Sales engagement company Apollo have announced that hackers have stolen over 200 million data records. They reported the breach was on its contact database. Apollo have informed their customers of the breach via email. The breach was noticed “weeks after system upgrades in July”.

The database in question contains publicly available data including names, employer details, job titles, social media account names, phone numbers and email addresses. Tim Zheng, Apollo Chief Executive claims he informed customers in line with their values around transparency, however he has declined to answer questions on the topic.

We have confirmed that the majority of exposed information came from our publicly gathered prospect database, which could include name, email address, company names, and other business contact information. Some client-imported data was also accessed without authorization.

Although this a large scale and serious data breach, Apollo have assured customers that financial, social security and other sensitive data has not been stolen and remains unaffected. Investigations have been underway since the breach was noticed. As of now there is little information about the investigation or its findings.

With the kind of information stolen by the attackers it poses a long terms security threat where they can send personalised phishing emails. However, this attack poses a less immediate security threat than if account names and passwords were stolen, which they were not in this case.

There are also concerns that Apollo may face action from European authorities under the GDPR ruling that came into law in May this year. The GDPR regulation is aimed at protecting customers data and imposing steep fines on companies who mishandled personal data, Apollo would fall into this category.

The post 200 Million Contact Records Stolen in Apollo Data Breach appeared first on Hack Ware News.

Attackers gained access to the accounts through a vulnerability discovered after the Facebook’s “view as” feature was introduced earlier in the year

The feature allows users greater control of their privacy by letting them view their account as another user. Once attacks gained access to the Facebook accounts, they also gained access to accounts logged in via Facebook such as Tinder, Instagram, Airbnb and Spotify.

Since Friday’s attack the Facebook logins for the leaked accounts have started appearing for sale on the dark web, for as little as $3.90 each, with some email logins being sold for $2.70, according to Money Guru

Researchers found that for $970 it was possible to purchase a person’s online footprint, including all usernames, passwords and email addresses. The best way to protect yourself and your accounts is to always opt for a multiple step verification process where possible. For example, a 2-factor authentication any time you log into Facebook from a new device.

UK Based company Money Guru, who released these findings, said social media account details are frequently targeted by hackers because they give a good insight in targeted advertising. The report found that other accounts were also being offered for sale on the dark web. Reddit accounts came in slightly cheaper at $2.09, and Instagram and Pintrest on the more expensive end at $6.30 and $8.48 respectively.

Facebook has said that they are working with the FBI in investigating the hack and will inform users when they know more. CEO Mark Zuckerberg has assured users that passwords and credit card information was not accessed.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Facebook logins are being sold on the dark web after 50 million users hacked appeared first on Hack Ware News.

The breach was discovered this week, and is the latest controversy surrounding Facebook after British company Cambridge Analytica gained access to information of 87 million users, and the controversy surrounding disinformation in elections. However, this breach has been the largest in the company’s 14-year history.

Facebook has said the attackers exploited two bugs in the site’s “View as” feature. The feature, which was designed to give users a clearer view of their presence and more control over their privacy, allows users to check what information other people can see about them. The flaw allowed users to gain “access tokens” which allow access to accounts, through Facebook’s video-uploading program for birthday celebrations. Although it’s not yet known when the attack happened, it seems to occurred after the video-uploading program was introduced. Attacked attempted to harvest user’s personal identifiable information (PII). After the attack was discovered, Facebook forced 90 million users to log out. Facebook has not announced where in the world the 50 million users are.

There have been some major changes in Facebook’s security teams after its Chief Security Officer, Alex Stamos left in August this year for a teaching position at Stanford University. Facebook decided to split the team members so that security employees work within different teams across the company, in order to make security an innate part of Facebook.

Facebook’s data breach was a trending topic on Friday with users posting the breaking story as news outlets released it. User’s found that some of their posts were removed because Facebook’s algorithm saw them as suspicious activity or spam.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post 50 Million accounts exposed after Facebook security breach appeared first on Hack Ware News.

They recently discovered that their servers had been compromised by hackers in an attack that spanned from June 2018 until 22 August 2018 when the threat was recognised. Once SHEIN were away of the threat, they acted immediately, scanning the servers for weaknesses that were exploited and removed all possible back door entry points to the servers.

SHEIN have been selective with what information they have shared with the public; however we do know that email addresses and encrypted password information was obtained from the attack. We recommend that if you have an account with SHEIN, that you change your password as soon as possible, it is also good practise to use different passwords as often as you can, and make them complex, a password manager can help you keep track of your passwords.

The only promising news about this incident is that SHEIN don’t believe any payment card details were obtained by the hackers. However, SHEIN have enlisted an international forensic cyber security team to conduct a thorough investigation into the breach, and as a result will update users on their data if new information comes to light over the coming months.

If you do believe your payment card information has been compromised, the best thing to do is to contact your bank immediately, they will be able to issue a new card and enact any necessary security measures.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post US Online Retail Company suffered a data breach affecting 6.5 million customers appeared first on Hack Ware News.

This is the maximum fine that’s allowed by the Data Protection act in the UK. This might seem a small amount for a company that’s worth around $16 billion. But it’s a sign that the UK and maybe even other countries are not taking data breaches lightly.

A similar fine was imposed on Facebook due to the massive Cambridge Analytica scandal, a problem that was quite similar to this, although at a much larger scale. Equifax had a data breach which ended with the exposure of around 145 million people all over the world between May and July 2017.

The information leaked included PII, credit card information, driver license details, social security numbers, addresses, as well as phone numbers, dates of birth and names. As you can see, it was a massive leak and something that lowered the company’s trust quite a bit. The situation appeared because the company didn’t patch an Apache Struts 2 vulnerability on time, even if patches were released by the company.

Is it possible for UK regulators to fine US companies?

The UK ICO agreed that the £500,000 amount is ok for this type of situation. The ICO states that even if this is an US company, the data of many UK citizens was leaked as well, in fact around 15 million people from that were based in the UK, so that’s an extremely high number of people with their data affected.

Around 19993 of them had their driving license numbers, phone, date of birth and name exposed. 637430 of those people had their phone numbers, date of birth and name exposed and 15 million people had only their dates of birth and names exposed. 15000 UK residents also had their addresses, password and username, credit card numbers, spending amounts and account recovery questions stolen as well. As you can see, the issue was severe and there was a need for someone to take action.

The breach was possible due to multiple Equifax failures

The aforementioned Apache Struts 2 vulnerability was only one of the many problems that the company had to deal with. Another thing to note is that the company kept the news of this breach hidden for around a month after they discovered it internally. 3 senior executives from Equifax were able to sell $2 worth of shares, even if the company denies this.

Now that we have GDPR, there are more stringent data protection regulations and the £500,000 amount is still quite low. Based on the GDPR rules, the fines would be a lot higher, up to 20 million euros or 4% of the global revenue.

Equifax stated that they are fully cooperating with the ICO, although they are disappointed in the penalty and the findings as well. They can appeal the penalty though, even if they didn’t do that until this point!

Photo by Chris Lawton on Unsplash

The post Equifax receives a £500,000 fine for its 2017 data breach appeared first on Hack Ware News.

Credit card and payment information was unfortunately skimmed from the popular electronics website between August 14 and September 18, 2018 putting millions of customers at risk. If you’ve ever shopped at Newegg between those dates, it’s best to consult with your credit card company and take appropriate measures.

Newegg unfortunately became victim to the same group that recently victimized British Airways and Ticketmaster. The group known as Magecart managed to inject a digital version of a credit card skimmer composed of 15 lines of JavaScript code into Newegg’s checkout page.

This code works within the background, not interrupting the checkout process, making Newegg and its customers unaware for more than a month, that it’s been skimming customer payment information and sending that info to a remote server. The remote server named neweggstats.com would look transparent to the user in case the activity appeared in the browser status bar. The domain is legit and it even has an SSL certificate.

Up to fifty million customers visit Newegg every month for their electronics needs so it’s safe to say that those affected by this breach could be at least seven digits. That’s a substantial number of info compared to Ticketmaster and British Airways where Magecart got away with the credit card data of over 300,000 victims.

The code shared remarkable similarities with the British Airways breach leading authorities to believe that Magecart is responsible. If it were this easy for Magecart to infiltrate three websites, who knows what other companies are affected.

Yesterday, we learned one of our servers had been injected with malware which may have allowed some of your information to be acquired or accessed by a third party… The malware was quite sophisticated and we are conducting extensive research to determine exactly what information may have been acquired or accessed and how many customers may have been impacted.

–Danny Lee, CEO, Newegg

The code Magecart used to skim credit card information is only 15 lines long, injecting that in there can only be done through malware which may have infiltrated the offices of Newegg and the two other companies. The malware then somehow gives Magecart access to the victim’s web server and injects its payload.

Knowing where to insert the code involved some sleuthing into Newegg’s checkout page which can easily be done with modern browsers. It seems browsers may need to include a mechanism to determine if a page holds or processes financial information and exempt them from being debugged by non-company employees.

…It’s becoming clear to the industry that these simple yet clever attacks are not only devastating, they’re becoming more and more prevalent. Newegg is just the latest victim,

–RiskIQ

Newegg has of course removed the nasty code and reached out customer’s potentially affected by the reach via email.

The post Hackers Crack Newegg appeared first on Hack Ware News.

The British airline says the personal and financial details of payment cards belonging to around 380,000 customers were stolen in the hack. The hacked data included names, home addresses, email and postal addresses, as well as payment information like credit card numbers and expiration dates and credit card security codes.

The pеrsonal and financial dеtails of customers making bookings on our wеbsite and app wеre compromised. We are invеstigating, as a matter of urgеncy, the theft of customеr data from our wеbsite and our mobilе app. The stolеn data did not includе travel or passport details,

the airline said in a press statement via its website (www.ba.com).

BA advised anyone who believed they may have been affected to contact their bank or credit card vendor and follow their recommendations. As for compensation, the company said:

“We will be contacting affеcted customers directly and will managе any claims on an individual basis.” It said that evеry customers affеcted will be fully rеimbursed and that the airlinе would pay for a “crеdit checking service”.

It also stated that customers due to travel could check in online as normal as the incident had been resolved.

We take the protеction of our customеrs’ data seriously, and are vеry sorry for the concеrn that this criminal activity has caused. The brеach has been resolvеd and our wеbsite is working normally. We have notifiеd the police and rеlevant authorities.

British Airways Chief Executive, Alex Cruz, confirmed that the hackers did not break the company’s encryption, but didn’t clarify how they gained access to clients’ data.

BA says it has issued guidance on how customers can reset their passwords on the company website.

“Click the Forgottеn Pin/Password link on thе top right-hand cornеr of the ba.com homеpage. We recommend you choosе a uniquе password that you do not usе for any othеr online account,” it stated.

It is not yet clear how the data breach happened, but reports say it was identified by a third party when they noticed some unusual activities and informed the company about it.

The British Airways won’t be the first airline company this year to be hacked. In August, Air Canada confirmed a data breach which affected 20,000 customers. Also in July, British travel company – Thomas Cook, admitted that hackers had unauthorized access to names, emails and flight details of its customers although the airline company insisted less than 100 bookings were compromised. Again in 2017, BA was forced to cancel 726 flights over the course of three days because of a computer meltdown which left around 75,000 passengers stranded and cost the company about £100million.

https://twitter.com/British_Airways/status/1037755174700417025

Photo by Francois Van on Unsplash

The post British Airways Got Hacked with Details of 380000 Customers Stolen from its Website appeared first on Hack Ware News.

The malicious variant was detected by security researchers in the source code of the MEGA.nz Chrome extension version 3.39.4, released early Tuesday (04Sep2018) as an update and this has triggered a major security alert from the company. In response, MEGA announced the serious breach has affected an unknown number of users.

On the 4th September 2018 at 14:30 UTC, an unknown attackеr uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome webstore,

it stated in a statement.

The New Zealand company says that whenever a user installs or auto-updates to the trojanеd extension, it seeks for permissions unlike the official extension. And this includes the ability to read and change ALL data on sites that the user visits. Experienced users may quickly suspect malicious activities but a vast majority of people would not have understood the risks.

Plеase note that if you visitеd any site or madе use of another extеnsion that sends plain-text crеdentials through POST rеquests, either by dirеct form submission or through a background XMLHttpRеquest (XHR) process while the trojanеd extension was active, considеr that your crеdentials were compromised on thеse websites and/or applications,

the company warns.

MEGA states that Google engineers have already removed the extension from the Chrome Web Store, and also disabled the variant extension for existing users.

Four hours aftеr the breach occurred, the trojanеd extension was updatеd by MEGA with a clеan version (3.39.5), auto-updating affеcted installations. Google rеmoved the extеnsion from the Chrome wеbstore five hours after the brеach,

the company explained.

According to an analysis about detecting the source of the trojaned extension, it was found that the malicious extension was programed to steal user credentials on specific websites like Amazon, Live (Microsoft), Google (Webstore), GitHub, MyMonero and MyEtherWallet web wallet services, as well as IDEX crypto trading platform.

While user data for these websites were specifically targeted, MEGA states that this is something serious due to the trojaned extension attempting to steal information. It would record usernames, passwords and other online session credentials that hackers would need to impersonate users. If it’s a cryptocurrency website, the hacker would be able to extract the private keys required to access users’ funds. The extension was also found to be sending all collected data to a server hosted in Ukraine and located at http://www.megaopac.host.

This serious attack affects mainly those who had the auto-update MEGA Chrome extension enabled and had it installed at the time of the incident, or anyone who freshly installed v3.39.4 of the extension (and accepted permissions).

The attack was first discovered by a security researcher called SerHack, who immediately tweeted a warning that the v3.39.4 had been breached before other security experts quickly jumped in, analyzed the extension and reported their findings.

Confirmed that it also extracts private keys if you login to MyMonero and/or MyEtherWallet in a browser with the extension installed. https://t.co/fpVK11zZ9Z

— Ric “el pony esponjoso” (@fluffypony) September 4, 2018

The post Mega Chrome Extension Hacked, Laced with Data-Stealing Malware appeared first on Hack Ware News.

The company notified its customers of a data breach involving its iOS, Android and BlackBerry mobile application which may have led to the exposure of passport details belonging to around 20,000 customers, approximately 1% of its 1.7 million app users.

The airline released a statement on Wednesday (29 Aug 18) via its website informing the public of the data breach. The company said it detected “unusual login behavior” on the app between August 22 and 24. In a mail to the affected customers, Air Canada says all 1.7 million users will have to reset their account passwords.

“Due to the lаrgе volume, ѕоmе customers mау experience a dеlау іn the process tо сhаngе thеіr passwords. Wе ask customers tо bе patient аnd assure thеm their data іѕ protected аnd nоt accessible tо unauthorized uѕеrѕ.”

Yоur privacy аnd thе protection оf your data аrе extremely іmроrtаnt tо Air Canada,” the airline company said. “Our ѕесurіtу іѕ multilayered, аnd we work wіth leading іnduѕtrу experts tо continuously іmрrоvе our рrасtісеѕ аѕ technology аnd security рrосеdurеѕ evolve.

Resets will automatically happen when a user logs in to the mobile app. Password resets can also be initiated via the Air Canada portal.

Air Canada, apparently, has downplayed the effects of the incident stating that the risk of a third-party individual obtaining a passport in your name is minimal on the proviso that you still have your passport, your identity documents and proof of citizenship.

The Canadian Government cannot issue a new passport tо аnуоnе based only on the information found іn a passport

thе company added.

Despite the Canadian company taking “immediate action” so as to block the attempt to compromise its system, experts warned that users of the Air Canada mobile app who have had their passport details entered into the product may have had that data stolen.

Many experts believe that such information theft poses a serious ID fraud risk. For those 20,000 people believed to be directly affected by the attack, two types of personal information were put at risk:

• Basic Profile Data such as name, telephone numbers, email address and Air Canada Aeroplan account number.
• Sensitive Data users might have also added to their profiles, such as passport number and expiration date, passport country of issuance, NEXUS number (a system in some countries allowing rapid border crossing for trusted travelers), traveler number, date of birth, gender, nationality and country of residence.

However, the airline stated that credit card data were not compromised because they were encrypted. Passwords associated with the airline’s Aeroplan points program were also not at risk, but warns users to still monitor transactions on their accounts.

Air Canada joins the ranks of companies that have admitted data breaches in recent months. The airline emphasized that it is adopting improved password guidelines. It’s not yet known if the attack was a direct breach of Air Canada’s systems or the hackers reused users’ passwords from other sites on Air Canada’s mobile app.

The post Air Canada Data Breach appeared first on Hack Ware News.