building a company that every Uber employee, partner and customer can be proud of," said Dara Khosrowshahi. "For that to happen, we have to be honest and transparent as we work to repair our past mistakes."

According to Bloomberg, two hackers broke into a private GitHub repo used by Uber software engineers, and were able to gain access to an Amazon Web Services account that handled and controlled tasks by the ride-sharing service. The hackers found a trove of rider and driver data, downloaded it, and reportedly emailed the company demanding money.

Uber has said, however, that individual riders do not need to take "any action," following the announcement.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Deloitte, one of the world's biggest accounting, auditing, and corporate finance consulting firms, has suffered a data breach.

Third hack at a financial institution this month

The company is one of the so-called "Big Four" accounting firms, together with Ernst & Young, KPMG, and PricewaterhouseCoopers. The Big Four provide accounting and other financial services to almost all major businesses across the globe.

The Deloitte hack is the third security breach at a major financial agency this month alone, after similar incidents at Equifax and the US Securities and Exchange Commission (SEC).

A hacker who phished the login credentials of LA County employees is believed to have compromised the personal data of over 750,000 people.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Online training sitey Lynda.com has suffered a security incident which saw a user database accessed by unauthorised parties.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Jetzt erotische Treffen, Sex oder etwas Heißes finden" - mit diesem Slogan wirbt die Sex-Kontaktbörse AdultFriendFinder (AFF). Etwas Heißes haben dort auch offenbar Unbekannte gefunden, die in das Netzwerke der Betreiberfirma FriendFinder eingedrungen sein sollen, meldet das Info-Portal "LeakedSource" . Die Daten von 412 Millionen Nutzern der verschiedenen Angebote des Unternehmens seien dabei kompromittiert worden.

Der Datensatz, der "LeakedSource" vorliegt, soll Informationen zu knapp 340 Millionen Nutzerkonten von AdultFriendFinder enthalten. Weitere 70 Millionen Datensätze werden FriendFinder-Angeboten wie Cams.com und Stripshow.com zugeordnet. Einem Bericht von "zdnet" zufolge enthalten die Datensätze E-Mail-Adressen und Passwörter, aber keine Angaben zu sexuellen Vorlieben.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

At least 58 million people have had their personal information published on the internet – including their names, dates of birth, email and postal addresses, job titles, phone numbers, vehicle data, and IP addresses – after a hacker stole a massive unsecured database.

And, if you think that sounds bad, there may be yet more hacked data still to be exposed.

The sensitive information appears to have been exfiltrated from Modern Business Systems (MBS), a company that provides businesses with online data storage and database hosting solutions, by a hacker calling themselves 0x2Taylor on Twitter.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Yahoo has confirmed that at least 500 million Yahoo accounts were put at risk by a data breach in 2014. Here is what you need to know, and what you need to do.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Yahoo...

Carbonite is the latest firm to have issued a warning that hackers are attempting to break into its users accounts, and are prompting all users to change their passwords as a result.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Passwords

http://www.scoop.it/t/securite-pc-et-internet/?tag=CARBONITE

MySpace’s turn

Well, it’s happened again.

This time, the breach is said to come from MySpace, and the number of passwords claimed is an eye-popping 427 million.

Apparently, there are only 360 million users on the list, but some accounts have more than one password listed, for reasons that aren’t explained.

Once again, the passwords allegedly exposed in this breach were simple, unsalted SHA-1 hashes, vulnerable to just the same sort of high-speed try ’em all attack as in the LinkedIn breach of 2012.

According to Leaked Source, lots of passwords have already been cracked, with the top 50 choices so far accounting for more than 6 million passwords, or 1.5% of the total.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Turkey is investigating how hackers have posted online the identity data of some 50 million Turks, including what they said were details about the president and prime minister, after what is believed to be the biggest data breach seen in the country.

While no group has taken credit for uploading the data to a website called the Turkish Citizenship Database, the comments posted suggest Turkey may be a target of political hackers.

The 1.5 gigabyte compressed file contains the national identity number, date of birth and full address for 49.6 million Turks, according to the website, or around two thirds of the population.

The website said it included the ID information of President Tayyip Erdogan, Prime Minister Ahmet Davutoglu and former president Abdullah Gul and taunted the president.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Un expert de l’équipe GReAT (Global Research & Analysis Team) de Kaspersky Lab a réalisé une véritable enquête de terrain dans une clinique privée afin de tenter d’en explorer les failles de sécurité et les façons d’y remédier. Il a ainsi découvert des vulnérabilités dans les équipements médicaux permettant aux cybercriminels d’accéder aux données personnelles des patients, ainsi qu’à leur état de santé.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=eHealth

http://www.scoop.it/t/ict-security-tools/?tag=Ransomware

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Uber sind bereits vor gut einem Jahr Daten von rund 50 Millionen Fahrgästen gestohlen worden. Der Fahrdienst-Vermittler informierte die Öffentlichkeit aber erst am Dienstag über den Vorfall.

Es gehe um Namen, E-Mail-Adressen und Telefonnummern von Nutzern rund um die Welt, erklärte Uber dem Finanzdienst Bloomberg. Außerdem hätten sich die Angreifer auch Zugriff auf Daten von etwa sieben Millionen Uber-Fahrern verschafft.

Es seien aber keine Kreditkarten-Daten oder Informationen zu Fahrten gestohlen worden, betonte die Firma.

Uber räumte nun ein, dass über die Attacke weder Behörden noch Betroffene informiert worden seien. Stattdessen seien den Hackern 100.000 Dollar (rund 85.000 Euro) bezahlt worden, damit sie die gestohlenen Daten vernichten.

„Nichts davon hätte passieren dürfen“

Uber gehe davon aus, dass die Informationen nicht verwendet worden seien, hieß es. Die Hacker seien durch eine schlecht geschützte Datenbank an die Daten gekommen. Der Uber-Sicherheitschef Joe Sullivan wurde diese Woche entlassen, wie Uber weiter mitteilte.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Uber concealed a hack that affected 57 million customers and drivers, the company has confirmed.

The 2016 breach was hidden by the ride-sharing firm which paid hackers $100,000 (£75,000) to delete the data.
The company's former chief executive Travis Kalanick knew about the breach over a year ago, according to Bloomberg, which first broke the news.

The hackers found 57 million names, email addresses and mobile phone numbers, Uber said.
Within that number, 600,000 drivers had their names and license details exposed. A resource page for those affected has been set up.

Drivers have been offered free credit monitoring protection, but per Uber's statement, affected customers will not be given the same.
"While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection," Uber's chief executive Dara Khosrowshahi said.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

https://www.scoop.it/t/securite-pc-et-internet/?&tag=Uber

Le cabinet d’audit Deloitte a annoncé avoir été victime d’une attaque informatique ayant visé l’un des serveurs de mails utilisés pour échanger avec ses clients. Plus de 240.000 emails d’employés auraient été potentiellement affectés par l’attaque.

Dans sa communication, la société confirme le piratage annoncé par le Guardian, mais explique que le nombre de victimes est une « fraction » des chiffres avancés dans les médias. Pour l’instant, la portée réelle de l’attaque et le nombre de sociétés touchées restent donc impossibles à déterminer : Deloitte doit sûrement avoir une petite idée, vu que ses équipes enquêtent discrètement sur l’affaire depuis maintenant six mois.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=DATA-BREACHES

The records of more than one billion Yahoo users, secretly stolen from the site in 2013 but only brought to the world's attention this month...

The records of more than one billion Yahoo users, secretly stolen from the site in 2013 but only brought to the world’s attention this month, have reportedly been sold on the computer underground.

InfoArmor’s Andrew Komarov told the New York Times that his firm has uncovered that the valuable data has been sold to three buyers – “two known spammers and an entity that appeared more interested in espionage”, the paper reports – for about US $300,000 each.

That means, if you are an affected Yahoo user, that personal information (including your backup email addresses, security questions & answers, and – potentially – passwords) are in the hands of criminals.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

http://www.scoop.it/t/securite-pc-et-internet/?tag=Yahoo..

Hundreds of millions of users put at risk after AdultFriendFinder and other sites suffer hack.

What has happened?

The AdultFriendFinder website appears to have been hacked, exposing the personal information of hundreds of millions of user accounts.

What is AdultFriendFinder?

I don’t want to be indelicate, so I’ll just tell you it’s strapline: “Hookup, Find Sex or Meet Someone Hot Now”.

Oh! So like Ashley Madison?

Yes, very much so. And we all know what a big story that was, how extortionists attempted to blackmail users, and how lives were damaged as a result. Fortunately, information about individuals’ sexual preferences do not appear to have been included in the exposed databases.

Still, it sounds nasty – and there clearly remains the potential for blackmail. Are there any .gov and .mil email addresses associated with the exposed accounts in this latest breach?

I’m afraid so. Of the 412 million accounts exposed on the breached sites, in 5,650 cases, .gov email addresses have been used to register accounts. The same goes for 78,301 .mil email addresses.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

The web design platform Weebly was hacked in February, according to the data breach notification site LeakedSource. Usernames and passwords for more than 43 million accounts were taken in the breach, although the passwords are secured with the strong hashing algorithm bcrypt.

Weebly said in an email to customers that user IP addresses were also taken in the breach.

“We do not believe that any customer website has been improperly accessed,” Weebly said in the notice to users.” The company also said that it does not store credit card information, making fraudulent charges unlikely.

LeakedSource said it received the Weebly database from an anonymous source and notified Weebly of the breach. In addition to the customer notification emails, LeakedSource claims that password resets are being issued — but, if you’re a Weebly user and you don’t receive a password reset, you probably want to change your password anyway.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

A former Yahoo executive familiar with the company's security believes the hack involves many more than 500 million accounts, as Yahoo claims.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Yahoo - nun also doch? Hacker sollen 200 Millionen Nutzerdaten erbeutet haben. Für Yahoo kommt das ungelegen.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

A database with 154 million US voter registration records has been leaking information on a dizzying array of intimate details, including gun ownership, Facebook profiles, address, age, position on gay marriage, ethnicity, email addresses and whether a voter is “pro-life.”

MacKeeper security researcher Chris Vickery found the instance of a CouchDB database wide open, configured as it was for public access with no username, password, or other authentication required.

As Vickery said in a post, he tracked down and notified the company that was the source of the database. It was shut down within 3 hours.

On Tuesday, Vickery reached out to the company – a data brokerage firm named L2 – to report his theory: that one of its clients had purchased data from L2 and was hosting it in an insecure manner.

L2 said that yes, that was the case. He and L2 CEO Bruce Willsie tracked down the client, and the database was taken offline within 3 hours.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

The company that runs the forums admitted failings, but underplayed the hack.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Over seven million members of the independent Minecraft “Lifeboat” community have had their security and privacy put at risk after hackers breached servers and stole usernames, email addresses and MD5-hashed passwords.7 million Minecraft Pocket Edition players put at risk after Lifeboat hack

Over seven million members of the independent Minecraft “Lifeboat” community have had their security and privacy put at risk after hackers breached servers and stole usernames, email addresses and MD5-hashed passwords.

It’s important to note that only players of the smartphone edition of Minecraft were affected, and even then only if they were members of the independent “Lifeboat” community, which runs a variety of servers offering free-to-play multi-player games on the Minecraft platform.

All the same, Lifeboat has over seven million users. And unsalted MD5 hashes are a notoriously weak way to secure passwords, making it trivial for criminals to crack.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES

Die digitale Türkei wiegt gerade mal 6,6 GB – so groß sind die unkomprimierten Daten von 49.611.709 türkischen Bürgern im Klartext, die gestern Abend veröffentlicht worden sind. Die Daten beinhalten außer den jeweiligen Namen im Klartext und der Adresse die eindeutige Indentifizierungsnummer, die nationale Nummer, üblich in der Türkei, den Geburtsort, das Geburtsdatum sowie die Namen der Eltern. Als Beispiel haben die Hacker die Daten des türkischen Präsidenten Recep Erdogan, des türkischen Ministerpräsidenten Ahmet Davutoglu und des ehemaligen Präsidenten Abdulla Gul veröffentlicht.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=DATA-BREACHES