1.2 billion usernames and passwords hacked
US security firm Hold Security, has uncovered the “largest data breach known to date” affecting companies and individuals worldwide. The unidentified Russian group behind the attack has stolen 1.2 billion usernames and passwords belonging to more than 500 million email addresses coming from 420,000 websites, including those belonging to market leaders in virtually all industries globally. The gang initially acquired databases of stolen credentials from the black market which were then used to attack websites to install malware. The details of those affected have not been released, but Hold Security has offered a breach notification service to companies in return for the payment of a fee.
Paddy Power breach exposed
One of the UK and Ireland’s biggest bookmakers has revealed it was the victim of a massive cyber attack affecting 649,055 customers in 2010. Customers who held accounts since 2010 or earlier have been affected by the breach which involved customer names, usernames, addresses, email addresses, phone numbers and dates of birth being stolen. The office of the Data Protection Commissioner has stated that the breach should have been reported in 2010 and that an investigation has been launched into the incident. Paddy Power is now in the process of contacting those affected.
European Central Bank data stolen
The European Central Bank (the ‘ECB’) has revealed that there has been a breach on its website, with approximately 20,000 email addresses and other contact details stolen. A hacker has accessed a database that served its website containing the personal data (some of which had not been encrypted) of attendees of ECB events. The ECB were made aware of the breach when the hacker sent an anonymous email, demanding money for the data to be returned. The ECB has announced that all those whose personal data has been compromised will be contacted and all system passwords have been reset. Expert reveals plane vulnerabilities to cyber attack Hacker and cybersecurity expert Ruben Santamarta, is set to present a report on how inflight WiFi and passenger entertainment systems leave planes’ satellite communication equipment vulnerable to cyber attack. Santamarta has demonstrated the ability to breach the firmware of avionics equipment from several manufacturers which could cause chaos to communications and navigations systems. Although his theory has only been tested in a controlled, simulated environment, the vulnerabilities discovered have caused widespread concern amongst the airline industry.
Another Facebook privacy petition
The Trans-Atlantic Consumer Dialogue has petitioned the Federal Trade Commission to open a probe into Facebook’s practices after the social network announced plans to deliver more targeted advertising by viewing user habits on other sites. The group claim that the web browsing activities violate the privacy of individuals. The petition comes as Austrian student Max Schrems, appeals to 1 billion Facebook users around the world to join a class-action lawsuit against Facebook. Schrems who already has a case pending at the European Court of Justice, has now filed a claim at Vienna’s commercial court claiming damages of EUR 500 per user for alleged privacy violations, including the tracking of users on external websites through Facebook’s “like” button.
Microsoft ordered to produce customer emails
A federal district judge in New York has affirmed a decision that Microsoft must hand over the contents of one of its customer’s e-mail accounts stored in a data centre in Ireland. Microsoft and other US companies had originally challenged the criminal search warrant issued at the request of US authorities, arguing that federal prosecutors cannot seize customer information held in foreign countries. However following the 2 hour court hearing the tech giant was required to hand over any data it controlled, regardless of where it was stored. It is unclear what type of investigation led to the warrant, which remains under seal. Microsoft has been allowed to appeal to the 2nd US Circuit Court of Appeals.
U.S. House passes cyber security bills
The U.S. House of Representatives has passed three cybersecurity bills aimed at strengthening the federal government’s ability to prevent and respond to cyber attacks. The National Cybersecurity and Critical Infrastructure Protection Act will codify U.S. cyber communications centres to enable information on real-time cyber threats to be shared across infrastructures. The Act will also create a partnership between the Department of Homeland Security (the ‘DHS’) and private industry to expedite incident response and shared intelligence. The other Acts passed, focus upon strengthening the DHS’ research ability, technology procurement and cybersecurity workforce.