Tag: incident

Forever 21 breach exposed customer credit card info for months

If you shopped at a Forever 21 store this year, there’s a chance your credit card information may have been stolen, CNET reports. The retail store confirmed this week that between April 3rd and November 18th of this year, a number of point of sale terminals at stores across the US were breached. While it hasn’t provided any numbers on how many customers were affected, Forever 21 did say that in most cases, card numbers, expiration dates and verification codes, but not cardholder names, were obtained by hackers. However, in some cases names were also obtained. Encryption is usually used by the store to protect its payment processing system, but in some stores, the encryption was sometimes off, opening up their point of sale terminals to malware. Not every terminal in every affected store was infected with the malware and not every store was impacted during the full time period of the breach. In some cases, credit card data stored in certain system logs prior to April 3rd were also exposed. Forever 21 said payment processing systems outside of the US work differently but that it was investigating whether non-US stores were affected as well. Purchases made through its website weren’t impacted by the breach. Chipotle and GameStop suffered similar breaches this year while hotel giant HEI announced it was hit with the same type of data breach last year . In a statement , Forever 21 said, “In addition to addressing encryption, Forever 21 is continuing to work with security firms to enhance its security measures. We also continue to work with the payment card networks so that the banks that issue payment cards can be made aware of this incident. Lastly, we will continue to support law enforcement’s investigation of this incident.” Via: CNET Source: Forever 21

Read More:
Forever 21 breach exposed customer credit card info for months

Cryptocurrency mining marketplace loses $64 million to hackers

A cryptocurrency marketplace called NiceHash has suffered a security breach that left its bitcoin wallet tens of millions of dollars lighter. Slovenia-based NiceHash connects miners, or people selling their hashing/computer power, with people willing to pay for that power. Andrej P. Škraba, the marketplace’s head of marketing, told Reuters that the company was targeted by “a highly professional attack” that involved “sophisticated social engineering.” He also revealed that the infiltrators got away with 4, 700 bitcoins — or around $64 million. Before Škraba talked to Reuters , NiceHash posted an announcement on Reddit and on its website that it’s pausing all operations for the next 24 hour to investigate the incident. The post said the company’s payment system was compromised, and that it’s working with authorities on top of conducting its own investigation. Unfortunately, Škraba didn’t reveal more details than that, but it’s advising users to change their passwords on NiceHash and other services — a great advice now that bitcoin looks more alluring to hackers than ever. It has soared past $15, 000 in value, just hours after it broke past the $14, 000 mark. Authorities in some countries are cracking down on cryptocurrency, however, in hopes of gaining greater control over the virtual currency. Source: Reuters , Reddit

View the original here:
Cryptocurrency mining marketplace loses $64 million to hackers

Code mistake freezes up to $280 million in digital currency

Imagine if one person’s code error deprived you of a pile of money, and there was no guarantee you’d get your funds back. Wouldn’t you be hopping mad? That’s how many cryptocurrency owners are feeling right now. The digital wallet company Parity is warning users that a large volume of Ethereum funds have effectively been frozen after code contributor devops199 claims to have accidentally deleted the library needed to use multi-signature wallets (those that require more than one signature to move funds) created after July 20th. Devops triggered a long-unpatched bug that turned Parity’s wallet contract into a standard multi-signature wallet, making every wallet “suicide” and erase the guiding library code. Whether or not you believe that it was a mistake, it could have very serious consequences. Observers estimate that there could be more than 1 million in ether locked away, which would amount to roughly $280 million. A lower estimate still pegs the damage at over $150 million. Parity describes these figures as “speculative” and suggests you should take them with a grain of salt, but there’s no question that some Ethereum holders are suddenly without a lot of cash. This doesn’t mean that the currency is permanently off-limits, but unfreezing it and compensating users could involve a bailout. And whatever happens, the incident highlights a simple problem: digital wallets and cryptocurrency in general are only as reliable as the code that guides them. The software needs to be airtight if you’re going to tie your livelihood to non-traditional income. Via: Comae (Medium) , Business Insider Source: Parity , Twitter , GitHub

See the article here:
Code mistake freezes up to $280 million in digital currency