Tag: small-fraction

Equifax breach may have exposed more data than first thought

The 2017 Equifax data breach was already extremely serious by itself, but there are hints it was somehow worse. CNN has learned that Equifax told the US Senate Banking Committee that more data may have been exposed than initially determined. The hack may have compromised more driver’s license info, such as the issuing data and host state, as well as tax IDs. In theory, it would be that much easier for intruders to commit fraud. The breach compromised about 145.5 million people, although their level of exposure varied wildly. About 10.9 million Americans’ driver’s licenses were embroiled in the hack, and just a small fraction of the exposed UK licenses (just under 700, 000) had enough info to jeopardize the victims’ privacy. Equifax stressed to CNN that the initial list of exposed data was never meant to be the final, definitive account of the scope of the problem. And that’s not unheard of — companies frequently deliver rough assessments of the damage in the immediate aftermath and refine the numbers as they learn more. However, that explanation might not be enough for officials. Senators are already clamoring for a thorough investigation , and want to know the full extent of what happened. This update gives them more of what they want, but it also raises the question of why the company is still determining the scope of the breach nearly half a year after it was made public. Source: CNN Money

More:
Equifax breach may have exposed more data than first thought

HipChat resets all passwords after hackers break in

Today, Hipchat alerted its users that someone broke into one of its servers through a vulnerability in a third-party library. The chat service saw no evidence that other Atlassian systems or products like Jira or Trello were affected, but they’re forcing every user to reset their HipChat-connected account password as a precaution. According to the service’s blog post , the attacker might have gotten access to user information (including name, email and hashed password) of anyone using HipChat.com. There’s been no sign that over 99 percent of users’ messages or room content was compromised, though the attacker could have accessed that portion’s metadata. A small fraction (.05 percent) of instances might have been wide open to the hacker, who would have been able to see correspondence and content. Fortunately, no evidence has suggested that the attacker has accessed anyone’s financial or credit card information. “While HipChat Server uses the same third-party library, it is typically deployed in a way that minimizes the risk of this type of attack, ” the blog post said, but the service will roll a security update out for Hipchat Server just to be sure. Source: HipChat

View article:
HipChat resets all passwords after hackers break in