Twitter says it has fixed an API problem that would have allowed someone to match phone numbers en masse to corresponding accounts, which could potentially unmask anonymous users. The flaw could have been found and exploited by state-sponsored actors, the social media firm warns.
For close to three years, a technology executive was hounded by a persistent attacker who stole his identity, opened credit cards in his name, and wired funds from his bank account. Though SpyCloud helped bring this particular criminal to justice, these tactics are common in targeted attacks.
If your account...
A federal judge in Atlanta has given final approval to a settlement that resolves a class action lawsuit against credit bureau Equifax, which in 2017 suffered one of the largest data breaches in history. The minimum cost to Equifax will be $1.38 billion.
For two years, an attack group using Ukraine-based infrastructure has been creating hundreds of lookalike domains to target customers of 14 different Canadian banks via phishing attacks, security researchers at Check Point warn.
An alleged member of The Dark Overlord hacking group who apparently made dumbfounding operational security mistakes while trying to extort U.S. companies has pleaded not guilty. Nathan Wyatt is perhaps the only person associated with the notorious hacking group who left a clear digital trail.
The notorious Joker's Stash carder marketplace has recently listed for sale 460,000 records, including four "Turkey-Mix" batches that feature never-before-seen payment card data that traces to Turkey's 10 largest banks, says cybersecurity firm Group-IB.
One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.
Victims of a massive 2018 Facebook data breach can continue a class-action lawsuit to try and force the social network to maintain "reasonable" information security practices, a federal judge has ruled. But he dismissed the plaintiff's attempt to receive monetary compensation for the breach.
Twitter users no longer have to supply a phone number in order to use two-step verification for authentication. The move will better protect accounts from SIM hijacking attempts and also means users don't have to sacrifice some of their privacy to enable a security feature.
A Texas resident has been sentenced to 12 years in federal prison for hacking into the Los Angeles Superior Court computer system and sending out approximately 2 million phishing emails to steal hundreds of credit and payment card numbers.
The prices for specific types of cybercriminal tools on darknet sites continue to rise, according to a recent analysis by security firm Flashpoint. Payment card and passport data remain the most sought-after commodities on these forums, research shows.
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.