At the end of September, it was revealed that a Facebook security flaw allowed the access tokens of over 50 Million accounts to be stolen. Access tokens allow users to stay signed in on devices, rather than signing in every time they interact with a Facebook app. On Friday 12 October, after weeks of investigation, Facebook reported that the actual number of accounts affected was 30 million, not 50.

The investigation into how this was made possible, and the extent of the data stolen is still ongoing, but Facebook have said there is no need for users to log out or change their password. Facebook forced 90 million users to log out when the breach was discovered.

Users can use this page to check if they were one of the accounts affected in the incident, as well as read any recent findings from the investigation. When you visit page, if you are not one of the affected users it will tell you this in a statement towards the bottom of the page, and there is no further action required from you other than remaining security conscious when it comes to passwords and such. You will also see a message saying your account hasn’t been compromised if you are one of the one million users to who their tokens stolen but information remained safe.

If you fall into the other 29 million users camp, then you will see one of two messages, depending on the level of your information that was stolen. Fifteen million users had their name, email addresses and phone numbers compromised by hackers. While this is serious enough itself, the other 14 million have a more serious data breach problem.

The other 14 million have had the above information stolen, as well as their username, date of birth, devices you use, gender, language settings and possibly more data such as religious and political views. It’s also possible that they accessed your 10 most recent locations and 15 most recent searches, giving a detailed window into your online presence.

There is currently no evidence that hackers used the vulnerability to attack third-party apps and services to gather more information, which was technically possible.  Facebook also continues to report that no passwords of credit card information has been compromised. We are yet to see the full fallout from the breach, but there is also evidence that Facebook logins are being sold on the dark web.

While that data is now out there in the hands of attackers, Facebook has used their support page to offer some advice on avoiding phishing schemes. This is a good move from Facebook, but it doesn’t make up for the grievous level of the data breach and the users it has left vulnerable to tailored phishing attacks now their data is out there.

Photo by Glen Carrie on Unsplash

The post How to guide: Check if your Facebook Account has been hacked? appeared first on Hack Ware News.

The implant was found to be built into the server’s Ethernet port, giving the spies access to the company’s networks. The server was created by Supermicro, a Chinese manufacturing company who were originally reported to have supplied the spying chip servers in last week’s report.

Bloomberg has come under intense scrutiny following the report’s publishing due to lack of clarity around their sources. Because they haven’t revealed the sources, and because many of the 30 companies, including Apple and Amazon have come forward to deny the allegations, some people are calling into question the legitimacy of the report. However, despite Apple’s initial denial, they later came forward to say they did find an inserted chip on one of their servers, used for testing in their labs. This server was provided by Supermicro.

The Department of Homeland Security put forward a statement on Saturday to say

we have no reason to doubt the statements from the companies named in the story

by companies they are referring to Apple and Amazon, who have both denied the Bloomberg report allegations. The UK’s primary cyber security agency GCHQ have stood by Homeland security’s statement. Apple’s vice president of information security, George Stathakopoulos has said he will make himself available for questioning this week.

The report also fails to name the major telecommunications company in question, adding to this frustration around lack of transparency over the claims.

The post Major US telecom hacked by tampered Chinese Ethernet port appeared first on Hack Ware News.

Sales engagement company Apollo have announced that hackers have stolen over 200 million data records. They reported the breach was on its contact database. Apollo have informed their customers of the breach via email. The breach was noticed “weeks after system upgrades in July”.

The database in question contains publicly available data including names, employer details, job titles, social media account names, phone numbers and email addresses. Tim Zheng, Apollo Chief Executive claims he informed customers in line with their values around transparency, however he has declined to answer questions on the topic.

We have confirmed that the majority of exposed information came from our publicly gathered prospect database, which could include name, email address, company names, and other business contact information. Some client-imported data was also accessed without authorization.

Although this a large scale and serious data breach, Apollo have assured customers that financial, social security and other sensitive data has not been stolen and remains unaffected. Investigations have been underway since the breach was noticed. As of now there is little information about the investigation or its findings.

With the kind of information stolen by the attackers it poses a long terms security threat where they can send personalised phishing emails. However, this attack poses a less immediate security threat than if account names and passwords were stolen, which they were not in this case.

There are also concerns that Apollo may face action from European authorities under the GDPR ruling that came into law in May this year. The GDPR regulation is aimed at protecting customers data and imposing steep fines on companies who mishandled personal data, Apollo would fall into this category.

The post 200 Million Contact Records Stolen in Apollo Data Breach appeared first on Hack Ware News.

The breach was discovered this week, and is the latest controversy surrounding Facebook after British company Cambridge Analytica gained access to information of 87 million users, and the controversy surrounding disinformation in elections. However, this breach has been the largest in the company’s 14-year history.

Facebook has said the attackers exploited two bugs in the site’s “View as” feature. The feature, which was designed to give users a clearer view of their presence and more control over their privacy, allows users to check what information other people can see about them. The flaw allowed users to gain “access tokens” which allow access to accounts, through Facebook’s video-uploading program for birthday celebrations. Although it’s not yet known when the attack happened, it seems to occurred after the video-uploading program was introduced. Attacked attempted to harvest user’s personal identifiable information (PII). After the attack was discovered, Facebook forced 90 million users to log out. Facebook has not announced where in the world the 50 million users are.

There have been some major changes in Facebook’s security teams after its Chief Security Officer, Alex Stamos left in August this year for a teaching position at Stanford University. Facebook decided to split the team members so that security employees work within different teams across the company, in order to make security an innate part of Facebook.

Facebook’s data breach was a trending topic on Friday with users posting the breaking story as news outlets released it. User’s found that some of their posts were removed because Facebook’s algorithm saw them as suspicious activity or spam.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post 50 Million accounts exposed after Facebook security breach appeared first on Hack Ware News.

The teen told the court he hacked into Apple’s server’s multiple times, over the course of a year, between 2015 and 2017. His presence was eventually detected on the servers, leading to him being blocked and the Federal Bureau of Investigation (FBI) contacted to conduct an investigation. The FBI enlisted the help of the Australian Federal Police (AFP), who located the teen and raided his home to arrest him. The AFP seized several Apple products from his home, including 2 laptops, a mobile phone, and a hard drive harbouring a suspicious file, aptly name “Hacky Hack Hack Methods Exclude”. The data they seized was found to be sensitive from a commercial point of view.

The court heard that the teen used a virtual private network (VPN) in order to remotely connect to Apple’s systems and steal data. He did this by installing a malicious script, designed to access the systems and bypass the security and firewall features, eventually leading them to the right places, where they could download the data.

In response to this attack, Apple has released a statement assuring customers that no personal information was gained from the attack. The lenient sentence has meant that the unnamed boy can now move on with this life and go to university, where he intends to study criminology and cyber safety.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Teen who hacked Apple gets no Jail Time appeared first on Hack Ware News.

The British airline says the personal and financial details of payment cards belonging to around 380,000 customers were stolen in the hack. The hacked data included names, home addresses, email and postal addresses, as well as payment information like credit card numbers and expiration dates and credit card security codes.

The pеrsonal and financial dеtails of customers making bookings on our wеbsite and app wеre compromised. We are invеstigating, as a matter of urgеncy, the theft of customеr data from our wеbsite and our mobilе app. The stolеn data did not includе travel or passport details,

the airline said in a press statement via its website (www.ba.com).

BA advised anyone who believed they may have been affected to contact their bank or credit card vendor and follow their recommendations. As for compensation, the company said:

“We will be contacting affеcted customers directly and will managе any claims on an individual basis.” It said that evеry customers affеcted will be fully rеimbursed and that the airlinе would pay for a “crеdit checking service”.

It also stated that customers due to travel could check in online as normal as the incident had been resolved.

We take the protеction of our customеrs’ data seriously, and are vеry sorry for the concеrn that this criminal activity has caused. The brеach has been resolvеd and our wеbsite is working normally. We have notifiеd the police and rеlevant authorities.

British Airways Chief Executive, Alex Cruz, confirmed that the hackers did not break the company’s encryption, but didn’t clarify how they gained access to clients’ data.

BA says it has issued guidance on how customers can reset their passwords on the company website.

“Click the Forgottеn Pin/Password link on thе top right-hand cornеr of the ba.com homеpage. We recommend you choosе a uniquе password that you do not usе for any othеr online account,” it stated.

It is not yet clear how the data breach happened, but reports say it was identified by a third party when they noticed some unusual activities and informed the company about it.

The British Airways won’t be the first airline company this year to be hacked. In August, Air Canada confirmed a data breach which affected 20,000 customers. Also in July, British travel company – Thomas Cook, admitted that hackers had unauthorized access to names, emails and flight details of its customers although the airline company insisted less than 100 bookings were compromised. Again in 2017, BA was forced to cancel 726 flights over the course of three days because of a computer meltdown which left around 75,000 passengers stranded and cost the company about £100million.

https://twitter.com/British_Airways/status/1037755174700417025

Photo by Francois Van on Unsplash

The post British Airways Got Hacked with Details of 380000 Customers Stolen from its Website appeared first on Hack Ware News.

The malicious variant was detected by security researchers in the source code of the MEGA.nz Chrome extension version 3.39.4, released early Tuesday (04Sep2018) as an update and this has triggered a major security alert from the company. In response, MEGA announced the serious breach has affected an unknown number of users.

On the 4th September 2018 at 14:30 UTC, an unknown attackеr uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome webstore,

it stated in a statement.

The New Zealand company says that whenever a user installs or auto-updates to the trojanеd extension, it seeks for permissions unlike the official extension. And this includes the ability to read and change ALL data on sites that the user visits. Experienced users may quickly suspect malicious activities but a vast majority of people would not have understood the risks.

Plеase note that if you visitеd any site or madе use of another extеnsion that sends plain-text crеdentials through POST rеquests, either by dirеct form submission or through a background XMLHttpRеquest (XHR) process while the trojanеd extension was active, considеr that your crеdentials were compromised on thеse websites and/or applications,

the company warns.

MEGA states that Google engineers have already removed the extension from the Chrome Web Store, and also disabled the variant extension for existing users.

Four hours aftеr the breach occurred, the trojanеd extension was updatеd by MEGA with a clеan version (3.39.5), auto-updating affеcted installations. Google rеmoved the extеnsion from the Chrome wеbstore five hours after the brеach,

the company explained.

According to an analysis about detecting the source of the trojaned extension, it was found that the malicious extension was programed to steal user credentials on specific websites like Amazon, Live (Microsoft), Google (Webstore), GitHub, MyMonero and MyEtherWallet web wallet services, as well as IDEX crypto trading platform.

While user data for these websites were specifically targeted, MEGA states that this is something serious due to the trojaned extension attempting to steal information. It would record usernames, passwords and other online session credentials that hackers would need to impersonate users. If it’s a cryptocurrency website, the hacker would be able to extract the private keys required to access users’ funds. The extension was also found to be sending all collected data to a server hosted in Ukraine and located at http://www.megaopac.host.

This serious attack affects mainly those who had the auto-update MEGA Chrome extension enabled and had it installed at the time of the incident, or anyone who freshly installed v3.39.4 of the extension (and accepted permissions).

The attack was first discovered by a security researcher called SerHack, who immediately tweeted a warning that the v3.39.4 had been breached before other security experts quickly jumped in, analyzed the extension and reported their findings.

Confirmed that it also extracts private keys if you login to MyMonero and/or MyEtherWallet in a browser with the extension installed. https://t.co/fpVK11zZ9Z

— Ric “el pony esponjoso” (@fluffypony) September 4, 2018

The post Mega Chrome Extension Hacked, Laced with Data-Stealing Malware appeared first on Hack Ware News.

They’re also busy sowing chaos on Instagram as well resulting in thousands of users being forced to say goodbye to their Instagram accounts and their hundreds of respective followers. For some unknown reason, these Instagram accounts are being hijacked by Russian hackers rendering them inaccessible.

This problem has apparently been going on for weeks.

Because regaining access to accounts is largely automatic, albeit a torturous one, the issue has gone unreported for some time. That is until it trended on Twitter where Instagram users have voiced their frustrations. Instagram mainly sends automatic messages to users on how to regain access to their accounts as well as some tips to help the users secure their accounts.

Though Instagram, which has more than 1 billion users, says it hasn’t seen an uptick in hacks, a search of Twitter data suggests otherwise. Twitters users have directed approximately 798 tweets to Instagram’s official account with the word ‘hack’ since the beginning of the month, compared with about 40 tweets during the same period in July… There are numerous reports of hacks on Reddit, and a Google Trends search shows a spike in searches for “Instagram hacked” on Aug. 8, and again on Aug. 11.

–Mashable

We are aware that some people are having difficulty accessing their Instagram accounts. If you think you have been impacted, please follow our guidance to regain access: https://t.co/DfHpQuk9SJ

— Instagram (@instagram) August 15, 2018

–Instagram, Twitter

Thousands of users report that they suddenly found themselves unable to access their accounts. When they try to access, they find that their registered emails have been changed to something with a .ru domain. Users profile pictures have also been replaced with stills from popular Disney/Pixar films as well as their phone numbers and short bios. The .ru domain mostly points to Russian involvement though given the benefit of a doubt, people can easily register to a Russian email service.

What’s common about the hack is that the accounts involved may not have had enough security, weak passwords and the lack of two-factor authentication. But two-factor authentication is also not a guarantee that accounts will not be hacked as there were victims that also use the security feature which is quite unnerving, as the feature though tedious, guarantees a high level of security.

Users have been voicing their frustrations over Twitter and other social media avenues on how Instagram has failed to support them. Frustrated users have threatened to say “doh sveedahneeyah” to the platform, while many are anxious to leave as Instagram has become their social media avenue in terms of additional exposure for business. Many of these accounts have hundreds if not thousands of followers these users depend on. Some have put up replacement accounts until Instagram gets their act together.

Security experts speculate that the hacked accounts not recovered will be used as spam bots and that the contents will become a measure of proof that they’re valid. Users mostly see the hacks as a danger to their privacy; or in terms of social media, selective exposure. By now, the best option for Instagram users is to immediately switch to a new, more secure password, enable two-factor authentication and to post pre-emptive warnings and maybe even set up a backup account.

The post Users Say “Doh sveedahneeyah” to Their Instagram Accounts appeared first on Hack Ware News.

According the social media giant the hacker(s) gained read-only access to some of it’s systems that included source code, internal logs, users backup data and other files.

Reddit CTO Christopher Slowe admitted:

“Although this was a serious attack, the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code, and other logs,”

The company is working with law enforcement authorities and has informed affected users. Mr Slowe advised users not to rely on SMS-based 2FA and use token-based 2FA. He also revealed that the head of security joined Reddit 2,5 months ago.

Not the 1s time for Reddit

Back in 2016, Reddit reset password for 100,000 users as they found out that the malicious third parties had account takeover (ATOs)

The post Reddit suffers major ‘security breach’ and hacker gained access to Reddit’s internal systems, despite SMS Two-Factor Authentication on employee accounts. appeared first on Hack Ware News.

– AdRemover for Google Chrome (10M+ users)

– HD for YouTube (400K+ users)

If any of the above extension have been installed in your Chrome browser, chances are you could have been hacked.

Andrey Meshkov, a security researcher and co-founder of Adguard discovered these 5 malicious chrome extensions that have a combined 20M+ users. According to Andrey these extensions are copycuts of some well recognized extensions.

“All the extensions I’ve highlighted are simple rip-offs with a few lines of code and some analytics code added by the authors,” Meshkov says.

The post > 20 Million Users installed Malicious Ad Blockers Extensions from Chrome Store appeared first on Hack Ware News.