1.2 billion usernames and passwords hacked

US security firm Hold Security, has uncovered the “largest data breach known to date” affecting companies and individuals worldwide.  The unidentified Russian group behind the attack has stolen 1.2 billion usernames and passwords belonging to more than 500 million  email addresses coming from 420,000 websites, including those belonging to market leaders in virtually all industries globally. The  gang initially acquired databases of stolen credentials from the black market which were then used to attack websites to install  malware. The details of those affected have not been released, but Hold Security has offered a breach notification service to companies  in return for the payment of a fee. 

Paddy Power breach exposed 

One of the UK and Ireland’s biggest bookmakers has revealed it was the victim of a massive cyber attack affecting 649,055  customers in 2010. Customers who held accounts since 2010 or earlier have been affected by the breach which involved customer  names, usernames, addresses, email addresses, phone numbers and dates of birth being stolen. The office of the Data Protection  Commissioner has stated that the breach should have been reported in 2010 and that an investigation has been launched into the  incident. Paddy Power is now in the process of contacting those affected. 

European Central Bank data stolen

The European Central Bank (the ‘ECB’) has revealed that there has been a breach on its website, with approximately 20,000 email  addresses and other contact details stolen. A hacker has accessed a database that served its website containing the personal data  (some of which had not been encrypted) of attendees of ECB events. The ECB were made aware of the breach when the hacker sent  an anonymous email, demanding money for the data to be returned. The ECB has announced that all those whose personal data has  been compromised will be contacted and all system passwords have been reset.  Expert reveals plane vulnerabilities to cyber attack  Hacker and cybersecurity expert Ruben Santamarta, is set to present a report on how inflight WiFi and passenger entertainment  systems leave planes’ satellite communication equipment vulnerable to cyber attack. Santamarta has demonstrated the ability to  breach the firmware of avionics equipment from several manufacturers which could cause chaos to communications and navigations  systems. Although his theory has only been tested in a controlled, simulated environment, the vulnerabilities discovered have caused  widespread concern amongst the airline industry. 

Another Facebook privacy petition 

The Trans-Atlantic Consumer Dialogue has petitioned the Federal Trade Commission to open a probe into Facebook’s practices after  the social network announced plans to deliver more targeted advertising by viewing user habits on other sites. The group claim that  the web browsing activities violate the privacy of individuals. The petition comes as Austrian student Max Schrems, appeals to 1  billion Facebook users around the world to join a class-action lawsuit against Facebook. Schrems who already has a case pending at  the European Court of Justice, has now filed a claim at Vienna’s commercial court claiming damages of EUR 500 per user for alleged  privacy violations, including the tracking of users on external websites through Facebook’s “like” button. 

Microsoft ordered to produce customer emails

A federal district judge in New York has affirmed a decision that Microsoft must hand over the contents of one of its customer’s e-mail  accounts stored in a data centre in Ireland. Microsoft and other US companies had originally challenged the criminal search warrant  issued at the request of US authorities, arguing that federal prosecutors cannot seize customer information held in foreign countries.  However following the 2 hour court hearing the tech giant was required to hand over any data it controlled, regardless of where it was  stored. It is unclear what type of investigation led to the warrant, which remains under seal. Microsoft has been allowed to appeal to  the 2nd US Circuit Court of Appeals.

U.S. House passes cyber security bills

The U.S. House of Representatives has passed three cybersecurity bills aimed at strengthening the federal government’s ability to  prevent and respond to cyber attacks. The National Cybersecurity and Critical Infrastructure Protection Act will codify U.S. cyber  communications centres to enable information on real-time cyber threats to be shared across infrastructures. The Act will also  create a partnership between the Department of Homeland Security (the ‘DHS’) and private industry to expedite incident response  and shared intelligence. The other Acts passed, focus upon strengthening the DHS’ research ability, technology procurement and  cybersecurity workforce.