Entries with tag cybertheft.

US Retailers Form Cyberintelligence Sharing Group

An industry trade group and leading US retailers are forming a center designed to allow them to exchange information about data breaches and cyber threats. The group -- formed by The Retail Industry Leaders Association and companies such as Gap, Nike, Target, and Walgreen -- says its efforts are designed to protect consumers’ personal and financial information. The trade group says it began forming the center long before a series of high-profile retail data breaches occurred in the US in late 2013. (The Associated Press)(The New York Times)

Canadian Man First Arrested for Using Heartbleed Exploit

A Canadian man arrested 15 April 2014 is the first person known to have been arrested for using Heartbleed – a vulnerability in Open SSL encryption – in a data breach. Stephen Arthuro Solis-Reyes, 19, of London, Ontario, is being charged with one count of Unauthorized Use of a Computer and one count of Mischief in Relation to Data after he allegedly stole 900 social insurance numbers and other data from the Canada Revenue Agency, according to the Royal Canadian Mounted Police. Computer equipment in the suspect’s home was seized. No other information was released. Those affected by the theft will be contacted by registered mail, according to the agency, which will also offer free credit protection services and additional security on their accounts. Solis-Reyes, a computer science student attending Western University, is scheduled to appear in an Ottawa court 17 July 2014. (Reuters)(The Associated Press)(PC Mag)

Plethora of Purloined Passwords Posted

Researchers with Trustwave's SpiderLabs discovered two million stolen passwords posted online. The finding was made while they were investigating the server or controller associated with a botnet known as Pony. The passwords were taken from users of popular sites and services including Facebook, Google, Yahoo, and Twitter. Victims were from the US, Germany, Singapore, Thailand, and other nations. Researchers said the stolen data included roughly 1,580,000 website login credentials;  320,000 e-mail account credentials; 41,000 FTP account credentials; 3,000 Remote Desktop credentials; and about 3,000 Secure Shell account credentials. They surmise the information was taken using keylogging software. An associated problem is most of the passwords are useless and many users use the same passwords across different websites. Both Facebook and Twitter have reportedly reset affected users’ passwords. (Reuters)(BBC)(Trustwave Spider Labs Blog) 

Showing 3 results.