Entries with tag brian krebs.

56 Million Cards Exposed in Home Depot Breach

Home Depot has confirmed that as many as 56 million payment cards were exposed in a breach of the DIY retailer’s payment system. These were stolen from the retailer between April and September 2014. Home Depot says it has “eliminated” the malware. No specific date was given. Krebs on Security reports that Home Depot is claiming the malware was “something previously unseen, contrary to rumors that it was the same hack used to infiltrate Target’s machines.” The Target hack exposed an estimated 40 million cards. MasterCard officials reportedly told banks only self-checkout terminals were involved, but the investigation is ongoing. Krebs on Security says roughly 1,700 of the nearly 2,200 U.S. stores and 112 stores in Canada were potentially affected. (Tech Crunch)(Forbes)(Krebs on Security – 1)(Krebs on Security – 2)

Home Depot Confirms Giant Data Breach

Home Depot confirmed that hackers breached its payment systems at US and Canadian stores, making it the latest victim in a wave of high-profile cybercrimes that have hit large companies since late last year. Experts estimate the attack on the home-improvement giant could be among the largest data breaches to date, with perhaps 60 million payment-card numbers stolen. The retailer, which has 2,200 stores in the US and Canada, has not indicated the number of customers affected. The breach may have affected anyone who shopped at Home Depot stores in the US and Canada from April to September 2014, said company spokesperson Paula Drake. The company is offering free identity protection and credit-monitoring services to these customers. Investigative security journalist Brian Krebs broke   the news about the attack on 2 September. He said he found some of the stolen payment-card data for sale on black market websites. Before Home Depot confirmed the breach, customers in the US state of Georgia filed a class-action lawsuit stating that the company failed to protect customers from fraud and didn’t alert them to the problem in a timely manner. Krebs says the malware used against Home Depot indicates the hackers were the same ones involved in the December 2013 attack on the Target department-store chain, which exposed data for 40 million payment cards. Home Depot says it will begin using systems for using payment cards with embedded chips, which are more secure, by the end of 2014. (BBC)(The New York Times)(Krebs on Security)

Home Depot Investigates Possible Data Breach

US home-improvement retailer Home Depot is investigating “unusual activity” regarding its customer data, following a report by investigative security journalist Brian Krebs that the company may have suffered a payment-card breach that started in April or May and that may affect all 2,200 US stores. He discovered details about the incident from a posting on a black market forum. Home Depot spokeswoman Paula Drake said if the company confirms that a breach has occurred, it will notify customers immediately. Krebs noted that it appears the hackers responsible “may be the same group of Russian and Ukrainian hackers responsible for [earlier] data breaches at Target, Sally Beauty, and P.F. Chang’s, among others.” . If the breach indeed began in late April or early May 2014, he added, “and if even a majority of Home Depot stores were compromised, this breach could be many times larger than [the] Target [incident], which had 40 million credit and debit cards stolen over a three-week period.” (BBC)(Krebs on Security)

Security Researcher Thwarts Attempt to Frame Him for Heroin Possession

A US-based Internet-security researcher has discovered and blocked a hacker’s attempt to frame him for possession of heroin. Researcher Brian Krebs claims a Russian cybercrime forum’s administrator devised a plan to purchase heroin using bitcoin donations from other forum members and deliver the drugs to Krebs. A compatriot was then supposed to pretend to be a concerned neighbor and call the police to raid the researcher’s house.Krebs, however, saw the plot unfold while monitoring the Russian website and contacted the FBI and local police, who took the drugs once they arrived. Krebs noted that this is not the first attempt by cybercriminals to cause problems for him that might dissuade him from reporting on them. “One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home,” he wrote. “Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more ‘admirers’ paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares.” (BBC)(Krebs on Security) 

Digital Cash Exchange Takedown Hurting Criminals Worldwide

The takedown of a Costa Rican-based digital cash exchange has caused “pain” to the criminals who used the virtual currency service to launder money, according to the US District Court for the Southern District of New York, which named its founder, Arthur Budovsky, and five co-conspirators in the allegation. Users of the service could anonymously exchange funds without requiring their identity to be verified. In addition to seizing the operation and its domains, law enforcement officials seized or restricted the activity of 45 bank accounts. Brian Krebs, a security expert who publishes Krebs on Security, told the BBC he had seen comments posted on crime-linked restricted access forums suggesting many criminal enterprises had suffered “steep losses” as a result. Liberty Reserve, as described  in the unsealed indictment published Tuesday, was “a financial hub of the cyber-crime world, facilitating a broad range of online criminal activity, including credit card fraud, identity theft, investment fraud, computer hacking, child pornography, and narcotics trafficking.”  The federal indictment also stated “Because virtually all of liberty reserve’s business derived from suspected criminal activity, the scope of the defendants’ unlawful conduct is staggering.” Prosecutors estimate that between 2006 and May 2013 the organization laundered more than $6 billion in criminal proceeds, making it “the bank of choice for the criminal underworld.” Of the seven individuals charged in the case, Budovsky was arrested in Madrid, Spain; four others named have been arrested and two more individuals are being sought by law enforcement in Costa Rica. The charges against them, in addition to conspiracy to commit money laundering, include conspiracy to operate an unlicensed money-transmitting business, and operating an unlicensed money-transmitting business. The money laundering count carries a maximum sentence of 20 years in prison; the other two charges have a maximum sentence of five years each. The federal attorneys note Liberty Reserve did have legitimate users, primarily outside the US, who used it as a PayPal alternative for transactions. (BBC)(The New York Times)(Krebs on Security)

Showing 5 results.