Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Database breached. Show all posts

RIPTA Hit By Data Breach, Sensitive Information At Risk

Rhode Island Attorney General Peter Neronha earlier this week said that he is opening up an investigation into a data breach which includes Rhode Island Public Transit Authority (RIPTA). The news comes following the outrage that happened this week over the organization's handling of the breach. 

RIPTA's office says that it is currently receiving a lot of calls about the incident, asking them to enquire into what took place. RIPTA sent out a notification on 21 December saying that it suffered a security breach in August. It later confirmed that the data was extracted from their systems on 3rd and 5th August. 

These files had details about RIPTA health plans including address, social security numbers, Medicare identification numbers, date of birth, qualification information, claims information, and health plan member identification. US department of health and human services breach website report that 5,015 people were affected. Recently, the ACLU of Rhode Island asked RIPTA to explain why sensitive information of people with no links to the organization was involved in the data breach. 

"Local ACLU chapter executive director Steven Brown says his chapter has received complaints from people who got letters from RIPTA notifying them that their personal data, including personal health care information, was accessed in a security breach of RIPTA's computer systems," ZdNet reports. 

The letters showed that the number of targets in the list in the US department of health and human services website (5,015) are different than the ones mentioned in the breach sent to victims: 17,378. 

"Worst -- and most inexplicable -- of all, the people who have contacted us are even more deeply distressed by the fact that RIPTA somehow had any of their personal information -- much less their personal health care information -- in the first place, as they have no connection at all with your agency," Brown says. The process was time-consuming, but RIPTA wanted to be sure what data was compromised in the breach and to whom it belonged to.

iiNet urges its Westnet users to change their password after an alleged hack of customer database


iiNet, Australia's’ second largest internet service provider, has urged its more than 30,000 Westnet internet users to change their passwords after a hacker claimed to have gained access to the customer database and put them on sale.

According to a tweet posted by Cyber War News, the unknown hacker claimed to have hacked important details of the customers like passwords, email-addresses, telephone numbers etc.

He is now offering to ‘sell or trade’ Westnet's customer database.

However, he has not mentioned any rate for the information.

Matthew Toohey, chief information officer at iiNet, told Mashable Australia that the hack, which could be an unauthorized access to old customer information stored on a legacy Westnet system, was under investigation and had been reported to law enforcement agencies.

"iiNet takes the privacy and security of customer information extremely seriously," he said. "The 30,827 impacted customers are being contacted with a recommendation they change passwords associated with their accounts as this is the most effective way to ensure security. As a precaution, additional steps have been taken to increase the monitoring of impacted accounts."

The system is now offline.

Orange.fr hacked, details of 800,000 customers stolen

Unknown Hackers have breached the website of Telecoms giant Orange and have compromised details of 800k customers from the www.orange.fr.

According to PCINpact, My accounts page of website has been targeted by hackers on January 16.  Hacker have gained access to personal data including names, email IDs, phone numbers, mail addresses and other details.

Orange states claims only personal information have been accessed by hackers, passwords have not been compromised in the Data Breach.  Customers' bank account numbers are stored in separate server which is not impacted by this breach.

Few hours after became aware of the intrusion, the ISP immediately closed the "My Accounts" page to prevent further attack.  The security hole responsible for the breach is said to have been closed.

The company said only 3% of its customers impacted by the breach.  In an email sent to affected customers,  the company warned them that the stolen data can be used by cyber criminals to launch phishing attacks.

The company has filed a complaint about the breach and working with Police.

World's Largest Bitcoin poker SealsWithClubs website hacked

 
It appears any websites that do Bitcoin transactions are coming under the radar of Hackers.  SealsWithClubs is the latest victim.

Online Poker service SealsWithClubs which is claimed to be the world's largest bitcoin poker site has admitted their database server containing user credentials compromised by the hackers.

They said the stolen passwords are hashed and salted but urged users to change their password. If you used the same password anywhere else, you are recommended to change there also as precaution.

Ars Technica pointed out a link to the InsidePro forum's post in which an user with online moniker "StacyM" has asked other users to crack 42,000 hashed passwords.

StacyM is offering $20 in Bitcoins for every 1000 unique cracked passwords. Thousands of passwords have already been cracked. He didn't mention the source of those hashes. However, some cracked passwords such as "sealswithclubs", "pokerseals" is appeared to be from the SealsWithClubs website.

SealsWithClubs promises to improve the security measures in the near future including 'ability to permanently lock withdrawal address', 'lock accounts account access except for certain IP addresses'

CBP.gov and OPM.gov hacked by Tunisian Cyber Army & Al-Qaeda Electronic Army

Following the Pentagon and State.gov security breach, the Tunisian Cyber Army and Al-Qaeda Electronic Army has attacked two more United States Government websites.

Today, they have targeted the U.S. customs and Border Protection (cbp.gov) and Office of Personnel Management (OPM.gov). 

The team managed to extract the information from the target database by exploiting the critical SQL Injection vulnerability in those websites.



TCA team told EHN that they have compromised information such as username, encrypted passwords(they managed to crack), private emails.

In an email sent to E Hacking News, the hacker provided the vulnerable link of both websites.  For a security reasons, we are not disclosing the links here.

The hack is part of the their ongoing operation called as "#OpBlackSummer", an operation against U.S.  So far, they have hacked large number of websites and compromised data. The hacker said their next target is Gas and Petroleum companies.

Islami Bank Bangladesh website hacked by Human Mind Cracker

The Tunisian hacker 'Human Mind Cracker' who discover critical vulnerability in high profile website, come with another interesting vulnerability finding. He discovered SQL Injection Vulnerability in one of the Bangladesh Bank website , "Islami Bank Bangladesh Ltd"(islamibankbd.com).

In an email sent to EHN, the hacker provided the vulnerable link and a link to the dump(heypasteit.com/clip/0MWN).

"The vulnerability was SQL injection...I report it many times..but they didn't reply and they didn't fix it yet...So I get into their database." Hacker said in the mail.

The dump contains database details, encrypted password, email address, admin id and password.


He also discovered Cross Site scripting security flaw in Feedback sending page of Islami Bank.

This is not the first time the Bank sites are being targeted by Human Mind cracker.  Last time, he discovered SQLi in Tunisian Bank site. 

The hacker always like to be a Grey Hat hacker and like to help the admin of site by reporting the vulnerability. But the admin fails to respond and fails to patch the security flaw.

#OpRollRedRoll: AnonAcid leaked records of 50,000 Steubenville, Ohio Citizens



A Hacker with Twitter handle AnonAcid has claimed to have leaked the records of more than Steubenville,Ohio residents as part of the operation called
"OpRollRedRoll".

The campaign has been launched after news broke out that authorities might be protecting members of the Steubenville football team accused of abusing a 15-year-old girl.

The hacker uploaded the dump in Mediafire.  According to his pastebin post, the leak contains address,emails,personal information,dates of births,current address,phone numbers,names,state,country,city,current location,firstname, lastname, middlename, many many more.

The hacker didn't mention the origin of the data .

http://pastebin.com/Pf6HMATe


"City Of Steubenville,Your justice system is broke and needs to be fixed maybe this might help a little. Bring justice to the girl who was raped " The hacker wrote in the post.

He also published a list of individuals suspected of being involved in the abuse and demands that they be sent to jail.

Hackers breached SC Department of Revenue and steal 3.6M SSNs, credit card data

one of the largest computer breaches in the South Carolina:

hackers breach

Hackers breached the South Carolina Department of Revenue website(sctax.org) and steal sensitive information belong to 3.6 Million South Carolina taxpayers .

The data stolen by hackers includes 3.6 Million social Security Numbers(SSN) and 387,000 credit card and debit card numbers.

The S.C Department of Revenue became aware of the breach on October 10 but the investigation revealed the intrusion occurred in mid-September.  The vulnerability exploited by hacker has been fixed on October 20.

The state is offering affected taxpayers with one year of credit monitoring and identity theft protection from Experian.

If you are one of the person who filed a South Carolina tax return since 1998, you are urged to visit protectmyid.com/scdor or call 1- 866-578-5422 to determine if their information is affected. If so, then you can immediately enroll in 1 year of identity protection.