Woo Themes has alerted their customers that credit cards used to purchase a WooTheme product from WooThemes.com between 11/27/13 and 5/8/14 have been compromised. n an email sent out today, Woo Themes advised that “sophisticated criminal hackers had intercepted some credit card details between checkout and our off site credit card processor.”

More than 4 Million SnapChat phone numbers, locations, and passwords have been stolen and leaked and made public. The database was put up on a site, SnapChatDB.info, where anybody could download the file. And while the site has been taken down, people who grabbed that file are already putting it to use.

Mere days after Apple released the iPhone 5s, with its new “Touch ID” fingerprint identity sensor scanner, the Chaos Computer Club announced that it had “successfully bypassed the biometric security of Apple’s TouchID using easy everyday means”. But does this mean the fingerprint recognition technology is useless? We say not.

Palestinian security researcher Khalil Shreateh tried to warn Facebook – he really did. He did everything that he could think of to alert Facebook’s security and engineering folks to the fact that he had discovered a security flaw that allowed anyone to post to anybody else’s timeline, whether they were connected as friends or not. But they didn’t take him seriously (in fact they told him that it was not a security bug). So after all else failed, he posted a note on Mark Zuckerberg’s wall. And that did the trick.

A hacker, who goes by the name “Guccifer”, has hacked the email accounts of former president George W. Bush, as well as the accounts of his family and friends, and has taken to posting his findings online, including private photos, emails and private home addresses. Guccifer told The Smoking Gun, who broke the story, that he isn’t worried about the feds coming after him because they have actually been investigating him for awhile and this latest stunt is “just another chapter in the game.”

As many as 250,000 Twitter accounts have been hacked and compromised, according to Twitter. According to Twitter, the attack “was not the work of amateurs,” in fact, says Twitter, “the attackers were extremely sophisticated.” Twitter users whose accounts were compromised in the attack have been sent the following email, advising them to change their password.

Iconic online community Criagslist is down, as of today, December 23, 2012. While some may think that Craigslist itself was hacked, our research suggests that there is a DNS issue. Regardless, many people can’t reach Craigslist right now.

While Dropbox file-sharing service is intended to be a mostly consumer-based product, many companies use it as a means to share files between employees. The problem with using cloud-based services, such as Dropbox, for business purposes is that businesses don’t have proper controls over the data stored in the cloud. This was driven home this week when Dropbox announced that an employee’s password was stolen and the hackers made off with some sensitive information, including user email addresses which led to the spamming of Dropbox’s European user-base.

Here’s the skinny: LinkedIn experienced a password breach today – 6.5 million passwords were leaked. Now, according to reports, LinkedIn has 160 million users, so that’s not even 5% of the total number of LinkedIn passwords that could have been compromised, but its certainly enough that you should go to LinkedIn right now and change your password. Here’s how.

The Federal Trade Commission (FTC) has fined game developer RockYou.com $250,000 for, among other things, failing to adequately secure their customers’ user data. While the FTC slammed Rock You for COPPA (the Children’s Online Privacy Protection Act rule) violations, in part because RockYou collected information from children under the age of 13 without parental consent, the Feds made a point of noting that “the company’s security failures put users’ including children’s personal information at risk” while at the same time claiming that they had adequate security measures in place. Adequate security measures our foot! They stored their user data in plain – i.e. unencrypted – text! The FTC settlement and fine follows a 2 year investigation into the hacking of RockYou servers in 2009 which exposed the date of 32 million users.

A massive data breach at Amazon subsidiary Zappos.com has led to the personal information of as many as 24 million customers being exposed. Below is all of the information, as well as the statement from Zappos CEO, Tony Hsieh.

Twitter is aflame with calls for boycotts of Rupert Murdoch, his ‘News of the World’, ‘News of the World’s’ parent company, ‘News International’, and other Murdoch holdings, as the investigation of News of the World’s using a private detective, Glenn Mulcaire, to hack into the telephone voicemail of several young girls who had been murdered in the U.K. in 2002, and that of their families, moves into Parliament. The families of Milly Dowler, Holly Wells, and Jessica Chapman have all been informed by police that each of their telephone voicemail accounts may have been hacked, each within days of each girl’s disappearance, and each by Mulcaire, trying to get a scoop for News of the World. Among other things, Mulcaire is alleged to have hacked into Milly Dowler’s voicemail on her mobile phone, and deleted some messages, which caused Milly’s family to continue to hope that she might be found alive when she had already been murdered, and which interfered with the police investigation. Calls for Rebekah Brooks, head of News International, and a personal friend of British Prime Minister David Cameron, to step down are escalating, putting the Prime Minister in an awkward position, particularly as his Communications Director, Andy Coulson, also formerly of News of the World, has already been forced to resign his position with the Prime Minister.

A Magistrate has recommended to the Federal court in Maine that a bank (in this case Ocean Bank of Maine) has no liability, even though it allowed hackers to remove more than $500,000 from one of the bank’s customers accounts. The customer, Patco Construction, had been the victim of the Zeus trojan, which steals passwords once surreptitiously installed on a victim’s computer.

Lots of you are asking lots of questions about the Sony PlayStation Network (“How was the Sony Play Station Network taken down?”, “Who hacked the the Sony PlayStation Network?”, “Is it true that it was done with rooted Sony PSP handhelds?”, and, perhaps most importantly, “Is the Sony PSN secure now?” To bring you up-to-date, if you are scratching your head right now, first, the Sony PlayStation Network (referred to in shorthand as the “PSN”) was taken down last month in a concerted cyber attack which, at first Sony claimed was down due to “maintenance” but, eventually, they admitted that a hacking attack had taken them down. The hacker or hackers also caused Sony’s Qriocity services to go down. Oh, and wait – it also extended to the Sony Online Entertainment network. In short, if you have ever completed any transaction online with Sony, you need to treat your identity and credit card information as compromised.

If you received a notice from one or another company with whom you do business or have done business in the past, saying that your email address has been compromised due to a data security breach at email service provider (ESP) Epsilon (due to their customers’ email lists being hacked and stolen), you’re not alone. Oh, you are so not alone. Banks, large merchants, and others, have all had their entire list of customers’ email addresses swiped and leaked due to the Epsilon data breach. Chase Bank, Citi Bank, Best Buy, Krogers – even Disney, have all been affected – as have their customers. Of course, lots of people receiving these notices will assume that they are phishing attempts (and there will undoubtedly be phishing attempts riding on the coat tails of this fiasco). Here is the complete list as we know it today – if you have received a notice saying that your email address has been compromised, please add the name of the company involved to the list here.