Category Archives: Security Breaches

T-Mobile reported that its cyber-security team “discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities.”  The data theft occurred in the morning on Monday, August 20, 2018.

According to Motherboard, the hackers exploited an internal API (application programming interface) on its servers that handled personal information.

The data from approximately 2 million people included:

• Name
• Billing address
• ZIP code
• Phone number
• Email address
• Account number
• Account type (prepaid or postpaid)
• Encrypted passwords

Source: https://www.pcworld.com/article/3300160/security/t-mobile-data-hack-faq.html

Hackers used malware to steal customer payment data from most of Chipotle Mexican Grill Inc’s restaurants over a span of three weeks, the company said on Friday, adding to woes at the chain whose sales had just started recovering from a string of food safety lapses in 2015.

Chipotle said it did not know how many payment cards or customers were affected by the breach that struck most of its roughly 2,250 restaurants for varying amounts of time between March 24 and April 18, spokesman Chris Arnold said via email.

A handful of Canadian restaurants were also hit in the breach, which the company first disclosed on April 25.

Stolen data included account numbers and internal verification codes. The malware has since been removed.

The information could be used to drain debit card-linked bank accounts, make “clone” credit cards, or to buy items on certain less-secure online sites, said Paul Stephens, director of policy and advocacy at the non-profit Privacy Rights Clearinghouse.

Source: https://www.reuters.com/article/us-chipotle-cyber-idUSKBN18M2BY

It was originally reported that the personal data of 4 million current, former and potential federal employees was stolen from the Office of Personnel Management (OPM) web site.  Now that total is believed to be closer to 18 million records.

The Chinese government is believed to be the source of the attack, although they have disputed this statement.

The OPM office learned of the data breach after it launched an effort to tighten its cyber security defense system. When it found malicious activity authorities used a system called EINSTEIN to unearth the information breach in April, the Department of Homeland Security said.

Read the full story on CNN.

Digital Constitution, Microsoft’s site dedicated to combating US surveillance, was breached the evening of June 17.  The hackers may have used vulnerabilities found in an order version of WordPress to gain entry.  The site was displaying spam links to casino-related pages.

The full story is available on ZDnet.

The popular but vulnerable tool to store your passwords has been hacked according to a posting on their own web site.

They detected an intrusion to their servers and said that while encrypted user data (aka your stored passwords for other sites) was not stolen the hackers did take LastPass account email addresses, password reminders, server per user salts and authentication hashes.  If you use this service you should change your login password immediately.

This loss of sensitive information will never happen using our service, metaPassword, since your password never leaves your browser.  It is never stored on our server, so your master password remains secure no matter what.

See:
http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571