An anonymous reader writes from a report via Softpedia: A listing was published today on TheRealDeal Dark Web marketplace claiming to be offering data on over 200 million Yahoo users, sold by the same hacker that was behind the LinkedIn, Tumblr, MySpace, and VK data dumps. In statements to Softpedia, Yahoo said it was investigating the breach, but based on the seller’s reputation, it is very likely the data is authentic. The data is up for sale for 3 Bitcoin (approximately ~$1, 800), and based on the sample the hacker provided, the data dump includes details such as usernames, MD5-hashed passwords, and dates of birth for all users. For some records, there is also a backup email address, country of origin, and ZIP code for U.S. users. The hacker, called Peace, has also told Softpedia that he previously made $50, 000 from the LinkedIn breach alone, and over $65, 000 in total from all breaches. Read more of this story at Slashdot.
See the original article here:
Hacker Selling Data For 200 Million Yahoo Users On The Dark Web
An anonymous reader writes: Washington State has filed a lawsuit against Comcast to the sum of $100 million, accusing Comcast of “engaging in a pattern of deceptive practices.” It claims that Comcast’s documents reveal a pattern of illegally deceiving its own customers for profit. KOMO News reports: “The lawsuit (PDF) alleges more than 1.8 million individual violations of the Washington Consumer Protection Act. The Attorney General’s Office says 500, 000 Washington consumers were affected. The lawsuit also accuses Comcast of violating the Consumer Protection Act to all of its nearly 1.2 million Washington subscribers due to its deceptive ‘Comcast Guarantee, ‘ Ferguson said. The lawsuit accuses Comcast of misleading 500, 000 Washington consumers and deceiving them into paying at least $73 million in subscription fees over the last five years for what the attorney general says is a a near-worthless protection plan. Customers who sign up for Comcast’s Service Protection Plan pay a $4.99 monthly fee to avoid being charged if a Comcast technician visits their home. But the plan did not cover wiring inside a wall, the lawsuit says. The Attorney General Office says 75 percent of the time, customers who contacted Comcast were told the plan covered inside wiring. Customer service scripts, which the Attorney General’s Office said it obtained during its investigation, told Comcast representatives to say that the plan covers calls ‘related to inside wiring’ and ‘wiring inside your home.'” According to KOMO News, the lawsuit is seeking more than $73 million in restitution to pay back Service Protection Plan subscriber payments; full restitution for all service calls that applied an improper resolution code, estimated to be at least $1 million; removal of improper credit checks from the credit reports of more than 6, 000 customers; up to $2, 000 per violation of the Consumer Protection Act; and that Comcast clearly disclose the limitations of its Service Protection Plan in advertising and through its representatives, correct improper service codes that should not be chargeable and implement a compliance procedure for improper customer credit checks. Read more of this story at Slashdot. 
An anonymous reader writes from The Register: Vine, the six-second-video-loop app acquired by Twitter in 2012, had its source code made publicly available by a bounty-hunter for everyone to see. The Register reports: “According to this post by @avicoder (Vjex at GitHub), Vine’s source code was for a while available on what was supposed to be a private Docker registry. While docker.vineapp.com, hosted at Amazon, wasn’t meant to be available, @avicoder found he was able to download images with a simple pull request. After that it’s all too easy: the docker pull https://docker.vineapp.com:443/library/vinewww request loaded the code, and he could then open the Docker image and run it. ‘I was able to see the entire source code of Vine, its API keys and third party keys and secrets. Even running the image without any parameter, [it] was letting me host a replica of Vine locally.’ The code included ‘API keys, third party keys and secrets, ‘ he writes. Twitter’s bounty program paid out — $10, 080 — and the problem was fixed in March (within five minutes of him demonstrating the issue).” Read more of this story at Slashdot. 
An anonymous reader writes: Github’s transparency report for 2015 shows that the site received many DMCA notices that removed more than 8, 200 projects. “In 2015, we received significantly more takedown notices, and took down significantly more content, than we did in 2014, ” Github reports. For comparison, the company received only 258 DMCA notices in 2014, 17 of which responded with a counter-notice or retraction. In 2015, they received 505 takedown notices, 62 of which were the subject of counters or withdrawals. TorrentFreak reports: “Copyright holders are not limited to reporting one URL or location per DMCA notice. In fact, each notice filed can target tens, hundreds, or even thousands of allegedly infringing locations.” September was a particularly active month as it took down nearly 5, 834 projects. “Usually, the DMCA reports we receive are from people or organizations reporting a single potentially infringing repository. However, every now and then we receive a single notice asking us to take down many repositories, ” Github explains. They are called ‘Mass Removals’ when more than 100 repositories are asked to be removed. “In all, fewer than twenty individual notice senders requested removal of over 90% of the content GitHub took down in 2015.” Read more of this story at Slashdot.