Archive for the ‘data breach’ Category
A federal judge in San Jose, California, has rejected a proposed settlement that would put an end to the years-long lawsuit over the company’s 2016 disclosure that it had been hit by nation-state hackers that exposed hundreds of millions of accounts.
US District Judge Lucy Koh, who has presided over many tech-related cases, including the Apple v. Samsung trial, lambasted Yahoo for its lack of transparency over how it has handled the aftermath of the breach.
"Yahoo has not committed to any specific increases in budget for data security and has made only vague commitments as to specific business practices to improve data security," she wrote. "Yahoo’s history of nondisclosure and lack of transparency related to the data breaches are egregious. Unfortunately, the settlement agreement, proposed notice, motion for preliminary approval, and public and sealed supplemental filings continue this pattern of lack of transparency."
A Thursday BBC report takes a look at the state of Epic Games' mega-popular game Fortnite through the eyes of a particular audience: its black market of account thieves. After speaking with "about 20" perpetrators, reporter Joe Tidy put together a report that breaks down what's being stolen and resold, how it's happening, and what the game's players can do to shore up their own accounts.
The resulting story shouldn't surprise anyone in the infosec world, and it doesn't expose any apparent data leaks on the part of Epic. But it's a reminder that a few modern trends have come together in convenient fashion, ready for any enterprising script kiddie to tap into, and that users should know how a mountain of years-old data leaks can come back to haunt them.
Off-the-shelf, off your old passwords
The report begins with a teenaged Fortnite fan speaking to the BBC via webcam with his identity hidden. He got into the Fortnite-theft game inadvertently, he claims, by starting as a victim. The bad news began when he received email alerts from Epic Games—one saying his account's email address had been changed, and another saying that two-factor authentication (2FA) had been turned on (and attached to a phone number that wasn't his). His original account was totally lost as a result, the teen alleged.
Brace yourself for yet another massive data breach. Quora.com, a site where people ask and answer questions on a range of topics, said hackers breached its computer network and accessed a variety of potentially sensitive personal data for about 100 million users.
Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests and downvotes. The breached data also included public content and actions, such as questions, answers, comments, and upvotes. In a post published late Monday afternoon, Quora officials said they discovered the unauthorized access on Friday. They have since hired a digital forensics and security firm to investigate and have also reported the breach to law enforcement officials.
“It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility,” Quora CEO Adam D’Angelo wrote in Monday’s post. “We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again.”