Sales engagement company Apollo have announced that hackers have stolen over 200 million data records. They reported the breach was on its contact database. Apollo have informed their customers of the breach via email. The breach was noticed “weeks after system upgrades in July”.

The database in question contains publicly available data including names, employer details, job titles, social media account names, phone numbers and email addresses. Tim Zheng, Apollo Chief Executive claims he informed customers in line with their values around transparency, however he has declined to answer questions on the topic.

We have confirmed that the majority of exposed information came from our publicly gathered prospect database, which could include name, email address, company names, and other business contact information. Some client-imported data was also accessed without authorization.

Although this a large scale and serious data breach, Apollo have assured customers that financial, social security and other sensitive data has not been stolen and remains unaffected. Investigations have been underway since the breach was noticed. As of now there is little information about the investigation or its findings.

With the kind of information stolen by the attackers it poses a long terms security threat where they can send personalised phishing emails. However, this attack poses a less immediate security threat than if account names and passwords were stolen, which they were not in this case.

There are also concerns that Apollo may face action from European authorities under the GDPR ruling that came into law in May this year. The GDPR regulation is aimed at protecting customers data and imposing steep fines on companies who mishandled personal data, Apollo would fall into this category.

The post 200 Million Contact Records Stolen in Apollo Data Breach appeared first on Hack Ware News.

They recently discovered that their servers had been compromised by hackers in an attack that spanned from June 2018 until 22 August 2018 when the threat was recognised. Once SHEIN were away of the threat, they acted immediately, scanning the servers for weaknesses that were exploited and removed all possible back door entry points to the servers.

SHEIN have been selective with what information they have shared with the public; however we do know that email addresses and encrypted password information was obtained from the attack. We recommend that if you have an account with SHEIN, that you change your password as soon as possible, it is also good practise to use different passwords as often as you can, and make them complex, a password manager can help you keep track of your passwords.

The only promising news about this incident is that SHEIN don’t believe any payment card details were obtained by the hackers. However, SHEIN have enlisted an international forensic cyber security team to conduct a thorough investigation into the breach, and as a result will update users on their data if new information comes to light over the coming months.

If you do believe your payment card information has been compromised, the best thing to do is to contact your bank immediately, they will be able to issue a new card and enact any necessary security measures.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post US Online Retail Company suffered a data breach affecting 6.5 million customers appeared first on Hack Ware News.

This is the maximum fine that’s allowed by the Data Protection act in the UK. This might seem a small amount for a company that’s worth around $16 billion. But it’s a sign that the UK and maybe even other countries are not taking data breaches lightly.

A similar fine was imposed on Facebook due to the massive Cambridge Analytica scandal, a problem that was quite similar to this, although at a much larger scale. Equifax had a data breach which ended with the exposure of around 145 million people all over the world between May and July 2017.

The information leaked included PII, credit card information, driver license details, social security numbers, addresses, as well as phone numbers, dates of birth and names. As you can see, it was a massive leak and something that lowered the company’s trust quite a bit. The situation appeared because the company didn’t patch an Apache Struts 2 vulnerability on time, even if patches were released by the company.

Is it possible for UK regulators to fine US companies?

The UK ICO agreed that the £500,000 amount is ok for this type of situation. The ICO states that even if this is an US company, the data of many UK citizens was leaked as well, in fact around 15 million people from that were based in the UK, so that’s an extremely high number of people with their data affected.

Around 19993 of them had their driving license numbers, phone, date of birth and name exposed. 637430 of those people had their phone numbers, date of birth and name exposed and 15 million people had only their dates of birth and names exposed. 15000 UK residents also had their addresses, password and username, credit card numbers, spending amounts and account recovery questions stolen as well. As you can see, the issue was severe and there was a need for someone to take action.

The breach was possible due to multiple Equifax failures

The aforementioned Apache Struts 2 vulnerability was only one of the many problems that the company had to deal with. Another thing to note is that the company kept the news of this breach hidden for around a month after they discovered it internally. 3 senior executives from Equifax were able to sell $2 worth of shares, even if the company denies this.

Now that we have GDPR, there are more stringent data protection regulations and the £500,000 amount is still quite low. Based on the GDPR rules, the fines would be a lot higher, up to 20 million euros or 4% of the global revenue.

Equifax stated that they are fully cooperating with the ICO, although they are disappointed in the penalty and the findings as well. They can appeal the penalty though, even if they didn’t do that until this point!

Photo by Chris Lawton on Unsplash

The post Equifax receives a £500,000 fine for its 2017 data breach appeared first on Hack Ware News.

The data breach took place between October 2016 and December 2017 and hackers ma have accessed on the consumer partner platform details such as customers name, address, phone number, date of birth, gender and email address, but no social security numbers for U.S. customers were exposed.  In a statement Orbitz said “We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners.”

Orbitz took steps to investigate and remediation work by engaging leading third-party forensic investigation firm and other cybersecurity experts.

The company is notifying the affected customer and offering one year of free credit monitoring and identity protection service.

The post Data breach: 880000 Payment Cards used on Orbitz.com Compromised appeared first on Hack Ware News.

According to local media, Uber executives responded to the data breach of 57 million customers’ data by paying USD 100,000 to the two hackers responsible for the cyber attacks. In exchange, the hackers will conceal the data breach from the public and delete the information.

Apparently, the breach occurred back in October 2016, where information like names, email addresses and mobile phone numbers of Uber users around the world, and the names and license numbers of 600,000 U.S. drivers were stolen.

The two hackers were believed to access to these sensitives information through third party server, GitHub where proprietary information were stored. Then, the two hackers downloaded driver and rider data from a separate cloud-services provider.

“We do not believe any individual rider needs to take any action.” said the Uber spokesman on the data breach. “We have seen no evidence of fraud or misuse tied to the incident.”

In the meantime, Dara Khosrowshahi, CEO of Uber, has immediately responded to the incident by shoring up cyber-security defenses.

“I’ve asked Matt Olsen, a co-founder of a cybersecurity consulting firm and former general counsel of the National Security Agency and director of the National Counterterrorism Center, to help me think through how best to guide and structure our security teams and processes going forward.” said Khosrowshahi.

To be fair, Khosrowshahi was the newly appointed CEO of Uber from his predecessor, Travis Kalanick and claimed that he did not know of the breach till recently.

“None of this should have happened, and I will not make excuses for it.”  concluded Khosrowshahi.

Upon knowledge of the breach, Uber’s chief security officer, Joe Sullivan and a deputy, Craig Clark was sacked and the company pledged to work closer with the regulators for investigation on the breach.

Uber was not alone in the data breach that seemingly more prevalent in the commercial world. Equifax, FOREVER 21, Deloitte and even the nation of Malaysia were victims of cyber attacks as well with sensitive information being revealed.

The post Uber pays ransom to cover up cyberattack appeared first on Hack Ware News.

The breach came to surface after an individual tried to sell the data over website forums two weeks ago and discovered that the information was already available for download for free. Thus, this alerted a local technology news website, named lowyat.net on 19 October 2017.

The Malaysian authorities are still investigating the breach, involving the Malaysian Communications and Multimedia Commission (MCMC) as well as with police through the Commercial Crime Investigation Department.

Nothing much the consumers can do

Despite the massive ongoing investigation on the telecom breach, there is not much that consumers could do at the moment except changing their SIM cards. As the breach meant that subscribers’ private details such as home address, MyKad numbers, IMSI (international mobile subscriber identity) and the IMEI (international Mobile Equipment Identity) were all revealed in the data leak.

Various personal data from associations like the Malaysian Medical Council, Malaysian Medical Association, Academy of Medicine Malaysia, Malaysian Housing Loan Applications, Malaysian Dental Association, National Specialist Register of Malaysia and Jobstreet.com were leaked as well. The leaked information were then offered up for sale for an undisclosed amount in bitcoin.

Street-smartness to prevent follow up scams

There is no use crying over spill milk, after the data breach the affected subscribers should be more street wise in receiving calls and messages from strangers. In the same time, the users be more cautious in dealing someone calling in or messaging on behalf of the telco for money transfer or installing “telco applications”, which may consist of malwares or spywares. The scammers may use other creative ways to trick users in revealing more information like on financial credits cards and so on.

Nation under siege

Apparently, the whole nation of Malaysia is affected by this data breach and one may point similar incidents of data breaches and cyber-attacks that occurred over the commercial world, like Equifax, Deloitte and Hilton hotel.

Perhaps now we have entered the norm of hacker targeting commercial institutions for useful personal information then follow-up for scams to obtain monetary returns. Thus, gone are the days where robbers broke in brick and mortars, the modern robbery just got more personal, to mobile phones and credit information. To safeguard ourselves, old school values still work – be wise in sharing information and don’t talk to strangers if possible.

The post Malaysia sees biggest data breach at 46.2 million mobile information appeared first on Hack Ware News.