The Award Winning Place for Plain English Explanations of Internet Stuff
Last year (in fact almost a year ago exactly) we told you about the U.S. Post Office’s new ‘Informed Delivery’ service. For those of you not familiar with the USPS Informed Delivery service, well, count your blessings. Because the postal service has experienced a serious breach, making the personal information of all 60 million plus Informed Delivery vulnerable.
Countless Amazon customers woke up this morning to an email from Amazon telling them that “our website inadvertently disclosed your name and email address due to a technical error.” And, in fact, that’s just about all the email said, other than “the issue has been fixed” and that there is no need for the customer to take any action.
If you were required to re-enter your password in order to log in to Facebook today (28 September 2018), there’s a good reason: Facebook this morning revealed that it had suffered a massive breach, compromising as many as 50 million user accounts.
Reddit experienced a “security incident” in June, which they announced by email this month (August, 2018). While an email to Reddit users says that the hack affected “account credentials from 2007”, the full story paints a substantially broader picture.
Oh, the irony! Identity theft protection service LifeLock has exposed millions of their customers’ email addresses. And according to Krebs on Security, the exploitable vulnerability was so basic that it seems “that whoever put it together lacked a basic understanding of Web site authentication and security”!
In a hack that the New York Times is calling “one of the largest known breaches of a retailer”, Saks 5th Avenue and Lord and Taylor have had the credit card and debit card information of millions of customers compromised by an ongoing hack that lasted for months before it was terminated a few weeks ago.
Last week we started hearing about the Equifax data breach, although Equifax had actually known about the data breach at least a month earlier. (The full text of the Equifax statement about the cybersecurity data breach is reprinted below.) The most stunning thing about this breach is the breadth of it: the Personally Identifiable Information (PII), including names, social security numbers, and driver’s license numbers of 143 million U.S. citizens were exposed in this breach. Here is what you need to do, right now, to protect yourself.
Yahoo today released a statement indicating that a data breach that occurred in 2014 may be the most massive breach yet. Moreover, Yahoo is claiming that they believe that the 2014 breach was “state-sponsored”.
The BBC is reporting that there seems to have been a massive data breach of 200 million Yahoo accounts, with the data – which appears to be from 2012 – being offered for sale for 3 bitcoins ($1805 USD).
Experian, that keeper of your credit information and reputation, has been hacked, and the hackers got away with the personally identifiable information (PII) of 15 million T-Mobile customers and applicants.
Here’s the skinny: LinkedIn experienced a password breach today – 6.5 million passwords were leaked. Now, according to reports, LinkedIn has 160 million users, so that’s not even 5% of the total number of LinkedIn passwords that could have been compromised, but its certainly enough that you should go to LinkedIn right now and change your password. Here’s how.
If you received a notice from one or another company with whom you do business or have done business in the past, saying that your email address has been compromised due to a data security breach at email service provider (ESP) Epsilon (due to their customers’ email lists being hacked and stolen), you’re not alone. Oh, you are so not alone. Banks, large merchants, and others, have all had their entire list of customers’ email addresses swiped and leaked due to the Epsilon data breach. Chase Bank, Citi Bank, Best Buy, Krogers – even Disney, have all been affected – as have their customers. Of course, lots of people receiving these notices will assume that they are phishing attempts (and there will undoubtedly be phishing attempts riding on the coat tails of this fiasco). Here is the complete list as we know it today – if you have received a notice saying that your email address has been compromised, please add the name of the company involved to the list here.
If you have ever had an account – even just to leave comments to articles and posts – on Gizmodo, Lifehacker, Gawker, Jezebel, io9, Kotaku, Deadspin, Fleshbot or Jalopnik, then you are in for a nasty surprise. Odds are good that your account has been compromised, and your user name and password posted on the Internet, as the result of security breach of Gawker Media’s servers that happened over the weekend. Gawker media does get points for alerting all of their users as soon as they discovered the breach (about 10 minutes ago as of the time of this posting on 6:20 p.m. PST on Monday, December 13th, 2010).